Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect.. Again


  • This topic is locked This topic is locked
12 replies to this topic

#1 wing43

wing43

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 18 May 2011 - 06:30 PM

Getting Google Redirects like last time but on my laptop this time D:
I recently removed the vista antivirus 2011 malware and it appears it left this bugger behind.



.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jason at 18:08:59.24 on Wed 05/18/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1240 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Jason\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Trillian\trillian.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Jason\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mint.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program

files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program

files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common

files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14

\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program

files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6

\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft

visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program

files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\jason\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk -

c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} -

hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft

shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo

gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jason\appdata\roaming\mozilla\firefox\profiles\yeq45wer.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\jason\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\users\jason\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jason\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2010-6-2 20352]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl7db79128;MpKsl7db79128;c:\programdata\microsoft\microsoft antimalware\definition updates\{77f90396-a969-

47f9-a60a-ffb4481d4b30}\MpKsl7db79128.sys [2011-5-18 28752]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization

handler\CVHSVC.EXE [2010-2-28 821664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1

-20 21504]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization

client\sftlist.exe [2010-4-24 483688]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-13 7168]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11

-11 206360]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization

client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-3 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-3 136176]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2010-6-2 937984]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft

shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance

tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100

\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql

server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-9-17 370008]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-

22 51040]
.
=============== Created Last 30 ================
.
2011-05-18 17:34:43 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition

updates\{77f90396-a969-47f9-a60a-ffb4481d4b30}\MpKsl7db79128.sys
2011-05-18 17:34:42 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition

updates\backup\mpengine.dll
2011-05-18 17:34:25 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition

updates\{77f90396-a969-47f9-a60a-ffb4481d4b30}\mpengine.dll
2011-05-18 16:48:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 17:17:22 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition

updates\{6a3e582c-353c-4b2e-82eb-2562e33e9840}\gapaengine.dll
2011-05-15 17:08:07 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-14 19:15:12 0 ----a-w- c:\users\jason\appdata\local\Jyisofeginuk.bin
2011-05-14 19:15:09 -------- d-----w- c:\users\jason\appdata\local\{93540ACE-FA79-4235-8F22-

C4A0FDB687F1}
2011-05-14 19:13:00 -------- d-----w- c:\progra~2\pK06509KgAkM06509
2011-05-11 17:47:48 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-10 18:45:37 -------- d-----w- c:\users\jason\appdata\roaming\Trillian
2011-05-10 04:15:58 -------- d-----w- c:\users\jason\appdata\local\splash damage
2011-05-07 18:27:40 -------- d-----w- c:\windows\system32\drivers\umdf\pt-BR
2011-05-07 18:27:29 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT
2011-05-07 18:27:17 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
2011-05-07 18:27:12 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
2011-05-07 18:27:07 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
2011-05-07 18:27:02 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
2011-05-07 18:26:56 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
2011-05-07 18:25:58 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
2011-05-07 18:23:21 1547776 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-05-03 17:51:33 -------- d-----w- c:\program files\Conduit
2011-05-03 17:51:30 -------- d-----w- c:\program files\ConduitEngine
2011-05-03 17:51:26 -------- d-----w- c:\program files\uTorrentBar
2011-05-03 17:51:15 -------- d-----w- c:\program files\uTorrent
2011-05-03 17:50:48 -------- d-----w- c:\users\jason\appdata\roaming\uTorrent
2011-04-28 13:15:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 13:15:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 13:15:38 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-24 20:03:50 -------- d-----w- c:\program files\WinDirStat
2011-04-21 13:11:52 72536 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
2011-04-21 13:11:51 89944 ----a-w- c:\windows\system32\SQSRVRES.DLL
.
==================== Find3M ====================
.
2011-04-09 22:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 22:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 20:42:55 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-18 20:42:55 114688 ----a-w- c:\windows\system32\OpenAL32.dll
.
============= FINISH: 18:10:42.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 AM

Posted 23 May 2011 - 04:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 26 May 2011 - 09:00 PM

New logs

Attached Files



#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:41 PM

Posted 27 May 2011 - 10:12 AM

Hello wing43 and welcome to BC. :)


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 27 May 2011 - 11:26 AM

OTL logfile created on: 5/27/2011 12:21:44 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Jason\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 54.50% Memory free
5.95 Gb Paging File | 4.66 Gb Available in Paging File | 78.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 47.97 Gb Free Space | 25.95% Space Free | Partition Type: NTFS

Computer Name: JASON-LAPTOP | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/27 12:21:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Downloads\OTL(1).exe
PRC - [2011/05/03 15:36:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/26 15:06:06 | 000,161,336 | ---- | M] (Google) -- C:\Users\Jason\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 20:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/01/09 18:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 17:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/27 12:21:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Downloads\OTL(1).exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/05/18 14:21:50 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/01/10 14:37:17 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/30 03:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/05/27 12:16:29 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7AAC7-D5C8-422F-9B71-DD06D658741E}\MpKsldf59b9a4.sys -- (MpKsldf59b9a4)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/08 16:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/04/24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010/01/12 06:42:22 | 000,241,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/12/08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/21 18:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/12/17 14:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/08/31 20:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/07/28 01:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/03/22 02:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 18:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 20:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 18:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/30 13:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/23 20:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mint.com/
IE - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {65e41d20-f092-41b7-bb83-c6e8a9ab0f57}:0.9.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.26.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.70
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{93540ACE-FA79-4235-8F22-C4A0FDB687F1}: C:\Users\Jason\AppData\Local\{93540ACE-FA79-4235-8F22-C4A0FDB687F1}\ [2011/05/14 15:15:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 15:36:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/22 09:59:30 | 000,000,000 | ---D | M]

[2010/11/18 09:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2011/05/24 14:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yeq45wer.default\extensions
[2010/12/10 09:39:35 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yeq45wer.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/11/20 10:16:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yeq45wer.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/15 17:55:16 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yeq45wer.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/04/17 22:36:05 | 000,002,565 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yeq45wer.default\searchplugins\amazon-search-suggestions.xml
[2011/03/22 09:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/19 17:09:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/08 16:52:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 12:33:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/29 08:23:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 16:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/14 15:15:10 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JASON\APPDATA\LOCAL\{93540ACE-FA79-4235-8F22-C4A0FDB687F1}
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YEQ45WER.DEFAULT\EXTENSIONS\{65E41D20-F092-41B7-BB83-C6E8A9AB0F57}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YEQ45WER.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YEQ45WER.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YEQ45WER.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YEQ45WER.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YEQ45WER.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YEQ45WER.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YEQ45WER.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/05/03 15:36:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\..\Toolbar\WebBrowser: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000..\Run: [TOSCDSPD] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3060899649-2840256674-1490275649-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.242.0.12 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Jason\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jason\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c111450-af9c-11df-9366-00059a3c7800}\Shell\AutoRun\command - "" = F:\wubi.exe --cdmenu
O33 - MountPoints2\{1c111455-af9c-11df-9366-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{1c111455-af9c-11df-9366-00059a3c7800}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{3f57da6f-c253-11df-8acc-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{3f57da6f-c253-11df-8acc-00059a3c7800}\Shell\AutoRun\command - "" = F:\autoplay.exe
O33 - MountPoints2\{7d1e7043-c7d5-11df-81b9-001e334dc9bd}\Shell\AutoRun\command - "" = G:\Installer.exe
O33 - MountPoints2\{8f068b60-f9a3-11df-9630-001e334dc9bd}\Shell - "" = AutoRun
O33 - MountPoints2\{8f068b60-f9a3-11df-9630-001e334dc9bd}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 17:39:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\new logs
[2011/05/26 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\com.amazon.music.uploader
[2011/05/26 17:28:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Amazon MP3 Uploader
[2011/05/26 17:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/05/26 17:23:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Amazon
[2011/05/26 17:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/05/26 17:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011/05/19 12:40:32 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/05/18 12:48:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/15 13:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/14 15:15:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{93540ACE-FA79-4235-8F22-C4A0FDB687F1}
[2011/05/14 15:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\pK06509KgAkM06509
[2011/05/10 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Trillian
[2011/05/10 14:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian
[2011/05/10 00:15:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\splash damage
[2011/05/07 14:26:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Media Player Classic
[2011/05/07 14:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
[2011/05/07 14:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
[2011/05/07 14:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2011/05/07 14:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2011/05/07 14:23:21 | 001,547,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/05/06 15:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/05/03 13:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/05/03 13:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/05/03 13:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/05/03 13:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/05/03 13:50:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\uTorrent
[2011/04/28 09:15:42 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/28 09:15:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/28 09:15:38 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

========== Files - Modified Within 30 Days ==========

[2011/05/27 12:23:18 | 000,711,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/27 12:23:18 | 000,145,210 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/27 12:16:46 | 000,002,525 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2011/05/27 12:16:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/27 12:16:27 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/27 12:16:26 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/27 12:16:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/27 12:16:15 | 3082,473,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/26 21:35:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060899649-2840256674-1490275649-1000UA.job
[2011/05/26 21:31:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 17:22:06 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/05/22 14:12:29 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060899649-2840256674-1490275649-1000Core.job
[2011/05/22 13:59:23 | 000,001,356 | ---- | M] () -- C:\Users\Jason\AppData\Local\d3d9caps.dat
[2011/05/18 12:48:49 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/16 15:01:54 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011/05/15 13:08:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/14 15:37:56 | 000,008,694 | -HS- | M] () -- C:\ProgramData\q0hrb27u7g38cssopr
[2011/05/14 15:37:55 | 000,008,694 | -HS- | M] () -- C:\Users\Jason\AppData\Local\q0hrb27u7g38cssopr
[2011/05/14 15:34:04 | 001,006,778 | ---- | M] () -- C:\Users\Jason\Desktop\iExplore.exe
[2011/05/14 15:33:14 | 000,001,134 | ---- | M] () -- C:\Users\Jason\Desktop\FixNCR.reg
[2011/05/14 15:15:12 | 000,000,120 | ---- | M] () -- C:\Users\Jason\AppData\Local\Mzezexetedab.dat
[2011/05/14 15:15:12 | 000,000,000 | ---- | M] () -- C:\Users\Jason\AppData\Local\Jyisofeginuk.bin
[2011/05/14 15:12:24 | 000,000,000 | ---- | M] () -- C:\Users\Jason\2gweorjqjutp92vjy9gake
[2011/05/07 16:59:38 | 000,099,840 | ---- | M] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 14:25:03 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk

========== Files Created - No Company Name ==========

[2011/05/26 17:27:53 | 000,001,056 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon MP3 Uploader.lnk
[2011/05/26 17:22:06 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/05/16 15:01:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/05/15 13:08:11 | 000,001,779 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/14 17:03:09 | 3082,473,472 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/14 15:39:29 | 001,006,778 | ---- | C] () -- C:\Users\Jason\Desktop\iExplore.exe
[2011/05/14 15:39:29 | 000,001,134 | ---- | C] () -- C:\Users\Jason\Desktop\FixNCR.reg
[2011/05/14 15:15:12 | 000,000,120 | ---- | C] () -- C:\Users\Jason\AppData\Local\Mzezexetedab.dat
[2011/05/14 15:15:12 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Local\Jyisofeginuk.bin
[2011/05/14 15:14:07 | 000,008,694 | -HS- | C] () -- C:\Users\Jason\AppData\Local\q0hrb27u7g38cssopr
[2011/05/14 15:14:07 | 000,008,694 | -HS- | C] () -- C:\ProgramData\q0hrb27u7g38cssopr
[2011/05/14 15:12:24 | 000,000,000 | ---- | C] () -- C:\Users\Jason\2gweorjqjutp92vjy9gake
[2011/05/10 14:45:37 | 000,000,889 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
[2011/05/07 14:25:03 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2011/04/12 01:05:17 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/24 08:24:08 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/08/24 08:24:05 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/08/24 08:24:05 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/22 15:33:23 | 000,001,356 | ---- | C] () -- C:\Users\Jason\AppData\Local\d3d9caps.dat
[2010/06/12 02:01:54 | 000,099,840 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 19:20:08 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/04 14:09:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/06/04 14:09:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/06/03 11:36:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/06/02 23:18:43 | 000,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2010/06/02 23:18:41 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2010/06/02 02:48:08 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2010/06/02 02:48:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2010/06/02 02:48:08 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2010/06/02 02:48:08 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2010/06/02 02:34:59 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2010/06/02 02:34:59 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010/06/02 02:34:59 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/02/13 02:34:21 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/13 01:38:47 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/13 01:35:26 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
[2008/02/13 01:35:26 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
[2008/02/13 01:35:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/02/13 01:35:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/02/13 01:35:26 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/02/13 01:35:26 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/02/13 01:12:13 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/12/21 20:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,440,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,711,708 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,145,210 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 01:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >


OTL Extras logfile created on: 5/27/2011 12:21:44 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Jason\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 54.50% Memory free
5.95 Gb Paging File | 4.66 Gb Available in Paging File | 78.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 47.97 Gb Free Space | 25.95% Space Free | Partition Type: NTFS

Computer Name: JASON-LAPTOP | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3060899649-2840256674-1490275649-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DB039B-7378-45C2-B2ED-60366DB0733A}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{01032E71-6BF7-483D-B6C0-51856AC638F3}" = lport=445 | protocol=6 | dir=in | app=system |
"{01B8B5AB-8FD2-482C-9056-10AB2F8F817C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1252C863-3E8E-4C8D-B946-3E283C439280}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{12696A17-619E-46B5-BB41-A5587813FA6C}" = lport=2677 | protocol=6 | dir=in | name=akamai netsession interface |
"{1A47EA24-B87C-4C1B-B4C7-0EFA462570A3}" = lport=1035 | protocol=6 | dir=in | name=akamai netsession interface |
"{1BF1963B-7687-48DE-BCD9-5702307CC050}" = lport=2869 | protocol=6 | dir=in | app=system |
"{20C7B490-1365-40FC-BA30-F639C3CB839F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{21240605-EAB0-4FBD-8F9A-AB024DDC107B}" = rport=137 | protocol=17 | dir=out | app=system |
"{302D01C3-A637-4326-9A12-3C141AA1A149}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{3137929C-8C6D-4E7E-A178-775D696784F2}" = rport=138 | protocol=17 | dir=out | app=system |
"{3183F721-BD77-422E-A565-EEDE9089AE7A}" = rport=445 | protocol=6 | dir=out | app=system |
"{4721CCB2-C8D9-4FDD-AB0E-64F69A9A534C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4D1D453F-01C7-4D44-86EF-BDF2092F8C36}" = lport=138 | protocol=17 | dir=in | app=system |
"{4F7E66D1-674E-469A-A5AE-29AD20115172}" = rport=10243 | protocol=6 | dir=out | app=system |
"{504A13DE-A8C2-401C-9EA1-3979CBB75D08}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{54F63F13-9192-48F8-9D2C-98D82342A798}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6856C60A-95D7-49EA-8A85-100D400A3653}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6898DBD3-E749-48AC-915A-892975EE2393}" = lport=137 | protocol=17 | dir=in | app=system |
"{69841476-88C5-4FEE-B851-DF842D193038}" = lport=6969 | protocol=6 | dir=in | name=league of legends launcher |
"{7734A771-FD39-404D-93DD-0361811FB9D7}" = lport=6969 | protocol=17 | dir=in | name=league of legends launcher |
"{7BC2F984-A089-4E8D-B478-C73C5F0731F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8206FEC1-71BC-4AA0-A802-6C7754DF57AD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{8B3EBDAE-EFAF-420C-AD3D-2E4659CE3049}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{8F779DAE-09DA-4320-8063-66F68542BF3B}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{A535A53E-5B85-460A-8975-C8185EA47A58}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{AE2A54B8-F73E-461C-8904-E2BB21027AB5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B94BB606-8C0A-4F51-83E6-09CEEBDB1806}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{C710F316-E9FD-484E-9555-9B3C96F5ADDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CDC1D88F-DDBB-4DEB-A95C-F99B0FB36300}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{E08BDE98-2347-4377-8FE1-CE6D7841040F}" = lport=139 | protocol=6 | dir=in | app=system |
"{EA4A48A9-CCC6-4D63-8D52-CC7F545AC132}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1671D9E-ACF9-4521-AF7B-F99690400EA5}" = lport=2876 | protocol=6 | dir=in | name=akamai netsession interface |
"{F2D59108-E745-4187-8D7D-698BBB156376}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F309594C-FE4E-4EF2-B576-FCD461A9F789}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{F640EAC7-FFA7-44F7-8AC1-8527B6F716A8}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0047BC5B-74FB-415A-92A4-4BEAEF29CBD5}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0291E764-BA15-4AA9-89E7-E0CAB9030F57}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{02D6A33A-386A-46DA-92CA-D1E724876F55}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\brothers in arms road to hill 30\system\bia.exe |
"{02F91C46-3B76-4083-A30F-4A4A980A17BB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rush\rush.exe |
"{0391AECE-24BA-4BE1-A452-57DD93547045}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{048F19AD-4461-42CD-B1C0-7139A8BB53C0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{05C2E9D6-D438-4F49-B4CB-2423608AE475}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{0C70050B-44D6-429B-B41A-0526F7E16B23}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the second encounter\bin\seriouseditor.exe |
"{0C8CBA05-8FE0-4EB7-AE7C-3B501EB702D3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe |
"{0D2DBB61-D25B-45B1-B935-FF05FF22E103}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F31E5C2-D15A-4A75-B34F-D550E9763748}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{0FFD5C75-0FFB-4E2C-9B63-57BD368EF8E0}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{10297A6C-9695-4783-9839-7A764D86BE72}" = dir=in | app=c:\program files\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe |
"{10E78EE0-E4CC-4591-ACBF-7137C78E037C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11DBFC5D-6B5D-49BF-BD52-DC6494D9F695}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\multiwinia\multiwinia.exe |
"{1218C739-0768-45DA-BD30-8536905EB5F0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{1241BDD0-7B0B-47B0-A85D-8DFAE2A856AC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commandos beyond the call of duty\tutorial.exe |
"{14B6CDFB-4C90-4E04-AA2A-C9144F006B6B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{185368AD-ADCF-4FF4-AD6D-67A4E723BDC6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\uplink\uplink.exe |
"{1AEB2006-193B-4627-ABCD-652917503ED2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{1C5A1B2A-E00A-43F6-991B-622ED0C56D38}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{1C932AA4-DF11-4261-81EC-78614F704B6A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{1E797793-FC35-48A7-A5EF-0FA3ABCFD83E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{1EFD47A9-B6BF-4628-B1B0-A405AF57F483}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe |
"{21250777-E618-4694-BA32-DE56FDB2A808}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{246C2B65-EA35-47CD-BBC7-C0A796D0FCB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{26B007A7-EAD3-43F5-AB27-926FE5FF550D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{27B80618-311B-4BBB-B031-9E62EA088E56}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{29675970-7F93-4B6D-BD61-6C88808698F4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{2B8AADAA-BCD8-486D-A338-3E6E9AAC0621}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\darwinia\darwinia.exe |
"{2C2352B3-D59E-4FE8-A438-2B03132E54EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2CAB2947-665C-463C-AB93-55F99F106FBD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{2D2ECFB1-513F-424A-BD78-D27E0E21CD59}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{2E471176-D336-4F3B-925A-718A783FE3DD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\kfed.exe |
"{2F317370-5AB8-48EA-9EAD-6B5CE080CF92}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\jedi knight mysteries of the sith\jkm.exe |
"{3192C60B-B409-4B89-87DA-45CE6EBFF94D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rush\rush.exe |
"{31C2B8AA-D6D0-414E-BDCF-A9B6B572D410}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commandos 3 destination berlin\commandos3.exe |
"{3255C4A4-A536-494B-B9F4-5417D99FAE9B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
"{34E637F6-AB9C-472A-9BB1-259D4DB57E9B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{37CB121C-54CD-4EDE-A621-EFB9F515A1F3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{3857F4B4-BAE6-435A-A78A-889347B36934}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\brothers in arms earned in blood\system\eib.exe |
"{392DEF14-AF04-4F91-99C6-D6D94EA5C3AE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe |
"{396398D2-8330-4EDB-BCCB-ACF7B96E1FFA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{3B4EAB84-3B5D-4E10-9FB4-276E56DB2462}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\monkey2\monkey2.exe |
"{3C6456BD-4D8F-4644-AAC7-5824F4AA2290}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3CBE6F3C-9177-4112-9B5C-7CFD885DFD27}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{3E283CE1-E0A4-4D84-8B2A-815507FC569D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commandos 2 men of courage\comm2.exe |
"{3E79DE9E-2F2E-4A2D-A4F0-CB8682D6922B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{44B378EB-71E0-4FB8-8D55-968525B0E41C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{4A4C3952-3AE2-4BD3-8AB1-62C4A9541309}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rush\rush.exe |
"{4ABCC67D-7D30-4E63-824F-D2B2365E2DA1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commandos 3 destination berlin\commandos3.exe |
"{4C1EB09D-555E-4C87-B77B-CB0E59232FB9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\uplink\uplink.exe |
"{4C7B2623-7886-41BF-9FC0-86843FBF3AE0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\puzzle quest\puzzle quest.exe |
"{4E0B5A08-3A91-47CF-BDDA-207CD4D025AA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\multiwinia\multiwinia.exe |
"{5178E4A5-0F03-42C3-9E1E-DBFE1C31D34F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgrounds.exe |
"{551F21C6-FA66-4CFF-9BFE-176CF0DE428D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55F499CD-6B7F-446C-964B-288AA39EC635}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{565BFEF8-6E02-45D4-BE1E-A384267AEE6C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the second encounter\bin\serioussam.exe |
"{56942EBA-A9EC-49C7-AE65-7B98B87FF739}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commandos 2 men of courage\comm2.exe |
"{56CABF35-1371-4524-8856-F35CE171C445}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{587F4DE9-C380-4D7B-8E46-506D108475A7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{5B6154F2-0B0D-4DF3-A856-69E4FF73B05F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe |
"{5B8A6321-9EFC-44EF-86DF-5B570F2D89ED}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{5D02732C-A77B-4806-AF20-3E611DA309BE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{600AEF90-B87C-4D9A-83F5-EDE7819E7B96}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commandos behind enemy lines\comandos.exe |
"{60B7C385-B9E6-4720-91D7-AC8721D3001F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{61CA9EE7-70DB-4D00-B042-3E17CC917ADE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{63AC3F9F-625E-4ECF-A313-CDD3E73422F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hydrophobia\hydropc.exe |
"{63DF3E66-F2B1-4D3C-9981-FF28F85FCF52}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\brothers in arms hells highway\binaries\biahh.exe |
"{66B113B0-27A0-437C-B296-B4E823E52E88}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\kfed.exe |
"{66E0A6B0-1C87-4265-B690-3ED6716FFF52}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rush\rush.exe |
"{679C61FA-DA0B-4B5C-BB50-14CE7E732AFF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{68A2EE01-B0FE-482A-BFBB-B205C3704F93}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\brink\brink.exe |
"{6BC475D1-AF22-4165-B733-8C0E687F1D0F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\brothers in arms hells highway\binaries\biahh.exe |
"{6BDC9DD8-FA3C-4C11-84F0-41729739F844}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6C9CD1C4-3504-47F8-8DE6-698F965447EA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\jedi knight mysteries of the sith\jkm.exe |
"{6D5B203E-1F4C-48B8-8DC4-8599BC05CF76}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{70086FB7-55E9-4B20-8DF4-632FDFE877CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{71899018-0880-44D1-AE3D-1FE22F3A5CDC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\kfed.exe |
"{71D4B9A1-CBB8-41BD-9D85-8D12E2C9642C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{7547F559-2133-4A16-A696-FCE6F7FD3593}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\chime\chime.exe |
"{7574BB0F-5D69-4D2B-9848-BE539B9B5649}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\machinarium\machinarium.exe |
"{76B81701-6A02-4D65-BD45-FFB03FED1B98}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commandos 3 destination berlin\readme.rtf |
"{7737F10A-D8D2-4576-8060-3616FDAEAF4D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\brothers in arms earned in blood\system\eib.exe |
"{7766FE0A-2929-4856-96CF-8560AB67D093}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgroundslauncher.exe |
"{790426BF-CAB2-41CF-9D12-CCA6F7AF5DC8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commandos beyond the call of duty\tutorial.exe |
"{795D7726-2F34-4AE6-8E38-13D633F657FE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{79FE2A8D-140A-46D1-8F54-858575FD2B73}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7CD82201-3241-4D57-AD7D-330AEBE81085}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hydrophobia\hydropc.exe |
"{8033AFD3-1C76-4438-A006-F43446A533AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8252BB40-D7F3-4508-9C69-F1D08D00AE6B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the second encounter\bin\serioussam.exe |
"{84C1CD6A-80EE-47DC-A728-3815CDE676A0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commandos behind enemy lines\comandos.exe |
"{84CF4396-4561-46C4-88EB-8C2D1B5D27B3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commandos behind enemy lines\readme.doc |
"{85331377-A088-478D-AFF2-759E19D364B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{853D887D-D853-4919-8661-1B910B697658}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{85E3E29D-A73E-403F-8DA7-959E02DDE049}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8867D09D-B083-4BDB-8021-BC456C60F936}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\brothers in arms road to hill 30\system\bia.exe |
"{8A948308-EA2A-4925-8FEB-10965FADAA1C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8B225052-D679-43A0-8451-0533DED0E3FB}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v4.0\bin\xnaliveproxy.exe |
"{8BADF005-946C-483A-934D-6593651EAF7F}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8C014B7E-6745-40D3-A4F5-D7E246F35F3A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8D17D82B-CACB-4535-811B-9936EA4A5AFA}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8D3EA892-C767-4C3F-B746-DB439DAF7940}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{8E6DAD69-5B7B-41FB-9047-BEB1E90E2676}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{92D7ABAB-6044-4405-AD8C-A3FBEAFDAFB2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commandos beyond the call of duty\coman_mp.exe |
"{961139B6-BACC-44D5-8FF0-01B2DBB956FA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{970959C7-300F-4066-8C73-1152C60C43E0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgrounds.exe |
"{99174210-08CD-48B5-85F7-B22DF4E1828F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe |
"{9C54389C-D91A-4ACC-9724-6A87591A5A5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9E2A0F51-32B3-4F95-B203-83A3EF2A34F3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{9ECC7731-9B4D-4DB2-AEAB-DEC70020DB7C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mount and blade\runme.exe |
"{A1478ECC-9F1D-4BF8-BCA9-B6BADAE7F462}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commandos 2 men of courage\readme.rtf |
"{A21FA2E0-0605-4D15-BC81-941276517692}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe |
"{A267229F-6D0D-431D-A78C-97A676865348}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A2E11D1A-D45A-4CAB-AF0E-3973B994727C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A656F76D-B307-46F0-9E3C-D17B4C7EE027}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\toki tori\tokitori.exe |
"{A7815810-39B7-4890-B2A7-2A99C20EB3CC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe |
"{AA41AAE8-4409-41D6-A0B2-B497D6AD15CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the second encounter\bin\seriouseditor.exe |
"{AE16302D-5106-4EB5-A004-C953B5058DDD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{AE37AAA6-2D46-4842-85E2-16A714C27C3E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AE83731C-7C0F-455C-A074-A8BB1DF81E27}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the second encounter\bin\seriousmodeler.exe |
"{AFAE3697-41DB-4B20-83AD-9AFD4B6F4765}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{AFF017A4-9F20-481F-9432-DB82E9A00F25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4182074-548F-4D96-B63E-423EE78BC6EB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe |
"{B451527A-E8BE-4200-8270-B8F552813453}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe |
"{B4C3E16B-CF5E-4A6C-AF3D-5857F5BCF018}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe |
"{B4C6BC8E-E046-4154-88E4-8E06D97B5B46}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\puzzle quest\puzzle quest.exe |
"{B5004082-C311-4FC9-AEB6-ECBE1AF61EA3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\machinarium\machinarium.exe |
"{B7C8EEFC-1348-46B3-891E-EC7452D5E5D8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the ball\binaries\win32\theball.exe |
"{BACACF71-363F-4D73-8FBD-31626AF58F4C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe |
"{BBE5FA4C-F2DA-4EE6-A7E5-B8AE096991B7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\max payne\maxpayne.exe |
"{BC2362C3-C829-4F29-BB2F-4818B86CB0B6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{BC57BF5B-96AA-42B0-8493-3BBF27F3B567}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mount and blade\runme.exe |
"{BD2B68B4-1D23-42E9-AA5C-D40C79F852BE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"{BE47B786-D4A0-4E4D-A119-C0A59CCD3736}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lugaru hd\lugaru.exe |
"{BEC1A461-B2D6-4027-8D79-68E9578A4994}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commandos 3 destination berlin\readme.rtf |
"{C1DD4AC6-D4B5-445D-9B0B-D8D31B873636}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\star wars jedi knight\jk.exe |
"{C43C4CCE-92D5-421E-81D6-DCD7744954F6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgroundslauncher.exe |
"{C4FAF382-D7F4-4E73-9172-66D9F898CCAF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\star wars jedi knight\jk.exe |
"{C506E8EE-3049-44B8-A029-36EF74E27C30}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe |
"{C711D944-69C7-4909-B2E8-20DB51ECEC26}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C7A5CCB9-7CD1-4CEB-A0A3-42133B6825B5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{C89C1AB9-1CC4-4620-860D-1D96F1DBCECD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\toki tori\tokitori.exe |
"{C8CBBB4D-FF60-4FB0-8E23-ADC03F2FF624}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe |
"{C972101D-F393-4866-BD78-6B04FABE9602}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{C9A544E5-801A-4E0E-9DA4-7596923594AC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CBC627C8-192A-46F4-A669-923F7332A564}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{CEBD544B-BA4C-43AA-8CB7-8FEF84C3FC62}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\toki tori\tokitori.exe |
"{CF2BE23A-59E6-4A42-B1C9-EA883A89CD53}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D0B5F790-5341-470D-A611-723D81BA7840}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{D1DEE1FE-3C84-485C-909A-9811998C93E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D21C4716-CC77-45B5-AA2B-44E534459E3B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{D2501D3C-F958-4329-BE62-BAEDB7F67B59}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D25E41FC-DC9F-40C3-AB01-9C74AEDFFD27}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\darwinia\darwinia.exe |
"{D5B22E39-9DB3-4F84-AD50-A93B6470C96B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D7BA4403-2D72-4979-B4A2-AE91E039F1BB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commandos behind enemy lines\readme.doc |
"{D809EB98-7CC5-4050-9788-0E0B0B68DC55}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{D862AA0A-D77F-4C87-A9A8-D2C7B255196B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{D954A1C6-E009-48CF-9B6A-D35BB926B434}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9F34425-B40E-42A4-A3C4-53C6676522F6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\uplink\uplink.exe |
"{DC71834C-7B23-4D00-BD1F-6FE924A1D914}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\brink\brink.exe |
"{DEFEA70D-5A86-422A-819F-A8824B935CB6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\chime\chime.exe |
"{DF117F68-EE2F-4EE9-B579-872577FD5CE1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe |
"{DFC279AD-F9FF-4125-B035-EEDF1037DF0E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam classic the second encounter\bin\seriousmodeler.exe |
"{DFC5BE8E-6516-4B1E-9205-1F16D4C59898}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E0D7276B-863C-4EC6-879F-034E09F3F9BA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\monkey2\monkey2.exe |
"{E19399F2-77A0-4C8A-9D2F-F8E62C279C7F}" = protocol=6 | dir=out | app=system |
"{E272AB03-8255-453E-A500-0133A48B2818}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E35B3BF5-1A7A-444A-91DF-5D5805211EED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lugaru hd\lugaru.exe |
"{E393F55A-BEA9-43A7-B96B-987198B2BC04}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
"{E49F4DD5-ADB1-4B91-A391-9A39650FAE06}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{E59C2537-4EE0-4DAB-A309-B62BCCEDCEF4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\toki tori\tokitori.exe |
"{E656DD78-6EE5-4053-B7DA-E389B88AE1A8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E68B6E86-1F83-4323-AC60-36A5881BB70F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{E783E266-E653-4FBC-B625-6F3BA56330E5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the ball\binaries\win32\theball.exe |
"{E9C6E29A-AF39-4467-BD22-E344EDC32E38}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\multiwinia\multiwinia.exe |
"{E9DE1AB5-030B-49E0-8F46-F66E54094AFB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commandos 2 men of courage\readme.rtf |
"{EAD23175-EE7C-4445-8E0E-6C0B74C6D58C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\max payne\maxpayne.exe |
"{EEEA172F-8DA6-4351-A813-179DF42CF017}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0EFF815-61FB-44D8-9554-63ED86532979}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\uplink\uplink.exe |
"{F1AA1FDD-A93F-4B53-A6F0-6B446FD2CE2F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{F1C83BCD-D08A-45F7-AF0E-B48CB7D8F384}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commandos beyond the call of duty\coman_mp.exe |
"{F1DB630C-7D4C-4E6E-B6A5-DDA5B53E7D36}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe |
"{F471C113-7E92-4DA4-BE0B-9569D0056728}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\kfed.exe |
"{FAAC3D66-4880-47CC-813A-B7A505C50382}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe |
"{FCF4EC92-6414-429C-972E-0E88D3F1AD7F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"{FD89B0F7-A9C7-4DF4-BC5B-9D8EB77C1FBD}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FE4C7419-0E00-4E25-847A-6B1524B21D2E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\multiwinia\multiwinia.exe |
"{FEF84003-5C5E-479E-95FA-BD4CE1DB947C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1B84DE23-2F36-4122-824C-2A0CC96494F6}C:\users\jason\downloads\championsonlinef2p.exe" = protocol=6 | dir=in | app=c:\users\jason\downloads\championsonlinef2p.exe |
"TCP Query User{1E688FAA-42B1-4A74-9D2B-BEBCF49576F2}C:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{246D8970-A81D-4ED5-8923-69E7532B91FF}C:\program files\steam\steamapps\common\the ball\binaries\win32\theball.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the ball\binaries\win32\theball.exe |
"TCP Query User{4360EDFF-D371-444F-8AA2-DEEA5319FD3E}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{44D81647-A69D-48F2-92E0-E5639A48E0A1}C:\program files\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"TCP Query User{4DD44005-2B2D-4AB6-9B06-A7F20F364628}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{579D3023-4BAF-4026-BCF1-A21F59766735}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{7FA00DA7-BCAE-46DA-AEED-036CEB8F4524}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{840478DF-4785-4AA5-B127-6BE6E930DDC9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9DB81DCD-56B3-4985-B87C-3B80B8DE5E46}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{FF43182F-8DEB-4EE9-BED1-186D393B01A2}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{0431363E-CF69-41CB-8375-99D06D6F77EC}C:\users\jason\downloads\championsonlinef2p.exe" = protocol=17 | dir=in | app=c:\users\jason\downloads\championsonlinef2p.exe |
"UDP Query User{09668312-48E5-459E-9D3B-AFF530668968}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{3AC2F2C2-FB6C-44E4-8211-39773076BD77}C:\program files\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"UDP Query User{512850A0-332A-406E-9068-C0B92644D369}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{65132C70-C990-4708-B328-AED9EA930F38}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{653E0FC4-1DBC-4DD2-ADC8-DCF79D2E9221}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{811C1F68-57AD-44CF-A13A-0B045500921D}C:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{960A53E4-A4F1-4A5E-A763-96791278E50C}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{CBC2F1E6-659E-439B-917B-96DCE82BDD07}C:\program files\steam\steamapps\common\the ball\binaries\win32\theball.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the ball\binaries\win32\theball.exe |
"UDP Query User{D2045C2C-F72B-4287-A464-0828EF25E5FE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DC9B9DF8-098C-41C7-8221-064FFA52AFEC}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{062ABD24-47F8-D865-BCB6-A724A94BC9A5}" = CCC Help Japanese
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{06F2B3DC-74F4-300D-D41A-B21B46101CA2}" = Skins
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0931A702-634B-4B1E-B21F-4B5797CB2BA5}" = System Requirements Lab CYRI
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A573F30-FB63-9A85-2E6E-39E1AC5366D0}" = Catalyst Control Center Localization Hungarian
"{0A9F311E-A4B9-4808-1D1C-0B2E7705A735}" = Catalyst Control Center Localization Spanish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F15A965-99BA-BC9D-5A00-D7E1E7B2AE7F}" = Catalyst Control Center Localization French
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{14FEF8C7-0EB1-47F2-6A13-D43171D4DFBB}" = Catalyst Control Center Localization Greek
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1D4D4C5C-6771-A416-0FC9-167F47C4D977}" = Catalyst Control Center Localization Polish
"{1E32C2AB-9722-5F41-7BDE-24B5AFD2BCE6}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21AEC16B-1C21-81B4-DA88-2235CC1F7E39}" = Catalyst Control Center Localization Japanese
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{27B6D024-FD7E-4A88-BC17-5AFBE33EC072}" = Microsoft F# Runtime for Silverlight 4
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{288306FF-D5B5-7398-0617-E52F625C6797}" = CCC Help Norwegian
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{397AC65E-CB4A-29C2-ACF9-D04444438971}" = Catalyst Control Center Localization Thai
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B96A467-811C-F9FE-B8D6-3BC952025F44}" = Catalyst Control Center Localization Dutch
"{3BEEC9AD-FA8F-B413-6BBC-8B5DC7C8E08F}" = Catalyst Control Center Localization Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 Database Engine Services
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
"{45ECDC05-71AC-6372-2A17-4139B6296F4F}" = ccc-core-static
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{480C3278-56A7-3F05-3829-6DC5D4B0CB06}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4CA4D9FC-212C-9F69-E760-DB4BEB34FEB5}" = CCC Help Thai
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"{4DE0D937-FEB0-0D89-C8D6-35F600300BD4}" = CCC Help French
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{526B6DD3-0C43-2C13-7DF8-44D20D4E9853}" = CCC Help English
"{544587B1-B057-F0B3-7B19-6898ADBED9AC}" = Catalyst Control Center Localization Czech
"{5542F72D-45E4-371C-BE4B-A7CB70C11E9D}" = Windows Phone Emulator - ENU
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{571C0874-A931-EEFE-E89D-8F912F633B9F}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5B161932-9D42-4D5E-858D-29BF4C670944}" = Microsoft SQL Server 2008 Setup Support Files
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63427619-C918-6F3C-7318-11DDA4975241}" = ATI Catalyst Install Manager
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{648B4A01-F609-1D4E-556C-0F18B54E9E1C}" = Catalyst Control Center Localization Italian
"{64F18837-72CE-DC38-899C-260AF20F979A}" = CCC Help Swedish
"{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{69C82DDB-3FBC-EBEC-AE0A-3ABF1F3BD39B}" = CCC Help Polish
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6C530FF7-F6F2-FD4C-0CFC-49AD3E7244A9}" = Catalyst Control Center Localization Turkish
"{6CA2BE46-A562-8CA4-1C33-CC2681B2DDA1}" = CCC Help Finnish
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DBBEC03-716B-7954-873A-B782100831C5}" = Catalyst Control Center Graphics Full New
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{70BCBA77-83D9-2075-1F99-69D65C44B422}" = Catalyst Control Center Graphics Full Existing
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{78E6BC53-F765-2629-C028-9F3CD49F70D4}" = CCC Help Chinese Standard
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{7ECE1045-66CB-2A70-7EAE-BE508AF95CF2}" = Catalyst Control Center Graphics Previews Vista
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81F93FA5-BA87-322F-2166-4D1F0FFE196E}" = CCC Help Greek
"{8376FC56-5456-DFF9-5C36-FAB3DE39F5DF}" = Catalyst Control Center Localization Norwegian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85B3880D-F0D2-A50C-1464-7EF646A1D21D}" = Catalyst Control Center Localization Danish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D0957A4-8EE7-E273-0BFC-9B235BEAA41A}" = CCC Help Dutch
"{8D44F868-DA59-B1BF-CC33-58B0AF8E2E39}" = Catalyst Control Center Localization Chinese Traditional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FFC6175-D2C5-4FA7-91E8-E2A9431A5CDA}" = WCF RIA Services V1.0 for Visual Studio 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}" = Amazon MP3 Uploader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3F65CA-78FA-4749-004B-23743CF642D1}" = Catalyst Control Center Localization Korean
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
"{A5B13934-D1C9-D33B-982E-BB09A19C0F90}" = Catalyst Control Center Localization Finnish
"{A60F4402-4CCE-E695-64C6-F0636ACC347F}" = CCC Help Italian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A91A0484-8087-A838-9BA6-03374BE3F2CE}" = Catalyst Control Center Localization Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA725670-A7B4-D1B0-4EF5-F4B2E418C9F4}" = Catalyst Control Center Localization German
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ADBE6E56-60E7-7FC3-467A-827987BE09CE}" = Catalyst Control Center Localization Swedish
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B1819DF7-D6B1-27AA-3A3B-6560C348C386}" = Catalyst Control Center Core Implementation
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone 7 Developer Resources
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{B9CD69C2-D14E-C499-C18B-7342E5FE245E}" = Catalyst Control Center Localization Chinese Standard
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{D8F9F4CB-41A1-CF15-39A2-75F28E0B9991}" = CCC Help Korean
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DDA258BA-57D9-A76C-84CB-F19571A45FC8}" = ccc-utility
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF73BEDD-8A09-A6E2-462B-3BDF398BAFB2}" = CCC Help Czech
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E70A3EE1-067D-8C6C-1C89-9F3A1BA4CF2C}" = Catalyst Control Center Graphics Light
"{E87A8D96-5795-A788-18A2-3BCC20B09E7C}" = CCC Help Chinese Traditional
"{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
"{EB295AF7-C2D1-D911-9E62-F288874B96F4}" = CCC Help Turkish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBCD5E4C-F14A-B147-39FE-906F75AC4ACE}" = CCC Help Russian
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F36D6137-FD4C-1F67-7B2A-815BB05BB825}" = CCC Help German
"{F84C1DC6-4B39-1A34-AD6E-A6EE49A3DD78}" = CCC Help Hungarian
"{F9823E37-7E55-466f-893D-3E4168D55A46}" = SourceGear Vault Professional Client
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Blend_3.0.1927.0" = Microsoft Expression Blend 3
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"BN_DesktopReader" = NOOK for PC
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"com.amazon.music.uploader" = Amazon MP3 Uploader
"conduitEngine" = Conduit Engine
"Defraggler" = Defraggler
"DVD Shrink_is1" = DVD Shrink 3.2
"ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
"Fences" = Fences
"GFWL_{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"ImgBurn" = ImgBurn
"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"JDiskReport 1.3.2" = JGoodies JDiskReport 1.3.2
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mumble" = Mumble and Murmur
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"RayV" = WCG2010EN Player
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.0
"StarCraft" = StarCraft
"Steam App 12500" = Puzzle Quest
"Steam App 1260" = Killing Floor SDK
"Steam App 1500" = Darwinia
"Steam App 1510" = Uplink
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 1520" = DEFCON
"Steam App 1530" = Multiwinia
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 22600" = Worms Reloaded
"Steam App 2310" = Quake
"Steam App 2500" = Shadowgrounds
"Steam App 25010" = Lugaru HD
"Steam App 26500" = Cogs
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 32460" = Monkey Island 2: Special Edition
"Steam App 35700" = Trine
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 38700" = Toki Tori
"Steam App 38720" = RUSH
"Steam App 40700" = Machinarium
"Steam App 41060" = Serious Sam Classic: The Second Encounter
"Steam App 42915" = ValveTestApp42915
"Steam App 4760" = Rome: Total War Gold Edition
"Steam App 4770" = Rome: Total War - Alexander
"Steam App 62100" = Chime
"Steam App 6800" = Commandos: Behind Enemy Lines
"Steam App 6810" = Commandos: Beyond the Call of Duty
"Steam App 6830" = Commandos 2: Men of Courage
"Steam App 6840" = Commandos 3: Destination Berlin
"Steam App 70300" = VVVVVV
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trillian" = Trillian
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.8
"Web_3.0.3813.0" = Microsoft Expression Web 3
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3060899649-2840256674-1490275649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ce2965ae71956536" = PerfectSphere
"GoToMeeting" = GoToMeeting 4.5.0.457
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2011 3:48:13 PM | Computer Name = Jason-Laptop | Source = System Restore | ID = 8193
Description =

Error - 5/7/2011 12:47:08 PM | Computer Name = Jason-Laptop | Source = MSSQL$SQLEXPRESS | ID = 17113
Description = Error 2(The system cannot find the file specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 5/7/2011 12:47:08 PM | Computer Name = Jason-Laptop | Source = MSSQLSERVER | ID = 17113
Description = Error 3(The system cannot find the path specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 5/7/2011 12:48:24 PM | Computer Name = Jason-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 5/8/2011 1:16:57 PM | Computer Name = Jason-Laptop | Source = MSSQL$SQLEXPRESS | ID = 17113
Description = Error 2(The system cannot find the file specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 5/8/2011 1:17:00 PM | Computer Name = Jason-Laptop | Source = MSSQLSERVER | ID = 17113
Description = Error 3(The system cannot find the path specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 5/8/2011 1:17:15 PM | Computer Name = Jason-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 5/8/2011 9:55:50 PM | Computer Name = Jason-Laptop | Source = MSSQL$SQLEXPRESS | ID = 17113
Description = Error 2(The system cannot find the file specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 5/8/2011 9:55:50 PM | Computer Name = Jason-Laptop | Source = MSSQLSERVER | ID = 17113
Description = Error 3(The system cannot find the path specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 5/8/2011 9:57:05 PM | Computer Name = Jason-Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/25/2010 8:45:49 AM | Computer Name = Jason-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:03:11 AM on 10/23/2010 was unexpected.

Error - 10/25/2010 9:15:39 AM | Computer Name = Jason-Laptop | Source = DCOM | ID = 10005
Description =

Error - 10/25/2010 9:15:39 AM | Computer Name = Jason-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 10/25/2010 9:15:39 AM | Computer Name = Jason-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/25/2010 9:15:39 AM | Computer Name = Jason-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 10/25/2010 9:15:39 AM | Computer Name = Jason-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/25/2010 9:18:26 AM | Computer Name = Jason-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 10/25/2010 9:18:26 AM | Computer Name = Jason-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/25/2010 9:18:26 AM | Computer Name = Jason-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 10/25/2010 9:18:26 AM | Computer Name = Jason-Laptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:41 PM

Posted 27 May 2011 - 12:04 PM

P2P Warning:

uTorrent

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


===================================


1. Please download SystemLook from jpshortstuff and save it to your Desktop

Download Mirror #1
Download Mirror #2

  • Double-click the SystemLook and copy/paste the following into the box
    :dir
    C:\ProgramData\pK06509KgAkM06509
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply



2. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    FF - HKLM\software\mozilla\Firefox\Extensions\\{93540ACE-FA79-4235-8F22-C4A0FDB687F1}: C:\Users\Jason\AppData\Local\{93540ACE-FA79-4235-8F22-C4A0FDB687F1}\ [2011/05/14 15:15:10 | 000,000,000 | ---D | M]
    [2011/05/14 15:15:10 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JASON\APPDATA\LOCAL\{93540ACE-FA79-4235-8F22-C4A0FDB687F1}
    File not found (No name found) -- 
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
    [2011/05/14 15:15:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{93540ACE-FA79-4235-8F22-C4A0FDB687F1}
    [2011/05/14 15:37:56 | 000,008,694 | -HS- | M] () -- C:\ProgramData\q0hrb27u7g38cssopr
    [2011/05/14 15:37:55 | 000,008,694 | -HS- | M] () -- C:\Users\Jason\AppData\Local\q0hrb27u7g38cssopr
    [2011/05/14 15:15:12 | 000,000,120 | ---- | M] () -- C:\Users\Jason\AppData\Local\Mzezexetedab.dat
    [2011/05/14 15:15:12 | 000,000,000 | ---- | M] () -- C:\Users\Jason\AppData\Local\Jyisofeginuk.bin
    [2011/05/14 15:12:24 | 000,000,000 | ---- | M] () -- C:\Users\Jason\2gweorjqjutp92vjy9gake
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=dword:00000000
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [REBOOT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 27 May 2011 - 02:00 PM

gameupdates.org is legal i think. but i guess ill get rid of utorrnet

i hit reset and it didnt give me a log for otl

SystemLook 04.09.10 by jpshortstuff
Log created at 14:48 on 27/05/2011 by Jason
Administrator - Elevation successful

========== dir ==========

C:\ProgramData\pK06509KgAkM06509 - Parameters: "(none)"

---Files---
pK06509KgAkM06509 --a---- 192 bytes [19:13 14/05/2011] [19:13 14/05/2011]

---Folders---
None found.

-= EOF =-

Edited by wing43, 27 May 2011 - 02:03 PM.


#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:41 PM

Posted 28 May 2011 - 12:47 AM

i hit reset and it didnt give me a log for otl

What "reset"? Did you click the "Run fix" button after pasting the script?

Please delete this foolder -> C:\ProgramData\pK06509KgAkM06509

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 29 May 2011 - 12:22 PM

i run fix and it gave a message box asking to reset. i hit ok and it restarted

i deleted the folder

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:41 PM

Posted 30 May 2011 - 07:30 AM

Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 01 June 2011 - 01:00 PM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6744

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/1/2011 1:59:31 PM
mbam-log-2011-06-01 (13-59-31).txt

Scan type: Full scan (C:\|)
Objects scanned: 402675
Time elapsed: 2 hour(s), 49 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Jason\AppData\LocalLow\Sun\Java\deployment\cache\6.0\31\68c5a01f-2f53aecd (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Jason\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Jason\AppData\Roaming\Adobe\plugs\mmc116211041.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:41 PM

Posted 02 June 2011 - 08:00 AM

How's the computer running?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:41 PM

Posted 07 June 2011 - 06:37 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users