Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus that's not allowing me to open any Virus/Spyware Programs


  • Please log in to reply

#1
Rozza C

Rozza C

    Member

  • Member
  • PipPip
  • 12 posts
Hello,

I hope you can help me with this.

It's a little difficult to explain but I'll try my best.

I have no idea where the virus came from.

But it seems to be stopping me from opening any of my spyware or virus scanning programs.

I've tried to run the following programs:

HiJackThis
AVG Free
Super AtniSpyware
MalwareBytes' Anti-Malware
GMER

When I open them, they'll run for around 5 - 10 seconds (In GMER's case it ran for a lot longer)
and then then close with no warning whatsoever.

If I try to open the program again, I get an error message saying:

Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them.


I've managed to get HiJackThis to work again by going to the Properties -> Security tab of the program shortcut and disabling all my access rights and then re-enabling them. (If that makes sense) but it just does the same thing again.

---EDIT---
I managed to get MalwareBytes and GMER to work again by using this same method....
GMER did the same as above (closes after about 5 minutes of scanning and then closes and gives the error message) so I'm going to assume that MalwareBytes will too and not attempt to run it.
---END EDIT---


I've followed your guide:
http://www.geekstogo...uide-t2852.html

And I've managed to get RootRepeal to work.

Here is the log:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/09/04 13:33
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP1
==================================================

Drivers
-------------------
Name: aujasnkj.sys
Image Path: C:\Users\Rory\AppData\Local\Temp\aujasnkj.sys
Address: 0x88B6B000	Size: 84352	File Visible: No	Signed: -
Status: -

Name: dump_iaStorV.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStorV.sys
Address: 0x8E146000	Size: 659456	File Visible: No	Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\Windows\system32\Drivers\PROCEXP90.SYS
Address: 0xA89FE000	Size: 6464	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA79ED000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: spvb.sys
Image Path: C:\Windows\System32\Drivers\spvb.sys
Address: 0x82E8C000	Size: 1048576	File Visible: No	Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\Windows\win32k.sys:1
Address: 0x8E000000	Size: 20480	File Visible: No	Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4	Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1528	Status: Locked to the Windows API!

==EOF==

I'm at a bit of a loss now on what to do.

Does anyone here have any ideas?

Thanks

Roz

Attached Files


Edited by Rozza C, 04 September 2009 - 09:45 AM.

  • 0

Advertisements


#2
Rozza C

Rozza C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I just tried and managed to get OTL to work as well...

I'll post the 2 logs now...

OTL.txt

OTL logfile created on: 9/4/2009 1:44:32 PM - Run 1
OTL by OldTimer - Version 3.0.10.7	 Folder = C:\Users\Rory\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Langua
ge: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 39.85% Memory free
4.00 Gb Paging File | 2.94 Gb Available in Paging File | 73.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 8.78 Gb Free Space | 8.20% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 27.94 Gb Free Space | 75.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.51 Gb Total Space | 536.86 Gb Free Space | 57.63% Space Free | Partition Type: NTFS
 
Computer Name: CHARLES-FAM-PC
Current User Name: Rory
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 08:33:32 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Taskmgr.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/04 20:00:54 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/04 13:34:10 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Rory\Downloads\OTL(2).exe
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/07/03 15:49:06 | 01,029,456 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Disabled | Stopped])
SRV - [2007/04/17 19:17:48 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [Disabled | Stopped])
SRV - [2008/01/19 08:33:43 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc [Disabled | Running])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2009/08/22 12:20:23 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Disabled | Stopped])
SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Disabled | Stopped])
SRV - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [Disabled | Stopped])
SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [Disabled | Stopped])
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Disabled | Stopped])
SRV - [2008/01/19 08:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Disabled | Running])
SRV - [2009/08/15 12:37:48 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Disabled | Stopped])
SRV - [2009/02/06 19:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Disabled | Stopped])
SRV - [2008/10/16 19:23:30 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [Disabled | Running])
SRV - [2008/10/16 19:24:24 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Disabled | Running])
SRV - [2008/10/16 19:30:28 | 00,634,880 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC [Disabled | Running])
SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2003/08/29 14:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS [Disabled | Stopped])
SRV - [2008/12/16 22:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Disabled | Stopped])
SRV - [2007/02/06 17:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Disabled | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Disabled | Running])
SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found --  -- (NMIndexingService [Disabled | Stopped])
SRV - [2009/06/22 16:44:00 | 03,087,772 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des -- (npggsvc [Disabled | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Disabled | Running])
SRV - File not found --  -- (PnkBstrA [Disabled | Stopped])
SRV - File not found --  -- (PnkBstrB [Disabled | Stopped])
SRV - [2008/12/11 15:53:38 | 00,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv [Disabled | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Disabled | Stopped])
SRV - [2008/11/11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [Disabled | Stopped])
SRV - [2007/06/07 16:19:40 | 00,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2 [Disabled | Stopped])
SRV - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Disabled | Stopped])
SRV - [2008/08/07 01:20:20 | 00,087,288 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [Disabled | Stopped])
SRV - [2007/07/27 05:39:32 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [Disabled | Stopped])
SRV - [2009/08/07 15:31:40 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Disabled | Stopped])
SRV - [2008/08/30 15:04:08 | 01,519,168 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe -- (uvnc_service [Disabled | Stopped])
SRV - [2008/01/19 08:34:32 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC [Disabled | Running])
SRV - [2008/01/19 08:34:32 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS [Disabled | Running])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Disabled | Running])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
SRV - [2008/11/09 21:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Disabled | Stopped])
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/19 11:22:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/07 21:27:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 02:29:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/19 20:52:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/20 14:46:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/27 19:21:29 | 00,000,000 | ---D | M]
 
[2009/07/17 17:57:37 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\mozilla\Extensions
[2009/07/17 17:57:37 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/05 15:34:12 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/09/04 03:41:44 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\mozilla\Firefox\Profiles\ujc0u7nr.default\extensions
[2009/09/02 22:34:04 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\mozilla\Firefox\Profiles\ujc0u7nr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/04 03:41:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 20:00:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/01 01:23:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/10/27 21:45:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/04/16 19:17:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/03 18:58:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/04 20:00:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 20:00:53 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/09/03 18:58:36 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/11/29 23:28:06 | 01,334,576 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/11/29 23:28:46 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/07/02 23:20:48 | 00,069,632 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/04 20:00:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/01/07 21:27:01 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/01/07 21:27:12 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/01/07 21:26:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/15 19:50:22 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/07/15 19:50:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/15 19:50:22 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/07/15 19:50:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/15 19:50:22 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/03 17:52:31 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/08/03 17:52:32 | 00,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2009/07/15 19:50:22 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/15 19:50:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/15 19:50:22 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: (307278 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1	   localhost
O1 - Hosts: ::1			 localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.163ns.com
O1 - Hosts: 10578 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware2\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: gscdn.com ([rfonline-full] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/01 13:32:27 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/04/23 23:17:17 | 00,000,045 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0c12f058-665e-11de-b0d6-0019d12de0d1}\Shell - "" = AutoRun
O33 - MountPoints2\{0c12f058-665e-11de-b0d6-0019d12de0d1}\Shell\AutoRun\command - "" = N:\TotalLock.exe -- File not found
O33 - MountPoints2\{338512fa-819a-11dd-8032-0019d12de0d1}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{41d22201-cf97-11dd-a675-0019d12de0d1}\Shell\AutoRun\command - "" = L:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{57f440ec-865d-11dc-b14f-0019d12de0d1}\Shell - "" = AutoRun
O33 - MountPoints2\{57f440ec-865d-11dc-b14f-0019d12de0d1}\Shell\AutoRun\command - "" = L:\SETUP.EXE -- File not found
O33 - MountPoints2\{57f440ec-865d-11dc-b14f-0019d12de0d1}\Shell\configure\command - "" = L:\SETUP.EXE -- File not found
O33 - MountPoints2\{57f440ec-865d-11dc-b14f-0019d12de0d1}\Shell\install\command - "" = L:\SETUP.EXE -- File not found
O33 - MountPoints2\{7056251a-632f-11dd-951a-0019d12de0d1}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{7056251a-632f-11dd-951a-0019d12de0d1}\Shell\open\Command - "" = rundll32.exe .\\tobhbios.dll,InstallM
O33 - MountPoints2\{70ceb79f-7cf8-11dc-90af-0019d12de0d1}\Shell - "" = AutoRun
O33 - MountPoints2\{70ceb79f-7cf8-11dc-90af-0019d12de0d1}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9ffb42e8-be0e-11dd-a665-0019d12de0d1}\Shell - "" = AutoRun
O33 - MountPoints2\{9ffb42e8-be0e-11dd-a665-0019d12de0d1}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ce7093e4-4a9c-11dd-b855-0019d12de0d1}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
 
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found
 
[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]
 
[2 C:\Windows\*.tmp files]
[4 C:\ProgramData\*.tmp files]
[2009/09/04 13:35:04 | 00,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/04 13:35:02 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/04 13:35:01 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/04 13:35:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2009/09/04 13:32:41 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/09/04 13:21:33 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/04 05:23:31 | 00,359,932 | ---- | C] () -- C:\Users\Rory\Desktop\dds.scr
[2009/09/04 05:18:13 | 00,288,768 | ---- | C] () -- C:\Users\Rory\Desktop\gmer.exe
[2009/09/04 05:14:17 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2009/09/04 05:13:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/04 05:12:43 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/09/04 04:59:49 | 04,208,640 | -H-- | C] () -- C:\Users\Rory\AppData\Local\IconCache.db
[2009/09/04 04:33:45 | 00,000,000 | ---D | C] -- C:\HijackThis
[2009/09/04 04:26:53 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/09/04 04:12:41 | 00,000,048 | ---- | C] () -- C:\boot.ini
[2009/09/04 04:01:55 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\Malwarebytes
[2009/09/04 04:01:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/04 03:52:35 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/09/04 03:50:33 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\SUPERAntiSpyware.com
[2009/09/04 03:50:33 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/04 03:36:32 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/09/04 03:27:57 | 00,000,000 | -H-D | C] -- C:\Windows\PIF
[2009/09/04 03:23:30 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/09/04 03:22:34 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/04 03:22:33 | 00,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/09/04 03:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/09/04 00:26:40 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\Artisteer
[2009/09/04 00:21:57 | 00,000,238 | -H-- | C] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/04 00:21:51 | 00,000,278 | -H-- | C] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/03 18:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009/09/03 14:48:24 | 00,000,000 | ---D | C] -- C:\Windows\E31C348B63A94CBF8D7FD932ABB63244.TMP
[2009/08/31 16:48:53 | 06,199,620 | ---- | C] () -- C:\Users\Rory\Desktop\Andy C - Roll On.mp3
[2009/08/31 01:59:23 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\foobar2000
[2009/08/31 01:59:02 | 00,000,828 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2009/08/31 01:59:01 | 00,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2009/08/30 10:18:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/08/30 02:17:32 | 03,087,772 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2009/08/27 19:22:29 | 00,131,072 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2kfNT.sys
[2009/08/27 19:22:29 | 00,079,104 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2Nadr.sys
[2009/08/27 19:20:56 | 00,000,000 | ---D | C] -- C:\Program Files\AhnLab
[2009/08/27 02:37:50 | 00,000,783 | ---- | C] () -- C:\Users\Rory\Desktop\MapleStory Europe.lnk
[2009/08/27 01:08:47 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/08/27 01:08:46 | 00,421,888 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2009/08/24 12:25:00 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\Red Kawa
[2009/08/23 16:16:26 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\avidemux
[2009/08/23 16:12:03 | 00,000,679 | ---- | C] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk
 
[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]
 
[3 C:\Windows\System32\*.tmp files]
[2 C:\Windows\*.tmp files]
[4 C:\ProgramData\*.tmp files]
[2009/09/04 13:35:04 | 00,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/04 13:32:41 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009/09/04 13:05:08 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/04 13:05:08 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/04 13:00:02 | 00,000,278 | -H-- | M] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/04 13:00:01 | 00,000,238 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/04 08:13:36 | 40,589,153 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/04 05:28:48 | 00,359,932 | ---- | M] () -- C:\Users\Rory\Desktop\dds.scr
[2009/09/04 05:18:14 | 00,288,768 | ---- | M] () -- C:\Users\Rory\Desktop\gmer.exe
[2009/09/04 05:05:33 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/04 05:04:30 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/04 04:59:49 | 04,208,640 | -H-- | M] () -- C:\Users\Rory\AppData\Local\IconCache.db
[2009/09/04 04:14:46 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/09/04 04:12:41 | 00,000,048 | ---- | M] () -- C:\boot.ini
[2009/09/04 03:22:33 | 00,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/09/04 02:37:43 | 00,183,296 | ---- | M] () -- C:\Users\Rory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/04 00:46:29 | 00,731,074 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/04 00:46:29 | 00,626,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/04 00:46:29 | 00,109,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/03 23:00:46 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F1B898F3-48E5-4876-B647-9B59CD0DF168}.job
[2009/09/03 22:59:12 | 00,000,518 | ---- | M] () -- C:\Windows\ulead32.ini
[2009/09/02 23:40:50 | 00,076,683 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/31 16:49:08 | 06,199,620 | ---- | M] () -- C:\Users\Rory\Desktop\Andy C - Roll On.mp3
[2009/08/31 01:59:02 | 00,000,828 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2009/08/28 23:39:08 | 00,000,312 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job
[2009/08/27 02:37:50 | 00,000,783 | ---- | M] () -- C:\Users\Rory\Desktop\MapleStory Europe.lnk
[2009/08/27 01:08:46 | 00,421,888 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2009/08/25 16:12:31 | 00,000,661 | ---- | M] () -- C:\Users\Rory\Desktop\EpicRFOnline.lnk
[2009/08/23 16:12:03 | 00,000,679 | ---- | M] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk
[2009/08/22 12:20:51 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/08/22 12:20:51 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/08/22 12:20:50 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/09/04 04:01:55 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming
[2007/09/01 16:02:22 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Ahead
[2009/09/04 00:26:40 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Artisteer
[2009/08/23 16:24:18 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\avidemux
[2007/08/26 19:38:27 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Azureus
[2007/11/23 01:15:00 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\BearShare
[2007/06/10 01:46:52 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008/11/23 14:42:07 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\DAEMON Tools
[2009/06/27 11:20:11 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\DNA
[2007/07/02 23:01:56 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Dynamic
[2007/07/09 02:42:30 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\FlashGet
[2008/07/06 00:53:11 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\FLV Extract
[2009/08/31 03:24:51 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\foobar2000
[2009/09/04 05:07:08 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Gmote
[2008/02/10 16:06:06 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Hamachi
[2008/06/04 16:56:57 | 00,000,000 | -H-D | M] -- C:\Users\Rory\AppData\Roaming\ijjigame
[2009/08/12 19:34:49 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Image Zone Express
[2008/05/26 23:04:55 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\LimeWire
[2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Media Center Programs
[2007/08/18 12:28:21 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\MP3Rocket
[2009/01/19 23:00:45 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Nokia
[2009/01/19 23:13:16 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Nseries
[2008/03/06 05:54:14 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\OpenOffice.org2
[2007/07/24 00:51:55 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Opera
[2009/01/19 21:28:22 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\PC Suite
[2008/08/27 21:30:44 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\PeerNetworking
[2007/05/17 20:07:40 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Printer Info Cache
[2009/08/24 12:25:00 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Red Kawa
[2007/04/15 13:42:29 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Screenshot Sender
[2007/06/10 01:30:03 | 00,000,000 | RH-D | M] -- C:\Users\Rory\AppData\Roaming\SecuROM
[2008/02/07 01:43:27 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\SiteClasses
[2008/02/03 13:15:13 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Sites
[2007/10/21 20:41:23 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Sports Interactive
[2008/02/17 19:27:32 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\SSH
[2007/12/20 20:06:51 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\SystemRequirementsLab
[2008/07/05 15:34:11 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\TomTom
[2008/11/29 18:02:47 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\U3
[2007/05/25 03:02:03 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Ulead Systems
[2009/09/04 03:07:00 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\uTorrent
[2009/06/29 22:44:45 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Ventrilo
[2007/12/27 22:11:29 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\vmntoolbar
[2008/01/16 18:32:33 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\VoipCheapCom
[2008/02/07 21:05:51 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Vso
[2009/06/25 19:35:59 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Xfire
[2009/09/04 04:14:46 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/09/04 05:05:33 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/04 05:00:08 | 00,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/03 23:00:46 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F1B898F3-48E5-4876-B647-9B59CD0DF168}.job
[2009/08/28 23:39:08 | 00,000,312 | ---- | M] () -- C:\Windows\Tasks\WebReg HP Photosmart C4500 series.job
[2009/09/04 13:00:01 | 00,000,238 | -H-- | M] () -- C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/04 13:00:02 | 00,000,278 | -H-- | M] () -- C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\system32\eventlog.dll >[/color]
 
[color=#A23BEC]< %systemroot%\system32\scecli.dll >[/color]
[2008/01/19 08:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll
[3 C:\Windows\system32\*.tmp files]
 
[color=#A23BEC]< %systemroot%\netlogon.dll >[/color]
 
[color=#A23BEC]< %systemroot%\system32\cngaudit.dll >[/color]
[2006/11/02 10:46:03 | 00,061,952 | ---- | M] () -- C:\Windows\system32\cngaudit.dll
[3 C:\Windows\system32\*.tmp files]
 
[color=#A23BEC]< %systemroot%\system32\sceclt.dll >[/color]
 
[color=#A23BEC]< %systemroot%\ntelogon.dll >[/color]
 
[color=#A23BEC]< %systemroot%\system32\logevent.dll >[/color]
[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\logevent.dll
[3 C:\Windows\system32\*.tmp files]
< End of report >
Extras.txt
OTL Extras logfile created on: 9/4/2009 1:44:32 PM - Run 1
OTL by OldTimer - Version 3.0.10.7	 Folder = C:\Users\Rory\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 39.85% Memory free
4.00 Gb Paging File | 2.94 Gb Available in Paging File | 73.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 8.78 Gb Free Space | 8.20% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 27.94 Gb Free Space | 75.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.51 Gb Total Space | 536.86 Gb Free Space | 57.63% Space Free | Partition Type: NTFS
 
Computer Name: CHARLES-FAM-PC
Current User Name: Rory
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029B5184-79C4-416F-9D2E-C0BA8E1222F5}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{080DF452-A6AD-4808-9BA3-6A92C7A1EF0B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{08C0BDC6-C38B-4A4B-BE9D-1CAF253A6F81}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{0DF9C158-8C4C-414E-BCF5-187E7184A185}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{15B809AA-6D18-4106-9FD1-AF00615C5049}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{335B682A-2195-46C9-9CB2-0CDDA83A8962}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{4A68F5A6-34F6-44A8-B745-D48F8DF59475}" = lport=50000 | protocol=17 | dir=in | name=test2.... | 
"{4DA4F5E8-28D5-4FB0-A869-0DBB0E056080}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{52C88FDE-7D2C-4984-9AFE-D4284433292F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{5C8DBC02-4CA8-4D74-9130-81D7D68930E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{72385BC1-096E-488C-AC22-AE9AD03FFEEF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\rpcagentsrv.exe | 
"{77A0424E-56F1-482C-889D-E7683EEA5EB5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{8F4AECDA-CF12-4925-A306-6B6D244EDB05}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{97E6369D-E1A8-4864-ADD6-167968044D50}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe | 
"{A63C8FA1-E4E2-4D5E-81F4-FE9A5120DAED}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{C859C172-494F-48E6-ADE1-3533FE7BE0C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA111530-4530-4EA9-8124-0DB4F33501CB}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{CDD9ED20-3945-4202-B706-FF6779F4154B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe | 
"{D1732D90-CF09-477C-B0D8-422AE1E8FDAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D2291EEF-B995-4477-A537-B74EEB7CB0FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD626104-6A4B-42EA-AF49-CFB9288370DF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe | 
"{F5F11D40-E3B4-44CC-A7F2-3380E0D007FF}" = lport=50000 | protocol=6 | dir=in | name=test... | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{076C0734-7B15-4B2D-BAAE-B110CBB0C1C2}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{07B06876-E5F1-4F8A-AF54-E914EBCA80D5}" = protocol=6 | dir=in | app=c:\program files\o2\agent\bin\bcont_nm.exe | 
"{16FE7450-9D03-40E5-97E2-51D59D311A1D}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{1AB60AAB-CDFC-4591-818C-8B919CF91FE6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{1DAEE647-750F-4EB7-B15C-3B8E46E566B6}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{2040C5BA-D510-4F61-BE1A-D4213AB28C56}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{29C67285-6114-461F-9EF2-4B02C61106FD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{30518B12-0606-4642-8816-E1699E578CCD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{381C1783-1D94-42A0-B867-DA5FFC6B373D}" = protocol=17 | dir=in | app=c:\program files\o2\agent\bin\bcont_nm.exe | 
"{3FA4E719-0885-4DBC-AA09-922DEB581654}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{4156BC04-8BFA-41B8-9854-A98CC69409A6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{456C6269-D5E7-4D41-9605-0D882F83F1F6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{4E501A23-08DD-4D58-A0C2-E0D68DEC1E66}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{4EADEA1B-BD10-4F7B-B178-CB78175B1A68}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{4F6F4F73-5449-4137-AE67-3A7D0FADDAC9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{55B0D0EB-6985-4790-9326-A5D242C30F88}" = protocol=17 | dir=in | app=c:\ntreev\grand chase\main.exe | 
"{575F1F2B-5672-419D-847F-B99FB994012E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{58144763-37A6-4DB0-8986-45EC5AAA8754}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{5982E8AE-7FB7-4675-B624-672B348A4174}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{5DF67BFA-D2AE-422E-A08E-7336E3BBDE82}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{5E491BDD-F8E8-46B0-8678-DFD8D3F4769A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{5F56D36A-F102-4CA4-90E1-DE137041410E}" = dir=in | app=e:\setup\hpznui01.exe | 
"{5FF23446-4B91-4DAA-BAED-94EE69E3EE0A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{6A19B8FA-818F-41CF-AA56-42647B19CFF0}" = protocol=6 | dir=in | app=c:\ntreev\grand chase\main.exe | 
"{7034E0F7-C775-42B8-B644-59B2B6B349C3}" = protocol=17 | dir=in | app=c:\program files\o2\agent\bin\bcont.exe | 
"{751B7F15-0A7B-4ED6-A830-48B0D12142DF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{756573EF-DFB3-40E1-B993-1BCF491E61B8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{757BD034-A5F4-4169-B9C4-2903F961A751}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{77F656CA-FDF5-492D-A0C7-52670C80A9ED}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{7A60B9E1-EC34-429A-A5BA-57B3CD2091B6}" = protocol=6 | dir=in | app=c:\program files\common files\supportsoft\bin\ssrc.exe | 
"{7B463CEB-401C-4980-A172-3E7EC3CC309E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{7C5BF255-CE20-4EC6-B4BA-0D1BEB429270}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7D3A221A-054E-4AEC-98A7-FEF726F9E572}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7E9621B5-6298-4862-A88F-013E4AC4B0F1}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{7EAB5D58-BA88-489A-B316-1496744440E7}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{7F6F163E-D37C-4887-9E63-D96D0C941066}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{81A37C82-A40C-4385-8FED-11213410FDC4}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | 
"{828DF911-703D-4880-95DE-95AE28ACD670}" = protocol=6 | dir=in | app=c:\program files\o2\bin\wificfg.exe | 
"{83A2E218-B281-4201-BC68-FE5AC2DC9C69}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{86E7F08D-0553-46AD-AA27-0D5E43355D2E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{89663FC4-B50C-4471-ACA5-52EFA88B7C83}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{8CD3B1BA-361C-4E53-BE38-210DB2B93436}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{8F30EA73-FA90-4670-8FDE-CA824456040E}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | 
"{94470EFA-316E-47A4-92F0-6182CEE62A0D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{95210CC5-BF38-4163-9DA1-A3667CE1A871}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{97093451-9ED1-4E89-AB92-470EB80A973D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{9A78BAE2-C819-4C27-93C0-66FC8015C375}" = protocol=6 | dir=in | app=c:\program files\o2\agent\bin\bcont.exe | 
"{9D7120DA-2ACA-451A-BAD6-4F382BAE91D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{9EEC77B7-DBE5-4A56-9039-8DA7BD5C2ED2}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{9F742626-B61B-4918-855F-61D3F4E4ACBF}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{9FE4C8D7-D8CE-4E84-9C0F-0AC8817C7E2C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{A13AF088-17EE-4913-8679-DA409DE3C698}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{A72AB22D-0EEF-41BB-B117-26433F6675F8}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{AA3ECF02-8B40-44B8-ABF2-4845543B25FB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{B57757C4-5EBF-434E-A225-78226597FC08}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{BC566CDC-C4DE-49F9-A4BE-2C8B1A420047}" = protocol=17 | dir=in | app=c:\program files\common files\supportsoft\bin\ssrc.exe | 
"{BFE373C0-70C7-4BD2-94B7-F54BD8FEC6A8}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{C57EFC78-DB6E-4626-8E61-45C9F93F7B04}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CE2DA6E2-566C-4011-921F-D5B7A33C1855}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{CFDC0625-6850-41A8-9653-B4E70D354913}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{DAA5CE32-FB77-499B-97AF-ED8DDF78ADBD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{F0A4C02E-4758-4093-9FD2-0B1E6DBED52A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{F4F395F6-D570-416B-8B35-11E4CF983364}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{F887EB55-90B9-4DDA-9462-7D2DC3FDE9E7}" = protocol=17 | dir=in | app=c:\program files\o2\bin\wificfg.exe | 
"{FEC833EF-3CF1-4538-B6A2-339B87FF5034}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"TCP Query User{0013D812-B6F4-4987-AB3E-78479DFC3E26}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{00B901EF-02F7-43FC-9A2B-44D24154979B}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe | 
"TCP Query User{1215545F-0C62-454F-B54B-9E0C3739F81B}C:\program files\java\jdk1.6.0_01\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_01\jre\bin\java.exe | 
"TCP Query User{139342E7-53FC-436D-A45D-40838B1A82C2}C:\program files\bearshare test\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare test\bearshare.exe | 
"TCP Query User{18E0361E-C8DD-4473-83C1-0488D3A24671}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{1B218653-86D4-40C8-A723-EAC2E9B8DDBA}C:\users\rory\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\rory\appdata\local\temp\nero web\setupxu.exe | 
"TCP Query User{23D3353E-911C-45AD-8F00-7A6C1D518E1E}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"TCP Query User{373A4F62-7CA5-4994-9418-7F03F58A4650}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"TCP Query User{380B2968-C9B0-46D8-A85F-C87DC82C7104}C:\program files\nero\nero 7\core\nero.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\core\nero.exe | 
"TCP Query User{5029A56C-813C-41E8-A297-8644E64A2E2C}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{52673AF1-99EB-4366-A720-5CE0A3BEBDD1}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe | 
"TCP Query User{53D64CA1-4DCF-4849-BA43-5C5D1A967C06}C:\sysreset\mirc.exe" = protocol=6 | dir=in | app=c:\sysreset\mirc.exe | 
"TCP Query User{6ED7AE10-8640-4C86-A334-FBE7FE01F591}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{89A0F388-C075-4E24-AD3B-82E85434EC14}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{8C926CD2-1E14-443D-B9C8-12694DE739E0}C:\program files\java\jdk1.6.0_13\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_13\bin\java.exe | 
"TCP Query User{8E8ADEEE-9D70-4CE1-9476-3FF2548310EA}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe | 
"TCP Query User{931CAB88-0626-4FE7-8496-8B6EF55D8F6B}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe | 
"TCP Query User{9767F9E9-41F9-44B4-B39C-1176C8B23D13}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe | 
"TCP Query User{9B85056D-1A13-4A92-A142-B8B0272B6A23}K:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=k:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe | 
"TCP Query User{A17225F1-8422-4A6D-92C9-9B2B99B3EF0A}C:\program files\bearshare download client\bearshareclient.exe" = protocol=6 | dir=in | app=c:\program files\bearshare download client\bearshareclient.exe | 
"TCP Query User{B63D3F23-BF4A-4681-9222-F2AEC896B013}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{B9D31885-A3CE-4A28-AE68-2CA22F8040E3}C:\program files\ultravnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"TCP Query User{BD6F8C99-BD87-46CC-B767-6CECD00BF82B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C187829F-9C77-45D5-9819-751104830A93}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{E83C791F-2403-49CE-9B4F-762C23122063}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"TCP Query User{EBA8B39C-4AD8-42B1-A09B-FEDE397C86B8}C:\program files\codemasters\rf online;\rf.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\rf online;\rf.exe | 
"TCP Query User{F22AE025-BB4C-41D0-9526-AFD3BB06F449}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{FB735801-B904-4D6B-9C1E-A80D51A4B7E8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0844F8CE-71AE-416E-8C63-DE18771896A6}C:\program files\ultravnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"UDP Query User{09792AF0-9517-4082-B364-57199B6E0F8B}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe | 
"UDP Query User{0A14D9FA-5AF1-465F-BCF3-F5FF774699FD}C:\program files\java\jdk1.6.0_01\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_01\jre\bin\java.exe | 
"UDP Query User{0DC96C86-EC8B-45DA-B435-3B90773DD260}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{1CA60C81-7941-42B4-BE53-CF062DEAF35C}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{1D317C79-1923-46E7-ABCC-72DE1D6B2A8D}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{25BC48A1-8B99-4783-9361-949E41E8F120}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"UDP Query User{2FC79F0B-68CE-494E-8D0D-A6FED8A663F5}C:\program files\bearshare test\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare test\bearshare.exe | 
"UDP Query User{3C1C2B76-4136-4D33-8170-F394C06A8277}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe | 
"UDP Query User{41F78585-07AB-4E27-AC32-042EFCFF2100}K:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=k:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe | 
"UDP Query User{4E5F136B-D714-4F20-8A95-C2ABF7BF6F1E}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe | 
"UDP Query User{5565B705-0896-4B5F-AC25-3B82CDA3BD18}C:\sysreset\mirc.exe" = protocol=17 | dir=in | app=c:\sysreset\mirc.exe | 
"UDP Query User{59438CCD-00ED-4953-9A49-FBB314C3A159}C:\program files\codemasters\rf online;\rf.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\rf online;\rf.exe | 
"UDP Query User{640D668F-681F-40DD-9E34-6BB2B8C4EAD5}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe | 
"UDP Query User{717E564A-22F9-429A-87D3-23622D42CD24}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"UDP Query User{7F58F017-576D-4F4B-B9B7-BE82CE2B2D56}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{87C844DB-A782-4E1D-8C42-B07C1BD2E683}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{886D4D61-D8D6-43F0-9468-4CFE9D1F413C}C:\program files\nero\nero 7\core\nero.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\core\nero.exe | 
"UDP Query User{8C0B0EEC-17D6-4D95-8D25-5DCC24F9C637}C:\users\rory\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\rory\appdata\local\temp\nero web\setupxu.exe | 
"UDP Query User{8CDE74BC-51CE-4C01-B92C-83689A166469}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{A99E1763-D6F3-4D21-90FF-820482FF1B24}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe | 
"UDP Query User{B1B4AE15-5D1E-443E-979A-1268C34FB389}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B4FA96E1-A64A-4EF7-9964-93D3037E0746}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{D254F850-8D87-481A-86BF-93697B2FE7D3}C:\program files\bearshare download client\bearshareclient.exe" = protocol=17 | dir=in | app=c:\program files\bearshare download client\bearshareclient.exe | 
"UDP Query User{D6857DF6-C0D2-4E00-B268-77C69E237161}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{DD4E696A-5A1B-4915-88F2-218AD53A5DE1}C:\program files\java\jdk1.6.0_13\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_13\bin\java.exe | 
"UDP Query User{EBCB1EAC-F7F6-4102-9F91-7A4E5658F06D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{FC8431FC-1B36-4A2C-9EF7-68B14795F730}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B533F34-22BA-4301-BAF8-EA1CEDB06F9E}" = Quake Live Mozilla Plugin
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}" = TWIN PS TO PC CONVERTER
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}" = Paragon Partition Manager 2009 Special Edition
"{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E1C8E70-E4EC-42E0-9C83-FB8E1E809280}" = 10M 3X Digital Camera
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5F9782BA-CCCB-49BB-B8B2-0E6649E38ABA}" = USB Vibration Joystick
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}" = S4 League
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E31C348B-63A9-4CBF-8D7F-D932ABB63244}" = Ad-Aware 2007
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6FC9938-1B6E-41F6-98BD-ECD70C371DBE}" = VibrateGameDeviceDriver
"{E8240B96-B447-45CC-BC9B-63EEAFBC38BA}" = Before You Know It 3.6
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FE58B892-3825-4610-A6A2-E6EFCA83BD97}" = Ulead PhotoImpact 10 ESD
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AhnLab Online Security" = AhnLab Online Security
"Ashkon MP3 Tag Editor_is1" = Ahkon MP3 Tag Editor version 1.2
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AudioConverter Studio_is1" = AudioConverter Studio 5.9
"AVG8Uninstall" = AVG Free 8.5
"Avidemux 2.5" = Avidemux 2.5
"BearShare Test" = BearShare Test
"BFGC" = Big Fish Games Client
"BlueJ_is1" = BlueJ 2.2.0
"CABAL Online(Europe)_is1" = CABAL Online v3.3
"CEDP Stealer 6.0 for Messenger" = CEDP Stealer 6.0 for Messenger
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"Europe MapleStory_is1" = Europe MapleStory
"FLAC" = FLAC 1.2.1b (remove only)
"FlashGet" = FlashGet 1.9.0.1012
"foobar2000" = foobar2000 v0.9.6.9
"FormatFactory" = FormatFactory 1.85
"FrameShots" = FrameShots Video Screen Capture
"FREE Hi-Q Recorder_is1" = FREE Hi-Q Recorder 1.92
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26
"Gunz" = ijji - Gunz
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"IL Download Manager" = IL Download Manager
"Instant CD & DVD Burner_is1" = Instant CD & DVD Burner
"ISO Compressor" = ISO Compressor by Winnydows
"Jodix Video MP3 Extractor_is1" = Jodix Video MP3 Extractor 1.12
"kawaii-radio" = kawaii-radio Desktop
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"LimeWire" = LimeWire 5.2.10
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Magic M4A to MP3 Converter_is1" = Magic M4A to MP3 Converter 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 2.5.3
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011
"NVIDIA Drivers" = NVIDIA Drivers
"PrimoPDF4.1.0.9" = PrimoPDF
"PSP Video 9" = PSP Video 9 4.04
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"Rising Force 2.2.3.0" = Rising Force 2.2.3.0
"Rising Force 2.2.3.2.0" = Rising Force 2.2.3.2.0
"Rising Force 2.2.3.2.1" = Rising Force 2.2.3.2.1
"Shin Megami Tensei: Imagine Online" = Shin Megami Tensei: Imagine Online
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 11020" = TrackMania Nations Forever
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.0.1785
"Ultravnc2_is1" = UltraVNC 1.0.5
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YouTube Downloader App" = YouTube Downloader App 1.01
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"e034e552c09804a7" = WordpressThemeGen
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"ijji.com" = ijji
"Steam App 10" = Counter-Strike
"Steam App 70" = Half-Life
"uTorrent" = µTorrent
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 9/3/2009 11:08:24 PM | Computer Name = Charles-Fam-PC | Source = MsiInstaller | ID = 11321
Description = 
 
Error - 9/3/2009 11:08:24 PM | Computer Name = Charles-Fam-PC | Source = MsiInstaller | ID = 11321
Description = 
 
Error - 9/3/2009 11:08:24 PM | Computer Name = Charles-Fam-PC | Source = MsiInstaller | ID = 11321
Description = 
 
Error - 9/3/2009 11:08:26 PM | Computer Name = Charles-Fam-PC | Source = MsiInstaller | ID = 11321
Description = 
 
Error - 9/3/2009 11:30:37 PM | Computer Name = Charles-Fam-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 9/3/2009 11:56:39 PM | Computer Name = Charles-Fam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 9/3/2009 11:56:42 PM | Computer Name = Charles-Fam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 9/4/2009 12:21:07 AM | Computer Name = Charles-Fam-PC | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 120.0.194.0, time stamp
 0x48f7eb0d, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
 exception code 0xc00000fd, fault offset 0x0004458f,  process id 0xfa8, application
 start time 0x01ca2d1503d88914.
 
Error - 9/4/2009 12:21:57 AM | Computer Name = Charles-Fam-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 9/4/2009 8:24:36 AM | Computer Name = Charles-Fam-PC | Source = Application Hang | ID = 1002
Description = The program TFC.exe version 1.0.3.5 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process 
ID: 1228  Start Time: 01ca2d5a52b0a054  Termination Time: 0
 
[ System Events ]
Error - 9/4/2009 8:22:20 AM | Computer Name = Charles-Fam-PC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 9/4/2009 8:22:20 AM | Computer Name = Charles-Fam-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 9/4/2009 8:22:20 AM | Computer Name = Charles-Fam-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 9/4/2009 8:22:20 AM | Computer Name = Charles-Fam-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 9/4/2009 8:22:20 AM | Computer Name = Charles-Fam-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 9/4/2009 8:22:20 AM | Computer Name = Charles-Fam-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 9/4/2009 8:22:20 AM | Computer Name = Charles-Fam-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 9/4/2009 8:22:20 AM | Computer Name = Charles-Fam-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 9/4/2009 8:22:20 AM | Computer Name = Charles-Fam-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 9/4/2009 8:23:18 AM | Computer Name = Charles-Fam-PC | Source = Service Control Manager | ID = 7032
Description = 
 
[ Windows OneCare Events ]
Error - 6/27/2007 6:46:08 PM | Computer Name = Charles-Fam-PC | Source = WinSS | ID = 1011
Description = 
 
Error - 6/29/2007 10:22:15 AM | Computer Name = Charles-Fam-PC | Source = WinSS | ID = 1011
Description = 
 
Error - 6/29/2007 5:53:59 PM | Computer Name = Charles-Fam-PC | Source = WinSS | ID = 1011
Description = 
 
Error - 7/1/2007 9:36:32 PM | Computer Name = Charles-Fam-PC | Source = WinSS | ID = 1011
Description = 
 
Error - 7/1/2007 9:36:33 PM | Computer Name = Charles-Fam-PC | Source = WinSS | ID = 1011
Description = 
 
Error - 7/2/2007 7:58:25 PM | Computer Name = Charles-Fam-PC | Source = WinSS | ID = 1011
Description = 
 
Error - 7/5/2007 5:29:57 PM | Computer Name = Charles-Fam-PC | Source = WinSS | ID = 1011
Description = 
 
Error - 7/5/2007 5:29:57 PM | Computer Name = Charles-Fam-PC | Source = WinSS | ID = 1011
Description = 
 
Error - 7/9/2007 8:22:51 PM | Computer Name = Charles-Fam-PC | Source = WinSS | ID = 1011
Description = 
 
Error - 7/9/2007 8:22:51 PM | Computer Name = Charles-Fam-PC | Source = WinSS | ID = 1011
Description = 
 
 
< End of report >

To be completely honest, I'm not sure if the virus is still there or it's been removed.

Because I've had a b.exe and msa.exe and PnkBstrA.exe and PnkBstrB.exe processes which I located and deleted manually.

I'm not sure if this is just the aftereffects of the said viruses above.

Thanks

Roz

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP