Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

Bloodhound Exploit 196 [Solved]


  • This topic is locked This topic is locked

#1
jb007

jb007

    Member

  • Member
  • PipPip
  • 18 posts
Every time I boot up my computer, a ton of these pop up on Symantec. It's starting to get really annoying and I also think it's slowing down my computer.

Malwarebytes' Anti-Malware 1.36
Database version: 2073
Windows 6.0.6001 Service Pack 1

5/5/2009 7:35:43 PM
mbam-log-2009-05-05 (19-35-43).txt

Scan type: Quick Scan
Objects scanned: 68822
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------------------------

Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:293843 Mo/Free:3995 Mo)
D:\ [Fixed] - NTFS - (Total:11397 Mo/Free:1902 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 05/05/2009|19:38

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
--Locked-- audiodg.exe
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
---------- ???ƒ??????
---------- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- C:\Users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe
---------- C:\Program Files (x86)\RocketDock\RocketDock.exe
---------- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
---------- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
---------- ???ƒ??????
---------- C:\Program Files (x86)\Folding@home\Folding@home-x86\Folding@home.exe
---------- C:\Program Files (x86)\HP\QuickPlay\QPService.exe
---------- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
---------- C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
---------- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
---------- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
---------- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
---------- C:\Program Files (x86)\iTunes\iTunesHelper.exe
---------- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
---------- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
---------- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
---------- ???ƒ??????
---------- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
---------- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
---------- C:\Windows\SMINST\BLService.exe
---------- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
---------- ???ƒ??????
---------- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
---------- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
---------- ???ƒ??????
---------- ???ƒ??????
---------- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
---------- ???ƒ??????
---------- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
---------- C:\Program Files (x86)\iPod\bin\iPodService.exe
---------- ???ƒ??????
---------- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
---------- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
---------- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
---------- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
---------- C:\Program Files (x86)\AIM6\aim6.exe
---------- C:\Program Files (x86)\AIM6\aolsoftware.exe
---------- ???ƒ??????
---------- ???ƒ??????
---------- C:\Users\Benny\AppData\Roaming\Folding@home-x86\FahCore_a0.exe
---------- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
---------- ???ƒ??????
---------- ???ƒ??????
---------- ???ƒ??????
--Locked-- vds.exe
---------- C:\Windows\SysWOW64\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

-----------------------------------------------------------------------------------------------------

OTListIt Extras logfile created on: 5/5/2009 7:40:33 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Users\Benny\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 42.16% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.96 Gb Total Space | 15.90 Gb Free Space | 5.54% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.86 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BENNY-PC
Current User Name: Benny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{0188CCBA-77CA-4A09-8F3F-CC206FACBE3A} = RPORT=2177 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31265 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{01D9D5F7-8D92-4A52-B786-48B47ECB194E} = LPORT=2177 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31261 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{0B5989A0-8A33-49A1-BA0F-12EBEA361072} = LPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28519 | APP=SYSTEM |
{2ED787CA-A771-4B9E-B85F-16490F6DE0E5} = RPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28523 | APP=SYSTEM |
{57352706-0A4C-491D-A85B-1B0910907C41} = RPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28507 | APP=SYSTEM |
{6C13B645-9F2A-4875-BA20-5BB5CC44E6A0} = LPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31269 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{7032C5E4-96A7-4299-AE4D-8C79E8379D8C} = LPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28503 | APP=SYSTEM |
{7E3982DF-B0A6-4B7D-85BC-8F2784AE24CB} = LPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28527 | APP=SYSTEM |
{8235F068-0880-4471-B2F9-1542A2CBA38B} = LPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28511 | APP=SYSTEM |
{8631A0F4-4F54-4CFE-B6D3-701F16B2A5AC} = RPORT=2177 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31257 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{8CE48FCB-2E2A-4893-9B02-AF01B374FF58} = LPORT=RPC-EPMAP | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28539 | SVC=RPCSS |
{9CE56549-046F-4D9C-9F56-B8E845D55B22} = LPORT=2869 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31277 | APP=SYSTEM |
{ABE5D170-0192-4A25-9DD1-720945BA0AE1} = RPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31273 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{B43E651A-B835-40C8-8D3A-3578E6A0888A} = RPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28531 | APP=SYSTEM |
{B4C8FEA1-8751-49B4-9AFA-2318AC0691C4} = LPORT=10243 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31285 | APP=SYSTEM |
{BF3346E8-8885-4372-9121-C67456D623C6} = LPORT=6004 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE OUTLOOK | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE |
{CD947509-8B49-4C2F-BD38-7C75ADFE4772} = LPORT=2177 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31253 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{D9753626-563D-434E-A49E-FE29C7E91AAB} = RPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28515 | APP=SYSTEM |
{E664F5E0-A24A-4B74-8833-76E5ACD844AA} = RPORT=10243 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31289 | APP=SYSTEM |
{E843480D-9EEB-44AC-AFED-FDCD54A8285C} = LPORT=RPC | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28535 | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |

========== Vista Active Application Exception List ==========

{0315BEE0-0CA0-4FF7-9F5A-254A7189318E} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{075A3C1B-09DA-449C-B47F-6228DAE17C7F} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{0A363611-75C0-4CBC-ACBF-5F5508EC5997} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{146FA333-1AD8-41DC-8D2E-CD8BFB011861} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{161509FD-18BF-4FEA-86F9-F9DC6F7991EB} = DIR=IN | ACTION=ALLOW | NAME=QUICK PLAY RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HP\QUICKPLAY\QPSERVICE.EXE |
{17EA67BA-3961-4897-AB01-F5BD239B8897} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28544 |
{1C3DBC7F-2B12-4899-B445-90CBFB553ACA} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31003 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{1E0545C0-1DAF-402F-AF3B-3143106CEDFC} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31293 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{1EED9B96-C179-462D-9460-A047258730BF} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31305 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{2F99B30F-14DA-4464-9469-5045D6120963} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{37797E2C-1090-4C49-BD01-AC87D182E010} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28543 |
{379C275A-4394-470F-9D4E-B8E4D93EA2DF} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{3C4B9BC2-360D-4F43-90D9-9242E274BBF2} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NEXON GAME MANAGER | APP=C:\PROGRAMDATA\NEXONUS\NGM\NGM.EXE |
{4AD9D194-61E0-4309-B66B-C3B9D622A373} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{4FA7FB82-0E4B-4D65-9CAF-BA6CA620BDC0} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31309 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{505F8444-8D27-4416-997B-365B437E8B60} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{52FE22F8-2754-4BB4-825A-78618ABBCE1D} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31324 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{56BDBA3C-2281-4196-94F7-055D83897E80} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31323 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{60479BA3-9AE0-4D58-844A-2A939B49BB72} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31317 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{6A6BA565-4EB0-4F42-B79D-2DED3425D749} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{6C583A59-EDC6-458A-BD9F-F5561BCD1333} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SMC SERVICE | APP=C:\PROGRAM FILES (X86)\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMC.EXE |
{70C38BEE-48D0-4B9B-9144-1D356F9DB29F} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK POWERDIRECTOR | APP=C:\PROGRAM FILES (X86)\CYBERLINK\POWERDIRECTOR\PDR.EXE |
{70EF09FF-C987-4157-A6D9-CAF06842288E} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31025 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{726EEFA4-AEF3-4F6F-8219-80123528EEE7} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31321 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{7E956601-2353-483F-BCF7-1A3C40888928} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31313 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{7F9C2C1F-016D-4E2E-8213-85DB775D526B} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{81636758-1917-4AB6-8725-950D426A8EE6} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{8A1CDB06-46CD-4BB3-A7E2-9CC928B6DF97} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28545 |
{8EBF6376-879B-4DBD-82DE-4446472AC1D7} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SMC SERVICE | APP=C:\PROGRAM FILES (X86)\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMC.EXE |
{951C6E8D-E8ED-4962-9E90-34983EFA74C0} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{9BBA8577-ADCB-45BC-99EA-CC65E9052AC3} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NEXON MESSENGER CORE | APP=C:\NEXON\COMBAT ARMS\NMSERVICE.EXE |
{9C89F6A7-01B9-4C5D-BE33-89CD6F8DFA00} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{9D090D41-CE8E-4F8F-8C10-3A9717C7B6E7} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SYMANTEC EMAIL | APP=C:\PROGRAM FILES (X86)\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE |
{9D1D1746-B2A0-4906-AFDD-7B5B025404D2} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{A855F325-92EB-481B-B022-BC3E3F13CA25} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=NEXON MESSENGER CORE | APP=C:\NEXON\COMBAT ARMS\NMSERVICE.EXE |
{ABF825F6-E479-4B1E-B187-098314002524} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31281 | APP=SYSTEM |
{AC5CB3D7-50DC-4D9D-B795-AFA498D4C5AA} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT (TCP-IN) | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
{C1FDAC26-F7D1-472E-9967-F735BCE75502} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{C6B2AA93-884D-49E0-8338-F807C206DBCA} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SNAC64 SERVICE | APP=C:\PROGRAM FILES (X86)\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SNAC64.EXE |
{D662FB04-2866-4B17-8DA2-4CC9F39A5684} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{DAFBCC7F-D3D1-4EAF-A1B2-8F5315CE7DD8} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31011 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{DDED9B13-9CA5-4817-A4DE-A48AC88165D3} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{DF2FCEE7-71D4-442E-A237-98910DA7D176} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{E64BD64D-D186-4ED2-B6AC-86118B0F0630} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT (UDP-IN) | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
{E75F8F88-EDAE-4204-B77C-76B607845E04} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31301 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{ECA8C1CF-7B65-4E8E-A4FF-711C2B41A4A0} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31024 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{EE1B3FFE-129C-4CD4-9629-D1F107C6DCF8} = DIR=IN | ACTION=ALLOW | NAME=QUICK PLAY | APP=C:\PROGRAM FILES (X86)\HP\QUICKPLAY\QP.EXE |
{EE51A283-33E0-440D-A91F-65FA4736B3C1} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=NEXON GAME MANAGER | APP=C:\PROGRAMDATA\NEXONUS\NGM\NGM.EXE |
{F036EF6C-7A19-4D45-9243-3F2CE94910C7} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31297 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{F3AC73DB-0AFD-4A0A-8382-56FA5D2135FA} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31023 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{F4358EB7-92B9-4D0B-A3B7-5204430A8DB6} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31325 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{F6B30CB1-72A8-426A-96FF-6097CA9051B4} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SYMANTEC EMAIL | APP=C:\PROGRAM FILES (X86)\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE |
{F791B992-8EA3-4F6C-9249-D6313D678171} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31007 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{FECCE7DC-F8B7-4950-8DF1-D7D0059EB1E3} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SNAC64 SERVICE | APP=C:\PROGRAM FILES (X86)\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SNAC64.EXE |
{FEF308A6-9A77-419C-895F-565EB10386F8} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28546 |
TCP Query User{16838014-FA41-4D30-B454-1669806E846C}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=DOW2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\WARHAMMER 40,000 DAWN OF WAR II - BETA\DOW2.EXE |
TCP Query User{18ED8D96-DA3B-4B7E-A84E-EDA31C2E391F}C:\program files (x86)\utorrent\utorrent.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
TCP Query User{19051B48-2CB6-4F72-ABDC-77C10D247C70}C:\program files (x86)\warcraft iii\war3.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WARCRAFT III | APP=C:\PROGRAM FILES (X86)\WARCRAFT III\WAR3.EXE |
TCP Query User{1EFEA9E4-27AF-467F-9518-3E2896BD4DE5}C:\program files (x86)\nbc direct\directplayercore.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=NBC DIRECT | APP=C:\PROGRAM FILES (X86)\NBC DIRECT\DIRECTPLAYERCORE.EXE |
TCP Query User{249F4B84-4446-42D5-B966-7853ED590A13}C:\program files (x86)\sopcast\sopcast.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES (X86)\SOPCAST\SOPCAST.EXE |
TCP Query User{3E691A18-9CE5-4B48-A279-252E4640325B}C:\program files (x86)\ares\ares.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ARES P2P FOR WINDOWS | APP=C:\PROGRAM FILES (X86)\ARES\ARES.EXE |
TCP Query User{41287DB9-09CE-4EC8-918F-C8B3E2F0B620}C:\program files (x86)\thq\company of heroes\reliccoh.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=RELICCOH | APP=C:\PROGRAM FILES (X86)\THQ\COMPANY OF HEROES\RELICCOH.EXE |
TCP Query User{47EC2B7F-D856-4BE9-9311-5A3122D7EB95}C:\program files (x86)\steam\steamapps\anole3000\team fortress 2\hl2.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=HL2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\ANOLE3000\TEAM FORTRESS 2\HL2.EXE |
TCP Query User{47F6D570-0DE3-4715-9200-244EF9BDECD8}C:\users\benny\downloads\command.and.conquer.red.alert.3.multi4.full-rip.skullptura\red alert 3\data\ra3_1.0.game = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=BLOCK | NAME=RA3_1.0.GAME | APP=C:\USERS\BENNY\DOWNLOADS\COMMAND.AND.CONQUER.RED.ALERT.3.MULTI4.FULL-RIP.SKULLPTURA\RED ALERT 3\DATA\RA3_1.0.GAME |
TCP Query User{4A771C24-56B2-4807-828C-4EFC7C8F870D}C:\program files (x86)\steam\steamapps\anole3000\team fortress 2\hl2.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=HL2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\ANOLE3000\TEAM FORTRESS 2\HL2.EXE |
TCP Query User{59BD47B0-AE9C-44EC-B66D-B55CDAEAD5BF}C:\program files (x86)\utorrent\utorrent.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
TCP Query User{7C1B2390-034A-456C-A1C9-0302ECA74C95}C:\program files (x86)\sopcast\adv\sopadver.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES (X86)\SOPCAST\ADV\SOPADVER.EXE |
TCP Query User{837DA80F-0D11-4E91-AFCC-CF87C332BA1F}C:\program files (x86)\thq\dawn of war\w40k.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=W40K | APP=C:\PROGRAM FILES (X86)\THQ\DAWN OF WAR\W40K.EXE |
TCP Query User{88A6A7F9-7A16-49FC-97C1-E143036607B9}C:\program files (x86)\diablo ii\game.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=DIABLO II | APP=C:\PROGRAM FILES (X86)\DIABLO II\GAME.EXE |
TCP Query User{920A0519-680D-4D82-BD6F-020437102450}C:\program files (x86)\aim6\aim6.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AIM | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE |
TCP Query User{93329C39-781D-441F-9773-8B286808632E}C:\program files (x86)\mozilla firefox\firefox.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE |
TCP Query User{AEB85FF7-E6ED-4F80-A51D-DFF55FB0E4DB}C:\program files (x86)\ares\ares.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ARES P2P FOR WINDOWS | APP=C:\PROGRAM FILES (X86)\ARES\ARES.EXE |
TCP Query User{BC38FC64-AC75-4ADB-9628-10CC2CF057D4}C:\program files (x86)\thq\company of heroes\reliccoh.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=RELICCOH | APP=C:\PROGRAM FILES (X86)\THQ\COMPANY OF HEROES\RELICCOH.EXE |
TCP Query User{CEBC9F45-519A-46CB-B122-6846975D2A56}C:\program files (x86)\sopcast\adv\sopadver.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES (X86)\SOPCAST\ADV\SOPADVER.EXE |
TCP Query User{D60256EC-128B-4067-899C-18E2601E45D7}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=DOW2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\WARHAMMER 40,000 DAWN OF WAR II - BETA\DOW2.EXE |
TCP Query User{DBC3E736-D1EF-4D7D-9601-94CFB2A0266A}C:\program files (x86)\sopcast\sopcast.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES (X86)\SOPCAST\SOPCAST.EXE |
TCP Query User{DD708C40-E406-4015-AD7A-8402E05900A5}C:\program\ea games\command and conquer generals\game.dat = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=GAME.DAT | APP=C:\PROGRAM\EA GAMES\COMMAND AND CONQUER GENERALS\GAME.DAT |
TCP Query User{EA2125B8-F47E-4914-9415-A7C3CA9C153B}C:\program files (x86)\pando networks\media booster\pmb.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=PANDO MEDIA BOOSTER | APP=C:\PROGRAM FILES (X86)\PANDO NETWORKS\MEDIA BOOSTER\PMB.EXE |
TCP Query User{F5A53E89-83E7-48CE-901D-F5F08D5BAAAB}C:\program files (x86)\java\jre1.6.0_07\launch4j-tmp\stanza.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES (X86)\JAVA\JRE1.6.0_07\LAUNCH4J-TMP\STANZA.EXE |
TCP Query User{FF0A1FF6-12D1-44A9-8FF9-26C98B24CF54}C:\users\benny\downloads\command.and.conquer.red.alert.3.multi4.full-rip.skullptura\red alert 3\data\ra3_1.0.game = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=BLOCK | NAME=RA3_1.0.GAME | APP=C:\USERS\BENNY\DOWNLOADS\COMMAND.AND.CONQUER.RED.ALERT.3.MULTI4.FULL-RIP.SKULLPTURA\RED ALERT 3\DATA\RA3_1.0.GAME |
UDP Query User{02C33516-014F-4377-829D-9195E7FFA4D1}C:\program files (x86)\sopcast\sopcast.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES (X86)\SOPCAST\SOPCAST.EXE |
UDP Query User{05E60820-EA5C-4E7A-A723-5C8BE81BB5E1}C:\program files (x86)\steam\steamapps\anole3000\team fortress 2\hl2.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=HL2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\ANOLE3000\TEAM FORTRESS 2\HL2.EXE |
UDP Query User{0F729617-6954-42B3-B997-3F91B890FB7F}C:\program files (x86)\utorrent\utorrent.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
UDP Query User{14FFC211-B6E7-4442-89A2-80379DA34367}C:\program files (x86)\sopcast\sopcast.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES (X86)\SOPCAST\SOPCAST.EXE |
UDP Query User{1CD16404-F2FD-4180-8776-8A036729BD49}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=DOW2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\WARHAMMER 40,000 DAWN OF WAR II - BETA\DOW2.EXE |
UDP Query User{2801780C-DF49-441A-8C59-E6C928C8449B}C:\program files (x86)\mozilla firefox\firefox.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{508BC9B2-112C-47D1-8A35-12324ECF2D1C}C:\program files (x86)\thq\company of heroes\reliccoh.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=RELICCOH | APP=C:\PROGRAM FILES (X86)\THQ\COMPANY OF HEROES\RELICCOH.EXE |
UDP Query User{509B4243-B99B-4E3E-A01A-890CBF07BD65}C:\program files (x86)\java\jre1.6.0_07\launch4j-tmp\stanza.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES (X86)\JAVA\JRE1.6.0_07\LAUNCH4J-TMP\STANZA.EXE |
UDP Query User{531A879C-5551-4F68-8587-21409441EDE4}C:\users\benny\downloads\command.and.conquer.red.alert.3.multi4.full-rip.skullptura\red alert 3\data\ra3_1.0.game = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=BLOCK | NAME=RA3_1.0.GAME | APP=C:\USERS\BENNY\DOWNLOADS\COMMAND.AND.CONQUER.RED.ALERT.3.MULTI4.FULL-RIP.SKULLPTURA\RED ALERT 3\DATA\RA3_1.0.GAME |
UDP Query User{5A74A62A-2FFD-4DFA-8294-E67D06431E2C}C:\program files (x86)\sopcast\adv\sopadver.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES (X86)\SOPCAST\ADV\SOPADVER.EXE |
UDP Query User{6B21E5EA-9837-479E-BEA3-2B152168C97B}C:\program files (x86)\pando networks\media booster\pmb.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=PANDO MEDIA BOOSTER | APP=C:\PROGRAM FILES (X86)\PANDO NETWORKS\MEDIA BOOSTER\PMB.EXE |
UDP Query User{8F40539A-0FA0-4F04-9DF0-6EA705D6302B}C:\program files (x86)\warcraft iii\war3.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WARCRAFT III | APP=C:\PROGRAM FILES (X86)\WARCRAFT III\WAR3.EXE |
UDP Query User{92C0A1D8-241A-4D5F-AC38-545F8E16B348}C:\program files (x86)\aim6\aim6.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AIM | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE |
UDP Query User{99A808EF-842C-4022-8E5F-FB85D8693768}C:\program files (x86)\steam\steamapps\anole3000\team fortress 2\hl2.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=HL2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\ANOLE3000\TEAM FORTRESS 2\HL2.EXE |
UDP Query User{A6C017EF-65E3-4028-94DA-33633D96C31A}C:\program files (x86)\diablo ii\game.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=DIABLO II | APP=C:\PROGRAM FILES (X86)\DIABLO II\GAME.EXE |
UDP Query User{B0F16B53-7E31-446F-85C4-460300283D1F}C:\program files (x86)\thq\dawn of war\w40k.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=W40K | APP=C:\PROGRAM FILES (X86)\THQ\DAWN OF WAR\W40K.EXE |
UDP Query User{BB7F81EA-F8D3-4DDC-A4DA-5D05D60C14F4}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=DOW2 | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\WARHAMMER 40,000 DAWN OF WAR II - BETA\DOW2.EXE |
UDP Query User{C004E3DE-7A72-4CEC-8C7E-484F88543993}C:\program files (x86)\utorrent\utorrent.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
UDP Query User{C1B59755-E2BD-404A-81AC-2D95EAC11031}C:\program files (x86)\ares\ares.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ARES P2P FOR WINDOWS | APP=C:\PROGRAM FILES (X86)\ARES\ARES.EXE |
UDP Query User{D04DCC60-CB9C-46E8-8EA2-07A556EB781F}C:\program files (x86)\thq\company of heroes\reliccoh.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=RELICCOH | APP=C:\PROGRAM FILES (X86)\THQ\COMPANY OF HEROES\RELICCOH.EXE |
UDP Query User{DBEA8A03-E2D9-4C76-8A6E-5773966CE9F4}C:\program files (x86)\nbc direct\directplayercore.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NBC DIRECT | APP=C:\PROGRAM FILES (X86)\NBC DIRECT\DIRECTPLAYERCORE.EXE |
UDP Query User{DC01C868-BDAC-4B4E-85F9-3091B0331081}C:\program files (x86)\sopcast\adv\sopadver.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES (X86)\SOPCAST\ADV\SOPADVER.EXE |
UDP Query User{EA60856D-9D1B-4D89-88DB-5B19E9B70B1F}C:\program files (x86)\ares\ares.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ARES P2P FOR WINDOWS | APP=C:\PROGRAM FILES (X86)\ARES\ARES.EXE |
UDP Query User{EFF6B151-8372-493F-A0EB-6B27F6F0235F}C:\users\benny\downloads\command.and.conquer.red.alert.3.multi4.full-rip.skullptura\red alert 3\data\ra3_1.0.game = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=BLOCK | NAME=RA3_1.0.GAME | APP=C:\USERS\BENNY\DOWNLOADS\COMMAND.AND.CONQUER.RED.ALERT.3.MULTI4.FULL-RIP.SKULLPTURA\RED ALERT 3\DATA\RA3_1.0.GAME |
UDP Query User{FD143657-3F34-430E-A3DF-B9BA4376DA6C}C:\program\ea games\command and conquer generals\game.dat = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=GAME.DAT | APP=C:\PROGRAM\EA GAMES\COMMAND AND CONQUER GENERALS\GAME.DAT |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A869A1DA-9571-4287-B170-4A7246994C84}" = Serif WebPlus 10 Resources
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 4.62
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AIM_6" = AIM 6
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner (remove only)
"CD Art Display_is1" = CD Art Display 2.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Command & Conquer" = Command & Conquer
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.16
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DriverAgent.exe" = DriverAgent by TouchStone Software
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"GameSpy Arcade" = GameSpy Arcade
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"ImgBurn" = ImgBurn
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"OpenPandora" = OpenPandora 0.7.0.0
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"Rainlendar2" = Rainlendar2 (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SopCast" = SopCast 3.0.3
"Stanza" = Stanza
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.4
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = ΅Torrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2009 11:17:13 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHD623.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 5/5/2009 11:17:16 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHD623.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/5/2009 11:17:17 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHDB9F.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 5/5/2009 11:17:18 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHDB9F.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/5/2009 11:17:19 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHDA38.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 5/5/2009 11:17:20 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHDA38.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/5/2009 11:17:21 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHF037.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 5/5/2009 11:17:22 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHF037.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/5/2009 11:17:22 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHE36B.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 5/5/2009 11:17:24 AM | Computer Name = Benny-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Benny\AppData\Local\Temp\DWHE36B.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ OSession Events ]
Error - 9/21/2008 11:50:45 AM | Computer Name = Benny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 6325
seconds with 3360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =

Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =

Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =

Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =

Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =

Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =

Error - 5/5/2009 5:15:49 PM | Computer Name = Benny-PC | Source = DCOM | ID = 10016
Description =

Error - 5/5/2009 5:32:50 PM | Computer Name = Benny-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 5/5/2009 6:04:45 PM | Computer Name = Benny-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 5/5/2009 7:36:23 PM | Computer Name = Benny-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =


< End of report >

-------------------------------------------------------------------------------------------

OTListIt logfile created on: 5/5/2009 7:40:33 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Users\Benny\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 42.16% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.96 Gb Total Space | 15.90 Gb Free Space | 5.54% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.86 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BENNY-PC
Current User Name: Benny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files (x86)\Folding@home\Folding@home-x86\Folding@home.exe ()
PRC - C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe ()
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Program Files (x86)\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files (x86)\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Users\Benny\AppData\Roaming\Folding@home-x86\FahCore_a0.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Benny\Downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AESTFilters [Auto | Running]) -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe ()
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\sysnative\agr64svc.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AresChatServer [On_Demand | Stopped]) -- File not found
SRV - (aspnet_state [On_Demand | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Com4QLBEx [On_Demand | Running]) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- File not found
SRV - (gupdate1c98cd48716c063 [Auto | Stopped]) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (HP Health Check Service [Auto | Running]) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (hpqwmiex [On_Demand | Running]) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpsrv [Auto | Running]) -- C:\Windows\sysnative\Hpservice.exe ()
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PerfHost [On_Demand | Stopped]) -- C:\Windows\SysWow64\perfhost.exe (Microsoft Corporation)
SRV - (QPCapSvc [Auto | Running]) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
SRV - (QPSched [Auto | Running]) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe ()
SRV - (Recovery Service for Windows [Auto | Running]) -- C:\Windows\SMINST\BLService.exe ()
SRV - (RichVideo [Auto | Running]) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SmcService [Auto | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (STacSV [Auto | Running]) -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe ()
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Accelerometer [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\Accelerometer.sys ()
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\agrsm64.sys ()
DRV - (AX88772 [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\ax88772.sys ()
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\bcmwl664.sys ()
DRV - (CmBatt [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\CmBatt.sys ()
DRV - (eeCtrl [System | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (enecir [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\enecir.sys ()
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\HdAudio.sys ()
DRV - (hpdskflt [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\hpdskflt.sys ()
DRV - (HpqKbFiltr [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\HpqKbFiltr.sys ()
DRV - (HpqRemHid [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\HpqRemHid.sys ()
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\VSTAZL6.SYS ()
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\VSTDPV6.SYS ()
DRV - (iaStor [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\iaStor.sys ()
DRV - (iscFlash [On_Demand | Stopped]) -- C:\SwSetup\sp42557\iscflashx64.sys (Insyde Software)
DRV - (JMCR [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\jmcr.sys ()
DRV - (NAVENG [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090505.003\ENG64.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090505.003\EX64.SYS (Symantec Corporation)
DRV - (NETw5v64 [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\NETw5v64.sys ()
DRV - (NVENETFD [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\nvm60x64.sys ()
DRV - (NVHDA [On_Demand | Running]) -- C:\Windows\sysnative\drivers\nvhda64v.sys ()
DRV - (pavboot [Boot | Running]) -- C:\Windows\sysnative\drivers\pavboot64.sys ()
DRV - (RTL8169 [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys ()
DRV - (SCDEmu [System | Running]) -- C:\Windows\sysnative\drivers\scdemu.sys ()
DRV - (sdbus [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\sdbus.sys ()
DRV - (sptd [Boot | Running]) -- C:\Windows\sysnative\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\Windows\System32\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\System32\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\stwrt64.sys ()
DRV - (SymEvent [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS ()
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\SynTP.sys ()
DRV - (TVICHW64 [On_Demand | Stopped]) -- C:\Windows\SysWOW64\Drivers\TVICHW64.SYS (EnTech Taiwan)
DRV - (USBAAPL64 [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\usbaapl64.sys ()
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\usbaudio.sys ()
DRV - (usbvideo [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\usbvideo.sys ()
DRV - (winachsf [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\VSTCNXT6.SYS ()
DRV - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\wpdusb.sys ()
DRV - (xnacc [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\xnacc.sys ()
DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263} [Auto | Running]) -- C:\Program Files (x86)\HP\QuickPlay\000.fcl (Cyberlink Corp.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Webster"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.10
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2008/07/01 05:03:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/25 04:21:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2009/04/29 10:35:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2009/04/29 10:35:02 | 00,000,000 | ---D | M]

[2008/08/24 18:00:52 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Extensions
[2008/08/24 18:00:52 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/05 00:14:21 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions
[2008/11/27 14:26:09 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/10 10:21:47 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/04/16 11:11:09 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions\moveplayer@movenetworks.com
[2009/04/23 20:24:16 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions\piclens@cooliris.com
[2009/04/23 20:24:17 | 00,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\mozilla\Firefox\Profiles\n7duh3fz.default\extensions\piclens@cooliris.com-trash
[2008/09/02 16:06:21 | 00,000,705 | ---- | M] () -- C:\Users\Benny\AppData\Roaming\Mozilla\FireFox\Profiles\n7duh3fz.default\searchplugins\webster.xml
[2009/05/05 00:14:21 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/04/29 10:35:02 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/14 17:35:03 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/01 19:03:20 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/18 11:15:31 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/29 10:35:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 10:35:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2008/09/27 22:09:22 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/27 22:09:22 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2008/09/27 22:09:22 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 02:22:21 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2008/09/27 22:09:22 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2008/09/27 22:09:22 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/27 22:09:22 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" (CyberLink Corp.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] "C:\Users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe" File not found
O4 - Startup: C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk = C:\Users\Benny\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe ()
O4 - Startup: C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{79a7acf9-79c4-11dd-b05b-0050b6014229}\Shell - "" = AutoRun
O33 - MountPoints2\{79a7acf9-79c4-11dd-b05b-0050b6014229}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{e19674ab-e3d7-11dd-83c5-0050b6014229}\Shell - "" = AutoRun
O33 - MountPoints2\{e19674ab-e3d7-11dd-83c5-0050b6014229}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\dvdcheck.exe -- File not found
O33 - MountPoints2\H\Shell\directx\command - "" = DirectX9\dxsetup.exe
O33 - MountPoints2\H\Shell\setup\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/05 19:36:41 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/04 10:47:19 | 00,000,000 | ---D | C] -- C:\Users\Benny\AppData\Roaming\Malwarebytes
[2009/05/04 10:47:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/04 10:47:17 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/04 10:47:15 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/04 10:47:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/04 10:47:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/05/04 10:45:32 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/04 10:45:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/05/02 03:09:09 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/29 14:47:45 | 00,000,178 | -H-- | C] () -- C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat
[2009/04/29 14:47:42 | 00,094,208 | -HS- | C] () -- C:\Windows\System32\Client.exe
[2009/04/26 13:36:20 | 00,031,832 | ---- | C] () -- C:\Users\Benny\Desktop\Benny.bmp
[2009/04/25 23:04:01 | 00,000,000 | ---D | C] -- C:\Users\Benny\AppData\Roaming\DivX
[2009/04/15 06:00:39 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/15 06:00:37 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/15 06:00:36 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/15 06:00:35 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/15 06:00:35 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/15 06:00:35 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/15 06:00:34 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/15 06:00:34 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/15 06:00:34 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/15 06:00:34 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/15 06:00:33 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/15 06:00:32 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/15 06:00:31 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/15 06:00:30 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/15 06:00:30 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/15 06:00:25 | 00,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/15 06:00:25 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/15 06:00:25 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/15 06:00:25 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/15 06:00:23 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/15 06:00:14 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/15 06:00:14 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/15 06:00:14 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/15 06:00:14 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/15 06:00:14 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/15 05:58:20 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/15 05:58:20 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/12 13:12:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2009/04/12 13:11:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2009/04/12 13:11:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2009/04/10 17:55:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2009/04/10 17:55:15 | 00,000,000 | ---D | C] -- C:\ProgramData\{35733029-9859-49C7-8475-1E78E2AAE413}
[2009/04/10 11:54:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2009/03/05 12:13:38 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/03/05 12:13:38 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/03/05 12:13:38 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/01/29 14:09:06 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/09/10 14:08:17 | 00,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/24 18:53:59 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/08/24 18:53:59 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/08/24 18:53:57 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/24 18:53:57 | 00,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/24 18:53:57 | 00,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/24 18:53:55 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/08/24 18:53:55 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/05 17:51:40 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/05/05 10:51:12 | 00,000,517 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/05/05 10:49:50 | 00,192,907 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/05/05 10:49:50 | 00,192,907 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/05/05 10:49:10 | 00,002,661 | ---- | M] () -- C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk
[2009/05/05 10:49:07 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009/05/05 10:49:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/05 10:48:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/04 10:47:17 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/02 03:06:30 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/04/30 11:54:05 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBenny.job
[2009/04/30 10:59:48 | 00,031,832 | ---- | M] () -- C:\Users\Benny\Desktop\Benny.bmp
[2009/04/29 14:47:45 | 00,000,178 | -H-- | M] () -- C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat
[2009/04/29 14:47:44 | 00,094,208 | -HS- | M] () -- C:\Windows\System32\Client.exe
[2009/04/27 20:42:21 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1305423172-4229811303-3797422272-1000.job
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >





As a note, when I opened up Rooter, nothing opened or popped up. I just went into the directory and opend the notepad file and pasted that stuff here.

Thanks for your time.
  • 0

Similar Topics: Bloodhound Exploit 196 [Solved]     x


#2
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,584 posts
  • MVP
Hi,

sorry for the delay.

What Symantec is indicating is that a possibility of exploitation of your Adobe reader exists.

Update everything you can possibly update to remove any avenue of exploitation

Adobe:
Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.


Do the same for Java - remove any outdated Java from your system through Add/Remove programs (Leave the version 6 update 13 as that is the most recent)
http://www.java.com/...nload/index.jsp

Update Adobe Shockwave and Flash.
http://www.adobe.com/downloads/

clear out all your browser history/cache/offline content/private data and temp files

Use this program for that:

Please download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
    • If you use Firefox browser
    • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
It's normal after running ATF cleaner that the PC will be slower to boot the first time.



NEXT

Do this online scan to totally eliminate the possibility of an active infection:

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

For Vista Users
The scan must be run in Internet Explorer as an Administrator.
To run Internet Explorer as an Administrator you must go to Start and in the Search box type in iexplore.exe.
When it finds iexplore.exe you must right click on it and select Run as Administrator.
After you do that you'll get the User Account Control prompt box and you must select Allow.


Please advise how you get on.
  • 0

#3
jb007

jb007

    Member

  • Member
  • PipPip
  • 18 posts
I updated everything and ran the scan.

Tuesday, May 12, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 12, 2009 02:52:15
Records in database: 2165594
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
Scan statistics
Files scanned 221009
Threat name 1
Infected objects 5
Suspicious objects 0
Duration of the scan 03:11:42

File name Threat name Threats count
C:\Users\Benny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\34677836-5aeb7479 Infected: Trojan-Downloader.Win32.VB.lwz 1
C:\Windows\System32\Client.exe Infected: Trojan-Downloader.Win32.VB.lwz 1
C:\Windows\System32\Client.txt Infected: Trojan-Downloader.Win32.VB.lwz 1
C:\Windows\SysWOW64\Client.exe Infected: Trojan-Downloader.Win32.VB.lwz 1
C:\Windows\SysWOW64\Client.txt Infected: Trojan-Downloader.Win32.VB.lwz 1
The selected area was scanned.
  • 0

#4
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,584 posts
  • MVP
Hi,

Please do the following:

Please download OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes
explorer.exe

:Services

:Reg

:Files
C:\Users\Benny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\34677836-5aeb7479 
C:\Windows\System32\Client.exe
C:\Windows\System32\Client.txt 
C:\Windows\SysWOW64\Client.exe 
C:\Windows\SysWOW64\Client.txt 

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


NEXT

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run GooredFix option #2 yet.




Also, please describe in detail how your computer is running now and if you have any further issues.
  • 0

#5
jb007

jb007

    Member

  • Member
  • PipPip
  • 18 posts
========== PROCESSES ==========
Unable to kill process: explorer.exe
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\Users\Benny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\34677836-5aeb7479 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\Client.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\Client.txt scheduled to be moved on reboot.
File/Folder C:\Windows\SysWOW64\Client.exe not found.
File/Folder C:\Windows\SysWOW64\Client.txt not found.
========== COMMANDS ==========
File delete failed. C:\Users\Benny\AppData\Local\Temp\hsperfdata_Benny\9580 scheduled to be deleted on reboot.
File delete failed. C:\Users\Benny\AppData\Local\Temp\etilqs_eTdb0xGoQ5y8nhRF0aNZ scheduled to be deleted on reboot.
File delete failed. C:\Users\Benny\AppData\Local\Temp\fla6F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Benny\AppData\Local\Temp\fla8417.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Benny\AppData\Local\Temp\fla84CC.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_193916

Files moved on Reboot...
File C:\Users\Benny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\34677836-5aeb7479 not found!
File C:\Windows\System32\Client.exe not found!
File C:\Windows\System32\Client.txt not found!
File C:\Users\Benny\AppData\Local\Temp\hsperfdata_Benny\9580 not found!
File C:\Users\Benny\AppData\Local\Temp\etilqs_eTdb0xGoQ5y8nhRF0aNZ not found!
File C:\Users\Benny\AppData\Local\Temp\fla6F.tmp not found!
File C:\Users\Benny\AppData\Local\Temp\fla8417.tmp not found!
File C:\Users\Benny\AppData\Local\Temp\fla84CC.tmp not found!
C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\urlclassifier3.sqlite moved successfully.
C:\Users\Benny\AppData\Local\Mozilla\Firefox\Profiles\n7duh3fz.default\XUL.mfl moved successfully.




GooredFix v1.92 by jpshortstuff
Log created at 19:59 on 12/05/2009 running Option #1 (Benny)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files (x86)\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files (x86)\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2"



My computer still seems to running normally. And since I just restarted my computer, I don't know if the bloodhound exploit is still going to pop up on Symantec. It usually happens pretty randomly.
  • 0

#6
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,584 posts
  • MVP
Hi,

Please do the following:

Clean up with OTMoveIt3:
  • Double-click OTMoveIt3.exe to start the program.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTMoveIt3 main screen, press the Posted Image button
  • Say Yes to the prompt and then allow the program to reboot your computer.


I will leave this thread open for a couple of days....


Please advise in detail if there are any remaining issues after a couple of days, if there are none we can do the final cleanup of tools and I will have some recommendations for you to consider.
  • 0

#7
jb007

jb007

    Member

  • Member
  • PipPip
  • 18 posts
Ok, so I did everything that was said, rebooted my computer, the the bloodhound exploit is still popping up.

I ran the Kaspersky Scan again and stuff came up again.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, May 13, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 13, 2009 19:55:28
Records in database: 2173738
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 222418
Threat name: 1
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 03:28:54


File name / Threat name / Threats count
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D18028A\4F1A08E2.VBN Infected: Trojan-Downloader.Win32.VB.lwz 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D18028B\4F1A08E7.VBN Infected: Trojan-Downloader.Win32.VB.lwz 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D18028C\4F1A08EC.VBN Infected: Trojan-Downloader.Win32.VB.lwz 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D18028A\4F1A08E2.VBN Infected: Trojan-Downloader.Win32.VB.lwz 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D18028B\4F1A08E7.VBN Infected: Trojan-Downloader.Win32.VB.lwz 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D18028C\4F1A08EC.VBN Infected: Trojan-Downloader.Win32.VB.lwz 1

The selected area was scanned.
  • 0

#8
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,584 posts
  • MVP
Hi,

The items Kaspersky found are in quarantine and cannot harm the computer.

Lets dig a little deeper to see why these alerts are still popping up.

Please do the following:

Download ComboFix from one of these locations:
Link 1
Link 2
Link 3

VERY IMPORTANT !!!
Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#9
jb007

jb007

    Member

  • Member
  • PipPip
  • 18 posts
When I try to run combofix, it says incompatible OS.
  • 0

#10
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,584 posts
  • MVP
Hi,

My apologies, you are running a 64bit system and that tool is not designed for them. Please run this instead:

Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All Users
  • Check the Radio button for Rootkit check YES
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EventViewer Errors/Warnings (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#11
jb007

jb007

    Member

  • Member
  • PipPip
  • 18 posts
The text file is over 2mb and I can't upload it.
  • 0

#12
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,584 posts
  • MVP
are you able to zip the file and attach?


if not upload it to media fire and provide the sharing link

http://www.mediafire.com
  • 0

#13
jb007

jb007

    Member

  • Member
  • PipPip
  • 18 posts
http://www.mediafire...2z/OTScanIt.Txt
  • 0

#14
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,584 posts
  • MVP
Hi,

there does not appear to be any malware remaining on your system

  • Double-click OTScanIt2.exe to start the program.
  • Close all other programs apart from OTScanIt2 as this step will require a reboot
  • On the OTScanIt2 main screen, press the Posted Image button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Clean up all your temp files/internet history and java cache again with the ATF Cleaner:


Empty your Symantec quarantine - it may be finding it's own quarantined files.

check out the symantec forum - there may be a thread for this particular exploit and there may be a specific setting in symantec that needs adjusting.

Do this different online scan, to see if anything else pops up


Please run the following online scan: Eset Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start.  The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button.  The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

  • 0

#15
jb007

jb007

    Member

  • Member
  • PipPip
  • 18 posts
I went on Symantec's forums and couldn't find anything.

Here is the log.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4080 (20090515)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a5573b50fd68d14ca0e14a69dc255f01
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-05-15 10:56:46
# local_time=2009-05-15 06:56:46 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.0.6001 NT Service Pack 1
# scanned=731475
# found=0
# scan_time=7604
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured