Malwarebytes' Anti-Malware 1.36
Database version: 2073
Windows 6.0.6001 Service Pack 1
5/5/2009 7:35:43 PM
mbam-log-2009-05-05 (19-35-43).txt
Scan type: Quick Scan
Objects scanned: 68822
Time elapsed: 2 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
----------------------------------------------------------------------------------------------------------------
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
C:\ [Fixed] - NTFS - (Total:293843 Mo/Free:3995 Mo)
D:\ [Fixed] - NTFS - (Total:11397 Mo/Free:1902 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Tue 05/05/2009|19:38
----------------------\\ Processes..
--Locked-- [System Process]
--Locked-- System
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
--Locked-- audiodg.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
---------- ?????????
---------- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe
---------- C:\Program Files (x86)\RocketDock\RocketDock.exe
---------- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
---------- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
---------- ?????????
---------- C:\Program Files (x86)\Folding@home\Folding@home-x86\[email protected]
---------- C:\Program Files (x86)\HP\QuickPlay\QPService.exe
---------- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
---------- C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
---------- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
---------- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
---------- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
---------- C:\Program Files (x86)\iTunes\iTunesHelper.exe
---------- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
---------- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
---------- ?????????
---------- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
---------- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
---------- C:\Windows\SMINST\BLService.exe
---------- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
---------- ?????????
---------- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
---------- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
---------- ?????????
---------- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
---------- C:\Program Files (x86)\iPod\bin\iPodService.exe
---------- ?????????
---------- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
---------- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
---------- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
---------- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
---------- C:\Program Files (x86)\AIM6\aim6.exe
---------- C:\Program Files (x86)\AIM6\aolsoftware.exe
---------- ?????????
---------- ?????????
---------- C:\Users\Benny\AppData\Roaming\Folding@home-x86\FahCore_a0.exe
---------- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
---------- ?????????
---------- ?????????
---------- ?????????
--Locked-- vds.exe
---------- C:\Windows\SysWOW64\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
-----------------------------------------------------------------------------------------------------
OTListIt Extras logfile created on: 5/5/2009 7:40:33 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Users\Benny\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 42.16% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.96 Gb Total Space | 15.90 Gb Free Space | 5.54% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.86 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BENNY-PC
Current User Name: Benny
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
{0188CCBA-77CA-4A09-8F3F-CC206FACBE3A} = RPORT=2177 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31265 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{01D9D5F7-8D92-4A52-B786-48B47ECB194E} = LPORT=2177 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31261 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{0B5989A0-8A33-49A1-BA0F-12EBEA361072} = LPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28519 | APP=SYSTEM |
{2ED787CA-A771-4B9E-B85F-16490F6DE0E5} = RPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28523 | APP=SYSTEM |
{57352706-0A4C-491D-A85B-1B0910907C41} = RPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28507 | APP=SYSTEM |
{6C13B645-9F2A-4875-BA20-5BB5CC44E6A0} = LPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31269 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{7032C5E4-96A7-4299-AE4D-8C79E8379D8C} = LPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28503 | APP=SYSTEM |
{7E3982DF-B0A6-4B7D-85BC-8F2784AE24CB} = LPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28527 | APP=SYSTEM |
{8235F068-0880-4471-B2F9-1542A2CBA38B} = LPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28511 | APP=SYSTEM |
{8631A0F4-4F54-4CFE-B6D3-701F16B2A5AC} = RPORT=2177 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31257 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{8CE48FCB-2E2A-4893-9B02-AF01B374FF58} = LPORT=RPC-EPMAP | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28539 | SVC=RPCSS |
{9CE56549-046F-4D9C-9F56-B8E845D55B22} = LPORT=2869 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31277 | APP=SYSTEM |
{ABE5D170-0192-4A25-9DD1-720945BA0AE1} = RPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31273 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{B43E651A-B835-40C8-8D3A-3578E6A0888A} = RPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28531 | APP=SYSTEM |
{B4C8FEA1-8751-49B4-9AFA-2318AC0691C4} = LPORT=10243 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31285 | APP=SYSTEM |
{BF3346E8-8885-4372-9121-C67456D623C6} = LPORT=6004 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE OUTLOOK | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE |
{CD947509-8B49-4C2F-BD38-7C75ADFE4772} = LPORT=2177 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31253 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{D9753626-563D-434E-A49E-FE29C7E91AAB} = RPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28515 | APP=SYSTEM |
{E664F5E0-A24A-4B74-8833-76E5ACD844AA} = RPORT=10243 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31289 | APP=SYSTEM |
{E843480D-9EEB-44AC-AFED-FDCD54A8285C} = LPORT=RPC | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28535 | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
========== Vista Active Application Exception List ==========
{0315BEE0-0CA0-4FF7-9F5A-254A7189318E} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{075A3C1B-09DA-449C-B47F-6228DAE17C7F} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{0A363611-75C0-4CBC-ACBF-5F5508EC5997} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{146FA333-1AD8-41DC-8D2E-CD8BFB011861} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{161509FD-18BF-4FEA-86F9-F9DC6F7991EB} = DIR=IN | ACTION=ALLOW | NAME=QUICK PLAY RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HP\QUICKPLAY\QPSERVICE.EXE |
{17EA67BA-3961-4897-AB01-F5BD239B8897} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=OUT | ACTION=ALLOW | [email protected],-28544 |
{1C3DBC7F-2B12-4899-B445-90CBFB553ACA} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31003 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{1E0545C0-1DAF-402F-AF3B-3143106CEDFC} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31293 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{1EED9B96-C179-462D-9460-A047258730BF} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31305 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{2F99B30F-14DA-4464-9469-5045D6120963} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{37797E2C-1090-4C49-BD01-AC87D182E010} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=IN | ACTION=ALLOW | [email protected],-28543 |
{379C275A-4394-470F-9D4E-B8E4D93EA2DF} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{3C4B9BC2-360D-4F43-90D9-9242E274BBF2} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NEXON GAME MANAGER | APP=C:\PROGRAMDATA\NEXONUS\NGM\NGM.EXE |
{4AD9D194-61E0-4309-B66B-C3B9D622A373} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{4FA7FB82-0E4B-4D65-9CAF-BA6CA620BDC0} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31309 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{505F8444-8D27-4416-997B-365B437E8B60} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{52FE22F8-2754-4BB4-825A-78618ABBCE1D} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31324 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{56BDBA3C-2281-4196-94F7-055D83897E80} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31323 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{60479BA3-9AE0-4D58-844A-2A939B49BB72} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31317 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{6A6BA565-4EB0-4F42-B79D-2DED3425D749} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{6C583A59-EDC6-458A-BD9F-F5561BCD1333} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SMC SERVICE | APP=C:\PROGRAM FILES (X86)\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMC.EXE |
{70C38BEE-48D0-4B9B-9144-1D356F9DB29F} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK POWERDIRECTOR | APP=C:\PROGRAM FILES (X86)\CYBERLINK\POWERDIRECTOR\PDR.EXE |
{70EF09FF-C987-4157-A6D9-CAF06842288E} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31025 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{726EEFA4-AEF3-4F6F-8219-80123528EEE7} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31321 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{7E956601-2353-483F-BCF7-1A3C40888928} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31313 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{7F9C2C1F-016D-4E2E-8213-85DB775D526B} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{81636758-1917-4AB6-8725-950D426A8EE6} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{8A1CDB06-46CD-4BB3-A7E2-9CC928B6DF97} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=IN | ACTION=ALLOW | [email protected],-28545 |
{8EBF6376-879B-4DBD-82DE-4446472AC1D7} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SMC SERVICE | APP=C:\PROGRAM FILES (X86)\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMC.EXE |
{951C6E8D-E8ED-4962-9E90-34983EFA74C0} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{9BBA8577-ADCB-45BC-99EA-CC65E9052AC3} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NEXON MESSENGER CORE | APP=C:\NEXON\COMBAT ARMS\NMSERVICE.EXE |
{9C89F6A7-01B9-4C5D-BE33-89CD6F8DFA00} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{9D090D41-CE8E-4F8F-8C10-3A9717C7B6E7} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SYMANTEC EMAIL | APP=C:\PROGRAM FILES (X86)\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE |
{9D1D1746-B2A0-4906-AFDD-7B5B025404D2} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{A855F325-92EB-481B-B022-BC3E3F13CA25} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=NEXON MESSENGER CORE | APP=C:\NEXON\COMBAT ARMS\NMSERVICE.EXE |
{ABF825F6-E479-4B1E-B187-098314002524} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31281 | APP=SYSTEM |
{AC5CB3D7-50DC-4D9D-B795-AFA498D4C5AA} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT (TCP-IN) | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
{C1FDAC26-F7D1-472E-9967-F735BCE75502} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{C6B2AA93-884D-49E0-8338-F807C206DBCA} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SNAC64 SERVICE | APP=C:\PROGRAM FILES (X86)\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SNAC64.EXE |
{D662FB04-2866-4B17-8DA2-4CC9F39A5684} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{DAFBCC7F-D3D1-4EAF-A1B2-8F5315CE7DD8} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31011 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{DDED9B13-9CA5-4817-A4DE-A48AC88165D3} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{DF2FCEE7-71D4-442E-A237-98910DA7D176} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{E64BD64D-D186-4ED2-B6AC-86118B0F0630} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT (UDP-IN) | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
{E75F8F88-EDAE-4204-B77C-76B607845E04} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31301 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{ECA8C1CF-7B65-4E8E-A4FF-711C2B41A4A0} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31024 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{EE1B3FFE-129C-4CD4-9629-D1F107C6DCF8} = DIR=IN | ACTION=ALLOW | NAME=QUICK PLAY | APP=C:\PROGRAM FILES (X86)\HP\QUICKPLAY\QP.EXE |
{EE51A283-33E0-440D-A91F-65FA4736B3C1} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=NEXON GAME MANAGER | APP=C:\PROGRAMDATA\NEXONUS\NGM\NGM.EXE |
{F036EF6C-7A19-4D45-9243-3F2CE94910C7} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31297 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{F3AC73DB-0AFD-4A0A-8382-56FA5D2135FA} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31023 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{F4358EB7-92B9-4D0B-A3B7-5204430A8DB6} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31325 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{F6B30CB1-72A8-426A-96FF-6097CA9051B4} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SYMANTEC EMAIL | APP=C:\PROGRAM FILES (X86)\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE |
{F791B992-8EA3-4F6C-9249-D6313D678171} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31007 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{FECCE7DC-F8B7-4950-8DF1-D7D0059EB1E3} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SNAC64 SERVICE | APP=C:\PROGRAM FILES (X86)\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SNAC64.EXE |
{FEF308A6-9A77-419C-895F-565EB10386F8} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=OUT | ACTION=ALLOW | [email protected],-28546 |
TCP Query User{16838014-FA41-4D30-B454-1669806E846C}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=DOW2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\WARHAMMER 40,000 DAWN OF WAR II - BETA\DOW2.EXE |
TCP Query User{18ED8D96-DA3B-4B7E-A84E-EDA31C2E391F}C:\program files (x86)\utorrent\utorrent.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
TCP Query User{19051B48-2CB6-4F72-ABDC-77C10D247C70}C:\program files (x86)\warcraft iii\war3.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WARCRAFT III | APP=C:\PROGRAM FILES (X86)\WARCRAFT III\WAR3.EXE |
TCP Query User{1EFEA9E4-27AF-467F-9518-3E2896BD4DE5}C:\program files (x86)\nbc direct\directplayercore.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=NBC DIRECT | APP=C:\PROGRAM FILES (X86)\NBC DIRECT\DIRECTPLAYERCORE.EXE |
TCP Query User{249F4B84-4446-42D5-B966-7853ED590A13}C:\program files (x86)\sopcast\sopcast.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES (X86)\SOPCAST\SOPCAST.EXE |
TCP Query User{3E691A18-9CE5-4B48-A279-252E4640325B}C:\program files (x86)\ares\ares.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ARES P2P FOR WINDOWS | APP=C:\PROGRAM FILES (X86)\ARES\ARES.EXE |
TCP Query User{41287DB9-09CE-4EC8-918F-C8B3E2F0B620}C:\program files (x86)\thq\company of heroes\reliccoh.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=RELICCOH | APP=C:\PROGRAM FILES (X86)\THQ\COMPANY OF HEROES\RELICCOH.EXE |
TCP Query User{47EC2B7F-D856-4BE9-9311-5A3122D7EB95}C:\program files (x86)\steam\steamapps\anole3000\team fortress 2\hl2.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=HL2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\ANOLE3000\TEAM FORTRESS 2\HL2.EXE |
TCP Query User{47F6D570-0DE3-4715-9200-244EF9BDECD8}C:\users\benny\downloads\command.and.conquer.red.alert.3.multi4.full-rip.skullptura\red alert 3\data\ra3_1.0.game = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=BLOCK | NAME=RA3_1.0.GAME | APP=C:\USERS\BENNY\DOWNLOADS\COMMAND.AND.CONQUER.RED.ALERT.3.MULTI4.FULL-RIP.SKULLPTURA\RED ALERT 3\DATA\RA3_1.0.GAME |
TCP Query User{4A771C24-56B2-4807-828C-4EFC7C8F870D}C:\program files (x86)\steam\steamapps\anole3000\team fortress 2\hl2.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=HL2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\ANOLE3000\TEAM FORTRESS 2\HL2.EXE |
TCP Query User{59BD47B0-AE9C-44EC-B66D-B55CDAEAD5BF}C:\program files (x86)\utorrent\utorrent.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
TCP Query User{7C1B2390-034A-456C-A1C9-0302ECA74C95}C:\program files (x86)\sopcast\adv\sopadver.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES (X86)\SOPCAST\ADV\SOPADVER.EXE |
TCP Query User{837DA80F-0D11-4E91-AFCC-CF87C332BA1F}C:\program files (x86)\thq\dawn of war\w40k.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=W40K | APP=C:\PROGRAM FILES (X86)\THQ\DAWN OF WAR\W40K.EXE |
TCP Query User{88A6A7F9-7A16-49FC-97C1-E143036607B9}C:\program files (x86)\diablo ii\game.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=DIABLO II | APP=C:\PROGRAM FILES (X86)\DIABLO II\GAME.EXE |
TCP Query User{920A0519-680D-4D82-BD6F-020437102450}C:\program files (x86)\aim6\aim6.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AIM | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE |
TCP Query User{93329C39-781D-441F-9773-8B286808632E}C:\program files (x86)\mozilla firefox\firefox.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE |
TCP Query User{AEB85FF7-E6ED-4F80-A51D-DFF55FB0E4DB}C:\program files (x86)\ares\ares.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ARES P2P FOR WINDOWS | APP=C:\PROGRAM FILES (X86)\ARES\ARES.EXE |
TCP Query User{BC38FC64-AC75-4ADB-9628-10CC2CF057D4}C:\program files (x86)\thq\company of heroes\reliccoh.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=RELICCOH | APP=C:\PROGRAM FILES (X86)\THQ\COMPANY OF HEROES\RELICCOH.EXE |
TCP Query User{CEBC9F45-519A-46CB-B122-6846975D2A56}C:\program files (x86)\sopcast\adv\sopadver.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES (X86)\SOPCAST\ADV\SOPADVER.EXE |
TCP Query User{D60256EC-128B-4067-899C-18E2601E45D7}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=DOW2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\WARHAMMER 40,000 DAWN OF WAR II - BETA\DOW2.EXE |
TCP Query User{DBC3E736-D1EF-4D7D-9601-94CFB2A0266A}C:\program files (x86)\sopcast\sopcast.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES (X86)\SOPCAST\SOPCAST.EXE |
TCP Query User{DD708C40-E406-4015-AD7A-8402E05900A5}C:\program\ea games\command and conquer generals\game.dat = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=GAME.DAT | APP=C:\PROGRAM\EA GAMES\COMMAND AND CONQUER GENERALS\GAME.DAT |
TCP Query User{EA2125B8-F47E-4914-9415-A7C3CA9C153B}C:\program files (x86)\pando networks\media booster\pmb.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=PANDO MEDIA BOOSTER | APP=C:\PROGRAM FILES (X86)\PANDO NETWORKS\MEDIA BOOSTER\PMB.EXE |
TCP Query User{F5A53E89-83E7-48CE-901D-F5F08D5BAAAB}C:\program files (x86)\java\jre1.6.0_07\launch4j-tmp\stanza.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=JAVA PLATFORM SE BINARY | APP=C:\PROGRAM FILES (X86)\JAVA\JRE1.6.0_07\LAUNCH4J-TMP\STANZA.EXE |
TCP Query User{FF0A1FF6-12D1-44A9-8FF9-26C98B24CF54}C:\users\benny\downloads\command.and.conquer.red.alert.3.multi4.full-rip.skullptura\red alert 3\data\ra3_1.0.game = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=BLOCK | NAME=RA3_1.0.GAME | APP=C:\USERS\BENNY\DOWNLOADS\COMMAND.AND.CONQUER.RED.ALERT.3.MULTI4.FULL-RIP.SKULLPTURA\RED ALERT 3\DATA\RA3_1.0.GAME |
UDP Query User{02C33516-014F-4377-829D-9195E7FFA4D1}C:\program files (x86)\sopcast\sopcast.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES (X86)\SOPCAST\SOPCAST.EXE |
UDP Query User{05E60820-EA5C-4E7A-A723-5C8BE81BB5E1}C:\program files (x86)\steam\steamapps\anole3000\team fortress 2\hl2.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=HL2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\ANOLE3000\TEAM FORTRESS 2\HL2.EXE |
UDP Query User{0F729617-6954-42B3-B997-3F91B890FB7F}C:\program files (x86)\utorrent\utorrent.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
UDP Query User{14FFC211-B6E7-4442-89A2-80379DA34367}C:\program files (x86)\sopcast\sopcast.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES (X86)\SOPCAST\SOPCAST.EXE |
UDP Query User{1CD16404-F2FD-4180-8776-8A036729BD49}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=DOW2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\WARHAMMER 40,000 DAWN OF WAR II - BETA\DOW2.EXE |
UDP Query User{2801780C-DF49-441A-8C59-E6C928C8449B}C:\program files (x86)\mozilla firefox\firefox.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{508BC9B2-112C-47D1-8A35-12324ECF2D1C}C:\program files (x86)\thq\company of heroes\reliccoh.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=RELICCOH | APP=C:\PROGRAM FILES (X86)\THQ\COMPANY OF HEROES\RELICCOH.EXE |
UDP Query User{509B4243-B99B-4E3E-A01A-890CBF07BD65}C:\program files (x86)\java\jre1.6.0_07\launch4j-tmp\stanza.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=JAVA PLATFORM SE BINARY | APP=C:\PROGRAM FILES (X86)\JAVA\JRE1.6.0_07\LAUNCH4J-TMP\STANZA.EXE |
UDP Query User{531A879C-5551-4F68-8587-21409441EDE4}C:\users\benny\downloads\command.and.conquer.red.alert.3.multi4.full-rip.skullptura\red alert 3\data\ra3_1.0.game = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=BLOCK | NAME=RA3_1.0.GAME | APP=C:\USERS\BENNY\DOWNLOADS\COMMAND.AND.CONQUER.RED.ALERT.3.MULTI4.FULL-RIP.SKULLPTURA\RED ALERT 3\DATA\RA3_1.0.GAME |
UDP Query User{5A74A62A-2FFD-4DFA-8294-E67D06431E2C}C:\program files (x86)\sopcast\adv\sopadver.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES (X86)\SOPCAST\ADV\SOPADVER.EXE |
UDP Query User{6B21E5EA-9837-479E-BEA3-2B152168C97B}C:\program files (x86)\pando networks\media booster\pmb.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=PANDO MEDIA BOOSTER | APP=C:\PROGRAM FILES (X86)\PANDO NETWORKS\MEDIA BOOSTER\PMB.EXE |
UDP Query User{8F40539A-0FA0-4F04-9DF0-6EA705D6302B}C:\program files (x86)\warcraft iii\war3.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WARCRAFT III | APP=C:\PROGRAM FILES (X86)\WARCRAFT III\WAR3.EXE |
UDP Query User{92C0A1D8-241A-4D5F-AC38-545F8E16B348}C:\program files (x86)\aim6\aim6.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AIM | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE |
UDP Query User{99A808EF-842C-4022-8E5F-FB85D8693768}C:\program files (x86)\steam\steamapps\anole3000\team fortress 2\hl2.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=HL2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\ANOLE3000\TEAM FORTRESS 2\HL2.EXE |
UDP Query User{A6C017EF-65E3-4028-94DA-33633D96C31A}C:\program files (x86)\diablo ii\game.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=DIABLO II | APP=C:\PROGRAM FILES (X86)\DIABLO II\GAME.EXE |
UDP Query User{B0F16B53-7E31-446F-85C4-460300283D1F}C:\program files (x86)\thq\dawn of war\w40k.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=W40K | APP=C:\PROGRAM FILES (X86)\THQ\DAWN OF WAR\W40K.EXE |
UDP Query User{BB7F81EA-F8D3-4DDC-A4DA-5D05D60C14F4}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=DOW2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\WARHAMMER 40,000 DAWN OF WAR II - BETA\DOW2.EXE |
UDP Query User{C004E3DE-7A72-4CEC-8C7E-484F88543993}C:\program files (x86)\utorrent\utorrent.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
UDP Query User{C1B59755-E2BD-404A-81AC-2D95EAC11031}C:\program files (x86)\ares\ares.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ARES P2P FOR WINDOWS | APP=C:\PROGRAM FILES (X86)\ARES\ARES.EXE |
UDP Query User{D04DCC60-CB9C-46E8-8EA2-07A556EB781F}C:\program files (x86)\thq\company of heroes\reliccoh.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=RELICCOH | APP=C:\PROGRAM FILES (X86)\THQ\COMPANY OF HEROES\RELICCOH.EXE |
UDP Query User{DBEA8A03-E2D9-4C76-8A6E-5773966CE9F4}C:\program files (x86)\nbc direct\directplayercore.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NBC DIRECT | APP=C:\PROGRAM FILES (X86)\NBC DIRECT\DIRECTPLAYERCORE.EXE |
UDP Query User{DC01C868-BDAC-4B4E-85F9-3091B0331081}C:\program files (x86)\sopcast\adv\sopadver.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES (X86)\SOPCAST\ADV\SOPADVER.EXE |
UDP Query User{EA60856D-9D1B-4D89-88DB-5B19E9B70B1F}C:\program files (x86)\ares\ares.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ARES P2P FOR WINDOWS | APP=C:\PROGRAM FILES (X86)\ARES\ARES.EXE |
UDP Query User{EFF6B151-8372-493F-A0EB-6B27F6F0235F}C:\users\benny\downloads\command.and.conquer.red.alert.3.multi4.full-rip.skullptura\red alert 3\data\ra3_1.0.game = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=BLOCK | NAME=RA3_1.0.GAME | APP=C:\USERS\BENNY\DOWNLOADS\COMMAND.AND.CONQUER.RED.ALERT.3.MULTI4.FULL-RIP.SKULLPTURA\RED ALERT 3\DATA\RA3_1.0.GAME |
UDP Query User{FD143657-3F34-430E-A3DF-B9BA4376DA6C}C:\program\ea games\command and conquer generals\game.dat = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=GAME.DAT | APP=C:\PROGRAM\EA GAMES\COMMAND AND CONQUER GENERALS\GAME.DAT |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer Red Alert 3
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A869A1DA-9571-4287-B170-4A7246994C84}" = Serif WebPlus 10 Resources
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 4.62
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AIM_6" = AIM 6
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner (remove only)
"CD Art Display_is1" = CD Art Display 2.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Command & Conquer" = Command & Conquer
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.16
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DriverAgent.exe" = DriverAgent by TouchStone Software
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"GameSpy Arcade" = GameSpy Arcade
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"ImgBurn" = ImgBurn
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"OpenPandora" = OpenPandora 0.7.0.0
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"Rainlendar2" = Rainlendar2 (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SopCast" = SopCast 3.0.3
"Stanza" = Stanza
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.4
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = ΅Torrent
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/5/2009 11:17:13 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHD623.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.
Error - 5/5/2009 11:17:16 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHD623.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 5/5/2009 11:17:17 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHDB9F.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.
Error - 5/5/2009 11:17:18 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHDB9F.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 5/5/2009 11:17:19 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHDA38.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.
Error - 5/5/2009 11:17:20 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHDA38.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 5/5/2009 11:17:21 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHF037.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.
Error - 5/5/2009 11:17:22 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHF037.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 5/5/2009 11:17:22 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHE36B.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.
Error - 5/5/2009 11:17:24 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHE36B.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
[ OSession Events ]
Error - 9/21/2008 11:50:45 AM | Computer Name = Benny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 6325
seconds with 3360 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =
Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =
Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =
Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =
Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =
Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =
Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =
Error - 5/5/2009 5:32:50 PM | Computer Name = Benny-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
Error - 5/5/2009 6:04:45 PM | Computer Name = Benny-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
Error - 5/5/2009 7:36:23 PM | Computer Name = Benny-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
< End of report >
-------------------------------------------------------------------------------------------
OTListIt logfile created on: 5/5/2009 7:40:33 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Users\Benny\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 42.16% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.96 Gb Total Space | 15.90 Gb Free Space | 5.54% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.86 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BENNY-PC
Current User Name: Benny
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files (x86)\Folding@home\Folding@home-x86\[email protected] ()
PRC - C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe ()
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Program Files (x86)\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files (x86)\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Users\Benny\AppData\Roaming\Folding@home-x86\FahCore_a0.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Benny\Downloads\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aawservice [Auto | Running]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AESTFilters [Auto | Running]) -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe ()
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\sysnative\agr64svc.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AresChatServer [On_Demand | Stopped]) -- File not found
SRV - (aspnet_state [On_Demand | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Com4QLBEx [On_Demand | Running]) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- File not found
SRV - (gupdate1c98cd48716c063 [Auto | Stopped]) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (HP Health Check Service [Auto | Running]) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (hpqwmiex [On_Demand | Running]) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpsrv [Auto | Running]) -- C:\Windows\sysnative\Hpservice.exe ()
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PerfHost [On_Demand | Stopped]) -- C:\Windows\SysWow64\perfhost.exe (Microsoft Corporation)
SRV - (QPCapSvc [Auto | Running]) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
SRV - (QPSched [Auto | Running]) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe ()
SRV - (Recovery Service for Windows [Auto | Running]) -- C:\Windows\SMINST\BLService.exe ()
SRV - (RichVideo [Auto | Running]) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SmcService [Auto | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (STacSV [Auto | Running]) -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe ()
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (Accelerometer [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\Accelerometer.sys ()
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\agrsm64.sys ()
DRV - (AX88772 [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\ax88772.sys ()
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\bcmwl664.sys ()
DRV - (CmBatt [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\CmBatt.sys ()
DRV - (eeCtrl [System | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (enecir [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\enecir.sys ()
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\HdAudio.sys ()
DRV - (hpdskflt [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\hpdskflt.sys ()
DRV - (HpqKbFiltr [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\HpqKbFiltr.sys ()
DRV - (HpqRemHid [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\HpqRemHid.sys ()
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\VSTAZL6.SYS ()
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\VSTDPV6.SYS ()
DRV - (iaStor [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\iaStor.sys ()
DRV - (iscFlash [On_Demand | Stopped]) -- C:\SwSetup\sp42557\iscflashx64.sys (Insyde Software)
DRV - (JMCR [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\jmcr.sys ()
DRV - (NAVENG [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090505.003\ENG64.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090505.003\EX64.SYS (Symantec Corporation)
DRV - (NETw5v64 [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\NETw5v64.sys ()
DRV - (NVENETFD [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\nvm60x64.sys ()
DRV - (NVHDA [On_Demand | Running]) -- C:\Windows\sysnative\drivers\nvhda64v.sys ()
DRV - (pavboot [Boot | Running]) -- C:\Windows\sysnative\drivers\pavboot64.sys ()
DRV - (RTL8169 [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys ()
DRV - (SCDEmu [System | Running]) -- C:\Windows\sysnative\drivers\scdemu.sys ()
DRV - (sdbus [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\sdbus.sys ()
DRV - (sptd [Boot | Running]) -- C:\Windows\sysnative\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\Windows\System32\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\System32\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\stwrt64.sys ()
DRV - (SymEvent [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS ()
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\SynTP.sys ()
DRV - (TVICHW64 [On_Demand | Stopped]) -- C:\Windows\SysWOW64\Drivers\TVICHW64.SYS (EnTech Taiwan)
DRV - (USBAAPL64 [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\usbaapl64.sys ()
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\usbaudio.sys ()
DRV - (usbvideo [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\usbvideo.sys ()
DRV - (winachsf [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\VSTCNXT6.SYS ()
DRV - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\wpdusb.sys ()
DRV - (xnacc [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\xnacc.sys ()
DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263} [Auto | Running]) -- C:\Program Files (x86)\HP\QuickPlay\000.fcl (Cyberlink Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Webster"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2008/07/01 05:03:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/25 04:21:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2009/04/29 10:35:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2009/04/29 10:35:02 | 00,000,000 | ---D | M]
[2008/08/24 18:00:52 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Extensions
[2008/08/24 18:00:52 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/05 00:14:21 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions
[2008/11/27 14:26:09 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/10 10:21:47 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/04/16 11:11:09 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions\[email protected]
[2009/04/23 20:24:16 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions\[email protected]
[2009/04/23 20:24:17 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions\[email protected]
[2008/09/02 16:06:21 | 00,000,705 | ---- | M] () -- C:\Users\Benny\AppData\Roaming\Mozilla\FireFox\Profiles\n7duh3fz.default\searchplugins\webster.xml
[2009/05/05 00:14:21 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/04/29 10:35:02 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/14 17:35:03 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/01 19:03:20 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/18 11:15:31 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/29 10:35:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 10:35:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2008/09/27 22:09:22 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/27 22:09:22 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2008/09/27 22:09:22 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 02:22:21 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2008/09/27 22:09:22 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2008/09/27 22:09:22 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/27 22:09:22 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" (CyberLink Corp.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] "C:\Users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe" File not found
O4 - Startup: C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[email protected] = C:\Users\Benny\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe ()
O4 - Startup: C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{79a7acf9-79c4-11dd-b05b-0050b6014229}\Shell - "" = AutoRun
O33 - MountPoints2\{79a7acf9-79c4-11dd-b05b-0050b6014229}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{e19674ab-e3d7-11dd-83c5-0050b6014229}\Shell - "" = AutoRun
O33 - MountPoints2\{e19674ab-e3d7-11dd-83c5-0050b6014229}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\dvdcheck.exe -- File not found
O33 - MountPoints2\H\Shell\directx\command - "" = DirectX9\dxsetup.exe
O33 - MountPoints2\H\Shell\setup\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\Windows\*.tmp files]
[2009/05/05 19:36:41 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/04 10:47:19 | 00,000,000 | ---D | C] -- C:\Users\Benny\AppData\Roaming\Malwarebytes
[2009/05/04 10:47:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/04 10:47:17 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/04 10:47:15 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/04 10:47:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/04 10:47:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/05/04 10:45:32 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/04 10:45:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/05/02 03:09:09 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/29 14:47:45 | 00,000,178 | -H-- | C] () -- C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat
[2009/04/29 14:47:42 | 00,094,208 | -HS- | C] () -- C:\Windows\System32\Client.exe
[2009/04/26 13:36:20 | 00,031,832 | ---- | C] () -- C:\Users\Benny\Desktop\Benny.bmp
[2009/04/25 23:04:01 | 00,000,000 | ---D | C] -- C:\Users\Benny\AppData\Roaming\DivX
[2009/04/15 06:00:39 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/15 06:00:37 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/15 06:00:36 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/15 06:00:35 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/15 06:00:35 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/15 06:00:35 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/15 06:00:34 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/15 06:00:34 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/15 06:00:34 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/15 06:00:34 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/15 06:00:33 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/15 06:00:32 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/15 06:00:31 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/15 06:00:30 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/15 06:00:30 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/15 06:00:25 | 00,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/15 06:00:25 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/15 06:00:25 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/15 06:00:25 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/15 06:00:23 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/15 06:00:14 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/15 06:00:14 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/15 06:00:14 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/15 06:00:14 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/15 06:00:14 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/15 05:58:20 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/15 05:58:20 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/12 13:12:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2009/04/12 13:11:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2009/04/12 13:11:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2009/04/10 17:55:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2009/04/10 17:55:15 | 00,000,000 | ---D | C] -- C:\ProgramData\{35733029-9859-49C7-8475-1E78E2AAE413}
[2009/04/10 11:54:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2009/03/05 12:13:38 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/03/05 12:13:38 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/03/05 12:13:38 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/01/29 14:09:06 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/09/10 14:08:17 | 00,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/24 18:53:59 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/08/24 18:53:59 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/08/24 18:53:57 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/24 18:53:57 | 00,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/24 18:53:57 | 00,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/24 18:53:55 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/08/24 18:53:55 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
========== Files - Modified Within 30 Days ==========
[1 C:\Windows\*.tmp files]
[2009/05/05 17:51:40 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/05/05 10:51:12 | 00,000,517 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/05/05 10:49:50 | 00,192,907 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/05/05 10:49:50 | 00,192,907 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/05/05 10:49:10 | 00,002,661 | ---- | M] () -- C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[email protected]
[2009/05/05 10:49:07 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009/05/05 10:49:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/05 10:48:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/04 10:47:17 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/02 03:06:30 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/04/30 11:54:05 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBenny.job
[2009/04/30 10:59:48 | 00,031,832 | ---- | M] () -- C:\Users\Benny\Desktop\Benny.bmp
[2009/04/29 14:47:45 | 00,000,178 | -H-- | M] () -- C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat
[2009/04/29 14:47:44 | 00,094,208 | -HS- | M] () -- C:\Windows\System32\Client.exe
[2009/04/27 20:42:21 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1305423172-4229811303-3797422272-1000.job
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >
As a note, when I opened up Rooter, nothing opened or popped up. I just went into the directory and opend the notepad file and pasted that stuff here.
Thanks for your time.