this is my malwarebytes' log:
Malwarebytes' Anti-Malware 1.42
Database version: 3407
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865
22/12/2009 11:28:42 AM
mbam-log-2009-12-22 (11-28-42).txt
Scan type: Quick Scan
Objects scanned: 112732
Time elapsed: 5 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\synsend (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------------------------------
this is OTL.txt logs
OTL logfile created on: 22/12/2009 12:06:32 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Users\compaq\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.28 Gb Total Space | 111.24 Gb Free Space | 50.27% Space Free | Partition Type: NTFS
Drive D: | 11.60 Gb Total Space | 1.89 Gb Free Space | 16.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KAMIL
Current User Name: compaq
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/12/22 12:04:22 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\compaq\Desktop\OTL.exe
PRC - [2009/12/16 16:28:24 | 00,312,640 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2009/12/03 16:14:00 | 01,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/11/20 00:02:28 | 00,466,689 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2009/11/11 22:48:11 | 03,171,760 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2009/10/15 17:51:51 | 00,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/05 22:04:24 | 02,535,424 | ---- | M] (Ergonis Software) -- C:\Program Files\Ergonis\PopChar\PopChar.exe
PRC - [2009/09/20 11:17:54 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/09/20 11:17:53 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/09/12 13:00:54 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Users\compaq\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/08/04 10:25:55 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/10 16:13:11 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/23 21:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/10 22:03:50 | 00,724,992 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/12/09 06:34:24 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/12/09 02:25:24 | 00,432,432 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/12/03 09:28:22 | 00,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/20 00:14:06 | 00,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/11/19 01:57:04 | 00,966,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/04 11:39:20 | 00,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/10/24 03:46:02 | 00,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2008/10/23 01:32:20 | 00,628,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/10/15 19:39:54 | 00,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/10/15 19:39:52 | 00,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\stacsv.exe
PRC - [2008/10/15 19:39:50 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe
PRC - [2008/10/11 03:24:44 | 00,206,128 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/10/09 22:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/09/24 08:21:52 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008/09/15 22:13:38 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008/09/03 02:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/09/03 02:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/06/10 01:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/10 01:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/03/31 17:36:14 | 00,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2008/03/31 17:36:14 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
PRC - [2008/03/31 17:36:12 | 00,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2008/01/22 10:13:32 | 01,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 10:13:26 | 00,275,752 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2008/01/22 10:13:20 | 00,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2008/01/21 10:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 10:33:24 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/21 10:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/08/22 17:35:40 | 00,439,632 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
========== Modules (SafeList) ==========
MOD - [2009/12/22 12:04:22 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\compaq\Desktop\OTL.exe
MOD - [2008/01/21 10:33:14 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2009/12/11 18:34:25 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/20 11:17:54 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/20 11:17:53 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/27 03:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/12/10 22:03:50 | 00,724,992 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/12/03 09:28:22 | 00,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/20 00:14:06 | 00,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 11:39:20 | 00,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/10/24 03:46:02 | 00,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/10/15 19:39:52 | 00,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\stacsv.exe -- (STacSV)
SRV - [2008/10/15 19:39:50 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe -- (AESTFilters)
SRV - [2008/10/09 22:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/15 22:13:38 | 00,241,734 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/06/10 01:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/05/06 06:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/22 10:13:26 | 00,275,752 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/01/21 10:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/28 10:27:24 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/27 05:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 18:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://malaysia.search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://malaysia.yahoo.com"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.7
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/04 10:26:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/26 21:20:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/19 13:14:28 | 00,000,000 | ---D | M]
[2009/09/20 16:06:52 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\mozilla\Extensions
[2009/09/20 16:06:52 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/12/15 19:38:56 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\mozilla\Firefox\Profiles\gbjvhslp.default\extensions
[2009/11/26 16:31:43 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\compaq\AppData\Roaming\mozilla\Firefox\Profiles\gbjvhslp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/26 21:20:30 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Users\compaq\AppData\Roaming\mozilla\Firefox\Profiles\gbjvhslp.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/11/26 21:20:30 | 00,000,000 | ---D | M] (No name found) -- C:\Users\compaq\AppData\Roaming\mozilla\Firefox\Profiles\gbjvhslp.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/09/20 01:10:08 | 00,000,681 | ---- | M] () -- C:\Users\compaq\AppData\Roaming\Mozilla\FireFox\Profiles\gbjvhslp.default\searchplugins\ask.xml
[2009/12/15 19:38:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/03 08:07:00 | 00,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Device Detector] File not found
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-MY\local\search.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.188.0.133 202.188.1.5
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3cf0ffb3-b660-11de-a8b9-00235ab52d9f}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe -- File not found
O33 - MountPoints2\{3cf0ffb3-b660-11de-a8b9-00235ab52d9f}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe -- File not found
O33 - MountPoints2\{99d52f75-e26c-11de-ac66-00235ab52d9f}\Shell\AutoRun\command - "" = F:\cdhefb.exe -- File not found
O33 - MountPoints2\{99d52f75-e26c-11de-ac66-00235ab52d9f}\Shell\explore\Command - "" = F:\cdhefb.exe -- File not found
O33 - MountPoints2\{99d52f75-e26c-11de-ac66-00235ab52d9f}\Shell\open\Command - "" = F:\cdhefb.exe -- File not found
O33 - MountPoints2\{e30b35a3-c588-11de-a07d-00235ab52d9f}\Shell - "" = AutoRun
O33 - MountPoints2\{e30b35a3-c588-11de-a07d-00235ab52d9f}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{e30b35aa-c588-11de-a07d-00235ab52d9f}\Shell - "" = AutoRun
O33 - MountPoints2\{e30b35aa-c588-11de-a07d-00235ab52d9f}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 10:46:39 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2009/12/22 12:09:28 | 00,000,000 | ---D | C] -- C:\Users\compaq\Desktop\gmer
[2009/12/22 12:04:13 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\compaq\Desktop\OTL.exe
[2009/12/22 11:20:12 | 00,000,000 | ---D | C] -- C:\Users\compaq\AppData\Roaming\Malwarebytes
[2009/12/22 11:20:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/22 11:20:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/22 11:20:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/22 11:20:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/22 11:17:41 | 04,844,272 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\compaq\Desktop\mbam-setup.exe
[2009/12/22 11:00:06 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Users\compaq\Desktop\TFC.exe
[2009/12/22 03:02:27 | 00,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2009/12/21 13:27:36 | 00,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2009/12/21 13:23:51 | 00,000,000 | ---D | C] -- C:\Program Files\MediaMobsters
[2009/12/21 13:23:08 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2009/12/21 13:00:02 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2009/12/21 12:58:37 | 00,000,000 | ---D | C] -- C:\Users\compaq\AppData\Roaming\DAEMON Tools Pro
[2009/12/21 12:58:37 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2009/12/20 14:09:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/12/19 13:15:23 | 00,000,000 | ---D | C] -- C:\Users\compaq\Documents\BYOND
[2009/12/19 13:14:26 | 00,000,000 | ---D | C] -- C:\Program Files\BYOND
[2009/12/16 12:38:22 | 00,000,000 | ---D | C] -- C:\Windows\'Full Speed' Internet Booster + Performance Tests
[2009/12/16 12:37:58 | 00,000,000 | ---D | C] -- C:\aidualc3
[2009/12/16 12:37:30 | 00,000,000 | ---D | C] -- C:\Users\compaq\Desktop\Torrent
[2009/12/15 19:38:11 | 00,000,000 | ---D | C] -- C:\Users\compaq\AppData\Roaming\IDM
[2009/12/15 19:38:11 | 00,000,000 | ---D | C] -- C:\Users\compaq\AppData\Roaming\DMCache
[2009/12/15 19:38:06 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2009/12/15 12:56:16 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/12/12 23:16:45 | 00,000,000 | ---D | C] -- C:\Users\compaq\Documents\Electronic Arts
[2009/12/12 22:53:25 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009/12/11 18:34:29 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/12/08 20:11:29 | 00,000,000 | ---D | C] -- C:\Program Files\Starcraft
========== Files - Modified Within 14 Days ==========
[2009/12/22 12:10:32 | 03,670,016 | -HS- | M] () -- C:\Users\compaq\NTUSER.DAT
[2009/12/22 12:04:22 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\compaq\Desktop\OTL.exe
[2009/12/22 11:47:01 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/22 11:44:04 | 00,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/22 11:44:04 | 00,647,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/22 11:44:04 | 00,123,374 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/22 11:40:22 | 00,000,629 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2009/12/22 11:39:51 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/22 11:39:51 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/22 11:39:51 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/22 11:39:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/22 11:39:30 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/22 11:39:25 | 18,767,74912 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/22 11:20:09 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/22 11:19:31 | 04,844,272 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\compaq\Desktop\mbam-setup.exe
[2009/12/22 11:01:20 | 00,524,288 | -HS- | M] () -- C:\Users\compaq\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 11:01:20 | 00,065,536 | -HS- | M] () -- C:\Users\compaq\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2009/12/22 11:00:02 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Users\compaq\Desktop\TFC.exe
[2009/12/22 04:44:54 | 01,134,294 | -H-- | M] () -- C:\Users\compaq\AppData\Local\IconCache.db
[2009/12/21 23:46:23 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D0615BF6-6C0D-4B6F-A0DE-19B1001440BA}.job
[2009/12/21 18:00:00 | 00,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009/12/21 13:27:33 | 00,000,886 | ---- | M] () -- C:\Users\compaq\Desktop\Play GangLand.lnk
[2009/12/21 13:15:59 | 00,000,422 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2009/12/21 13:09:03 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/12/21 13:00:33 | 00,001,717 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2009/12/21 13:00:32 | 00,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/19 13:14:26 | 00,001,485 | ---- | M] () -- C:\Users\compaq\Desktop\BYOND.lnk
[2009/12/18 23:27:30 | 00,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcompaq.job
[2009/12/18 02:25:45 | 00,060,963 | ---- | M] () -- C:\Users\compaq\Desktop\Untitled.jpg
[2009/12/17 12:30:19 | 00,013,824 | ---- | M] () -- C:\Users\compaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 12:56:16 | 00,000,752 | ---- | M] () -- C:\Users\compaq\Desktop\µTorrent.lnk
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Users\compaq\Desktop\gmer.exe
[2009/12/15 00:31:14 | 00,106,762 | ---- | M] () -- C:\Users\compaq\Desktop\28.jpg
[2009/12/13 15:32:27 | 11,788,725 | ---- | M] () -- C:\Users\compaq\Desktop\video.mp4
[2009/12/13 12:59:19 | 00,256,417 | ---- | M] () -- C:\Users\compaq\Desktop\Untitled.wma
========== Files Created - No Company Name ==========
[2009/12/22 11:28:03 | 00,284,915 | ---- | C] () -- C:\Users\compaq\Desktop\gmer.zip
[2009/12/22 11:20:09 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/21 13:27:33 | 00,000,886 | ---- | C] () -- C:\Users\compaq\Desktop\Play GangLand.lnk
[2009/12/21 13:00:33 | 00,001,717 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2009/12/21 13:00:32 | 00,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/19 13:14:26 | 00,001,485 | ---- | C] () -- C:\Users\compaq\Desktop\BYOND.lnk
[2009/12/18 02:25:45 | 00,060,963 | ---- | C] () -- C:\Users\compaq\Desktop\Untitled.jpg
[2009/12/17 08:08:58 | 73,408,5120 | ---- | C] () -- C:\Users\compaq\Desktop\bestdivx-appleseed.avi
[2009/12/15 12:56:16 | 00,000,752 | ---- | C] () -- C:\Users\compaq\Desktop\µTorrent.lnk
[2009/12/15 00:31:14 | 00,106,762 | ---- | C] () -- C:\Users\compaq\Desktop\28.jpg
[2009/12/13 15:05:58 | 11,788,725 | ---- | C] () -- C:\Users\compaq\Desktop\video.mp4
[2009/12/13 12:57:42 | 00,256,417 | ---- | C] () -- C:\Users\compaq\Desktop\Untitled.wma
[2009/12/11 18:34:40 | 00,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/11 18:34:39 | 00,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/18 13:02:45 | 00,000,680 | ---- | C] () -- C:\Users\compaq\AppData\Local\d3d9caps.dat
[2009/09/02 01:40:11 | 00,026,340 | ---- | C] () -- C:\Users\compaq\AppData\Roaming\UserTile.png
[2009/08/30 01:05:50 | 00,013,824 | ---- | C] () -- C:\Users\compaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 10:27:33 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/08/04 10:24:09 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/04 10:24:07 | 00,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/04 10:24:07 | 00,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/04 10:24:06 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/08/04 10:24:05 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/04 10:24:05 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/08/04 10:10:36 | 00,000,000 | ---- | C] () -- C:\Users\compaq\AppData\Local\QSwitch.txt
[2009/08/04 10:10:36 | 00,000,000 | ---- | C] () -- C:\Users\compaq\AppData\Local\DSwitch.txt
[2009/08/04 10:10:36 | 00,000,000 | ---- | C] () -- C:\Users\compaq\AppData\Local\AtStart.txt
[2009/08/04 10:10:31 | 00,101,270 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/07/18 13:31:40 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/07/18 13:31:28 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/07/18 13:30:50 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/07/18 13:30:12 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/07/18 13:28:06 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/07/18 13:27:21 | 00,000,629 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/07/18 12:43:12 | 00,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/03/10 17:37:30 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/03/10 17:31:30 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/03/10 17:29:31 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/03/10 17:28:08 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/12/10 22:05:52 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/11/12 13:51:04 | 00,135,882 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/08/20 15:45:46 | 00,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2006/11/02 15:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2009/08/30 04:26:34 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\ACD Systems
[2009/12/21 13:23:32 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\DAEMON Tools Pro
[2009/12/22 12:04:02 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\DMCache
[2009/08/29 23:44:10 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\FloodLightGames
[2009/12/22 11:12:22 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\IDM
[2009/12/15 19:39:51 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\LimeWire
[2009/08/31 16:05:10 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\Motorola
[2009/09/02 01:40:11 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\PeerNetworking
[2009/09/28 01:16:10 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\SPORE Creature Creator
[2009/12/22 11:41:12 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\uTorrent
[2009/11/01 15:12:32 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\Vodafone
[2009/08/27 23:32:27 | 00,000,000 | ---D | M] -- C:\Users\compaq\AppData\Roaming\WildTangent
[2009/12/21 18:00:00 | 00,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2009/12/22 11:01:36 | 00,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/21 23:46:23 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D0615BF6-6C0D-4B6F-A0DE-19B1001440BA}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/01/21 10:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 10:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 10:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 10:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 17:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/04/11 14:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 10:32:21 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 10:32:21 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 17:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/08/16 20:03:39 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=66A1A71D66C5235A31C16F30147E7AF6 -- C:\Windows\System32\drivers\atapi.sys
[2008/08/16 20:03:39 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=66A1A71D66C5235A31C16F30147E7AF6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_181d523c\atapi.sys
[2008/08/16 20:03:39 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=66A1A71D66C5235A31C16F30147E7AF6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22245_none_dd9b888d3ac35a04\atapi.sys
[2009/03/10 16:01:17 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/03/10 16:01:17 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/03/10 16:01:17 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/03/10 16:01:17 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 17:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 17:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2007/05/18 12:34:04 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: IASTORV.SYS >
[2008/01/21 10:32:49 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 10:32:49 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 10:32:49 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 17:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/04/11 14:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 10:33:41 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 10:33:41 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 17:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 10:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 10:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 10:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/01/21 10:34:39 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 10:34:39 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 14:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s >
< End of report >
--------------------------------------------------------------------------------------------------------------
and this is Extras.txt
OTL Extras logfile created on: 22/12/2009 12:06:32 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Users\compaq\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.28 Gb Total Space | 111.24 Gb Free Space | 50.27% Space Free | Partition Type: NTFS
Drive D: | 11.60 Gb Total Space | 1.89 Gb Free Space | 16.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KAMIL
Current User Name: compaq
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038A79DC-7419-41DD-969E-46684F0171EA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{05BCF33E-CE25-4CB7-A26A-CF2FC977E9D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1079F107-88C3-43E1-B42A-412BD14DF793}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12175B30-4391-4854-BF96-BF6DA228FC8D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{14C09306-2C14-429A-A851-235551D41929}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1B9B2FB3-C52E-46A0-B748-86A57FC1656F}" = rport=445 | protocol=6 | dir=out | app=system |
"{290C012A-7BC7-4B69-96A2-C6B6BA470833}" = rport=137 | protocol=17 | dir=out | app=system |
"{315ABC12-E77D-471A-8C0D-8F225D221F8B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{363F9B31-856F-46EE-A523-61E2AC3CF9F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46986819-94AD-4578-BF52-608E6E046535}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{658BAA01-6FE2-4975-BE45-760A35E77F8F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{69130E12-7167-43F5-8AD5-858030413F8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AD97BDE-4AC6-4444-B030-C201909A885F}" = lport=445 | protocol=6 | dir=in | app=system |
"{7DE08DBC-AECB-4BF2-B2DB-C9DA91B68C8C}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8555DCED-B818-4C16-A5F2-A5542854C712}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{88B75A70-E566-4854-BA1C-7BE2CA9320F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{894CA458-ED56-42F3-9F56-CA1F9D61F154}" = rport=10243 | protocol=6 | dir=out | app=system |
"{98F5DA15-36DA-4E3E-AE94-4A2EA40BF85C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{996BD00E-F71B-4705-AD79-9CD212861F1A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{9BB95627-BB5B-4131-A84D-F004EA919BE4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E427197-48CF-42CD-9E75-B4116B1F0FE4}" = lport=139 | protocol=6 | dir=in | app=system |
"{A9BBEC59-A304-4CF2-8006-222B165CE49A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{AA24ADD7-F47C-4A5D-8CDE-CC170A4502EF}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD182B58-3266-4F21-B01A-D644D5B38F10}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD446239-A5AA-4E45-9C9D-36F9EAA2A787}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{BA05AEE0-47D1-4E37-AF77-1EA52138F62D}" = rport=138 | protocol=17 | dir=out | app=system |
"{CEA7A54D-2D9C-48A6-AD9D-2CAE26F743A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D47875F4-D7C6-4758-B0AA-3D5E3CC16C25}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D74A56E2-23D6-4F6A-96B3-C41F810E5560}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DD05B9F6-5487-42DD-93E5-44F2EBB99A70}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD5960A1-D500-43BC-BAD8-707607D0F724}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E3B51DD3-3E89-41DD-BFB9-0CBAAD6035D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E501BF77-677C-46DC-81E7-9DDD1FF41C9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{E8411B2A-1B45-4AD5-93B7-F01C4C8C6CB3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F19ECD7D-31F5-47F2-9410-5672E1C77B62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3278A6E-3F3E-4343-BF36-7390052A7B3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F57B2FEE-B2E7-4088-B972-F668E43833AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5D9ACFE-7BBA-4CB3-8687-C9509D6429B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD4C7994-095A-45D7-ACD9-60A364AB91F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{FF6BB0D4-464A-4F18-83AD-B4A9F5F48111}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A244CE-64E3-42D2-B32E-13F3C4D7440E}" = protocol=6 | dir=out | app=system |
"{0BDCE276-FFD1-4EBE-8835-91863D663CE2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{0F7812D7-7DA3-47F9-8A07-6357ABB90E5A}" = protocol=6 | dir=in | app=c:\program files\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{137EC154-6EDC-420E-8D89-E9B067472220}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EC83C94-8CDB-4B0B-9A1E-C5942DE6B523}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1FA5E793-AA36-4B91-BF82-9B2D445ACE9B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{256BA17D-169D-428D-928E-80E7FF42AC69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3619CE55-C31A-45CB-81D5-380AC5D68092}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{396ECEC6-AEFE-4FE3-AE18-85EE74D0F6D3}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{3C96A9DD-B1D4-4A36-8AF0-403D96971109}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3E1106F2-17D0-4EEF-8BA4-4A4B56EE09A5}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{409A0574-99A5-474A-B318-7F7E3793460B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4110A2F1-E779-44F8-8CF8-8CC7636F85B6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{4BC38986-7B37-4541-9D35-72BDB199822A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{5A91C5E1-CA08-4296-AF3D-57C9E8DE5FD9}" = protocol=17 | dir=in | app=c:\program files\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{65C2F73E-EF46-44CB-8323-ABDFCBCA06A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6FE58466-4257-4558-A750-B3B988B911A6}" = protocol=17 | dir=in | app=c:\program files\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{70D59F0D-DA18-4F01-8B4A-1284A0BA4850}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74A6072E-A1A4-4C13-8A0C-C3D4380F06FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7986C47B-B3EC-4BF7-B51F-CDA51F92AC48}" = protocol=6 | dir=in | app=c:\program files\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{7BE622A7-AF47-45FB-B17F-F65F5838B819}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8008458A-3063-4BA4-A539-B6D1D266391E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{836FDEE7-5908-4006-A821-2540CFE311EA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{89E376B2-7B82-4207-9CA5-4AD63FFA4DFF}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9052AF35-2F4A-45A6-87BB-7EF33F850203}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{95B754BE-DCAB-4E2A-80D2-4FDC436725A9}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{ADB9F596-6174-4CEA-86FB-614B2CB32E98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEABD9A6-FA7A-453E-952F-FFA33FF30274}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BBA3B79C-5EB8-4D78-8C00-A79E2D9A7486}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE480494-58CC-48E9-88E8-45E8877FDE0C}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C1B7F774-5645-4169-AA4D-31C671E35EC1}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{CA1DC2C7-CC07-47CF-B3FD-C4F44B81A685}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB08B583-2132-4BCC-8A56-5E261122C890}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF38A16E-0AF6-42B3-AC0C-06B3AA8B60D5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DA01AA96-5FF7-4A5D-A6A4-AA8D77CA48DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DB374656-D4E8-4BD4-9A2C-C5AC207CDFA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E61347EB-886C-4ADF-8AE1-B004ABC07F0D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E8C8C0DD-ABDF-418E-AAF5-BD93EDB6A931}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F43C09F5-FAC3-4932-A78E-01CCF69D4005}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCF3BA44-8BD0-4F1D-80FF-A7B3FA444B4A}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"TCP Query User{0AC38014-94B6-4FF1-A7B2-3A720E6140E7}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{0DB447D3-C949-44C5-8447-E6DA95B264B4}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{11FD16D1-8EC7-47CB-90DF-1158700B6A32}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{15764EAA-AD97-42C5-9547-C5C4F485E17B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{289ED93A-D1E9-49B0-AAD1-4E70A1D7CB4C}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{29E2B5AE-5899-465F-B947-2E588EF66134}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{300A40D7-4C33-420F-A27B-406D7B145463}C:\program files\warcraft iii 1.24\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii 1.24\war3.exe |
"TCP Query User{32E380D0-7816-4B46-99B8-DA2EEA92D484}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"TCP Query User{36168E8F-B437-4B54-8217-138F4308C4BA}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{3E218900-C6A1-4B43-B8D0-2274D6577586}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{6128D2CE-3542-4285-9CCF-D78D5936823F}C:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"TCP Query User{70192613-FBB8-481C-984D-0E80D3054BF0}C:\users\compaq\desktop\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\compaq\desktop\left 4 dead\left4dead.exe |
"TCP Query User{7C8E392A-026D-4BEE-917F-97FFCBABADC7}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{8041C65D-43DB-42B8-B936-1B4680DFD737}C:\program files\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"TCP Query User{8229EFB7-7DAF-4F47-B080-F06ECE8D79DD}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{89AECE09-E7B5-4873-ACDB-02F868902CDE}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8EBF6C75-1D77-441F-A47D-F029BA69E4A5}C:\users\compaq\desktop\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\compaq\desktop\left 4 dead\left4dead.exe |
"TCP Query User{8F5B064E-280F-42B2-B190-879EDE0814D3}C:\program files\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files\byond\bin\byond.exe |
"TCP Query User{9297FE59-7AA3-4DD9-80D2-39D424E1260A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{A701E4B9-B411-41E5-8FFC-7A7667516E4A}C:\program files\warcraft iii 1.24\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii 1.24\war3.exe |
"TCP Query User{A8E8B666-9783-428C-98D8-D864F1A08E03}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{B4E33413-1C1B-4EFB-8E65-DDF14C35816B}C:\program files\mediamobsters\gangland\gangland.exe" = protocol=6 | dir=in | app=c:\program files\mediamobsters\gangland\gangland.exe |
"TCP Query User{B863A4B2-4926-44A5-A782-4078A9B7CE16}C:\program files\warcraft iii 1.21\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii 1.21\war3.exe |
"TCP Query User{C811F7EF-2AC7-4577-AF2A-CE27CE86FA42}C:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"TCP Query User{D4379522-55E7-4F98-9D61-893EB92F63E3}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{DCC49ACE-0FCE-45CF-89D1-51227756736D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{DF73E063-9098-457A-9652-C83C580A6351}C:\valve\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\hl.exe |
"TCP Query User{F7099EED-29E2-489D-9ECD-33E0927DC406}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"UDP Query User{000D964F-5738-44E8-8EF1-13AB85263038}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{107D098C-A4DE-43F8-A256-12541CDB0A37}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{11B47542-5D33-4EE4-981F-13731C7564C6}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{1446461F-CCCF-42B2-9543-BB86CDF0C9D8}C:\program files\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files\byond\bin\byond.exe |
"UDP Query User{1677D2D5-1422-4553-B2DE-5727F6D517DD}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{18FD1B1E-84E1-4A05-B0B4-6853A54882BF}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"UDP Query User{2267E889-FD9D-4B8D-A181-D7BAEEFC19E3}C:\users\compaq\desktop\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\compaq\desktop\left 4 dead\left4dead.exe |
"UDP Query User{275129B6-6466-4AAB-9F74-97B938360CB2}C:\program files\warcraft iii 1.21\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii 1.21\war3.exe |
"UDP Query User{3125F4EF-C002-4FF2-BD17-DA7300C36565}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{3D1DECD7-7CE2-49D0-A5DC-B5B2B67BDEF4}C:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"UDP Query User{3D6E0B46-5E59-4B5B-AC97-5D2378657512}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{3DAE117F-BCFC-4C82-A964-A5C97DBD2334}C:\users\compaq\desktop\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\compaq\desktop\left 4 dead\left4dead.exe |
"UDP Query User{3EC7D136-E599-4AD1-8710-3EEEE270E8D2}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"UDP Query User{40971F92-3485-4BB6-BD5B-F47EE1CCCB83}C:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"UDP Query User{476B6F8B-0180-4EBF-A0D2-E29596950E3F}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"UDP Query User{4DC726CF-2725-482E-AE75-26B2CF9D4366}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"UDP Query User{60DB1D37-88B7-455E-B1FC-DFD8504A5543}C:\valve\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\hl.exe |
"UDP Query User{62C4F459-9423-4E18-909F-2347DB7B090C}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{76A3A2E6-8000-4391-AF4B-1A70E8AA136E}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{7ABB0E1B-6FB5-4ED7-8575-122DB5030370}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{7C6A7EF0-D9DC-4349-8105-AF2152B8A079}C:\program files\warcraft iii 1.24\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii 1.24\war3.exe |
"UDP Query User{81E73774-59B7-4841-95FE-C9D3FCCE36F9}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{9E3632CA-8286-4332-B6A8-E78B7B7F3A85}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{B502FF04-4857-4B54-B0EC-3DE2F3104FFA}C:\program files\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"UDP Query User{EE2A54FB-4C7B-4942-BCBE-6241ECBD2871}C:\program files\mediamobsters\gangland\gangland.exe" = protocol=17 | dir=in | app=c:\program files\mediamobsters\gangland\gangland.exe |
"UDP Query User{F97D277A-95B5-4723-933E-1F1F53CA4E80}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{FE423596-5B77-4855-A337-1189643C377D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{FEDE9437-1C41-4CBA-84AC-F190A9EA0350}C:\program files\warcraft iii 1.24\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii 1.24\war3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22FB6750-ADDF-4726-B67F-6901E1991033}" = Nero 7 Ultra Edition
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E0E6066-A687-448D-BFC4-D58BE3399C3B}" = SoftStylus
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}" = Vodafone Mobile Connect Lite
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = MODEM Mobile Connection
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1A1CE85-747B-6A0C-19FE-DFDD0B2DA671}" = ATI Catalyst Install Manager
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FB3B08F0-5245-2336-0655-5256861F0986}" = ccc-utility
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Condition Zero" = Condition Zero
"Dawn of War Soulstorm Re-Balance Mod v1.0" = Dawn of War Soulstorm Re-Balance Mod v1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ergonis PopChar_is1" = PopChar 4.2
"GangLand" = GangLand
"Garena" = Garena
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MiniLyrics" = Minilyrics(remove only)
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"Quran in Word_is1" = Quran in Word
"RealPlayer 6.0" = RealPlayer
"The Sims 3_is1" = The Sims 3
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"VLC media player" = VLC media player 1.0.1
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19/12/2009 11:34:04 PM | Computer Name = kamil | Source = WinMgmt | ID = 10
Description =
Error - 20/12/2009 3:03:41 PM | Computer Name = kamil | Source = Windows Search Service | ID = 3013
Description =
Error - 21/12/2009 12:40:34 AM | Computer Name = kamil | Source = Application Error | ID = 1000
Description = Faulting application GANGLAND.EXE, version 0.0.0.0, time stamp 0x30468b2b,
faulting module FMOD.DLL, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000135, fault offset 0x00009cac, process id 0x11e0, application start time
0x01ca81f7ba323a34.
Error - 21/12/2009 1:00:08 AM | Computer Name = kamil | Source = VSS | ID = 8194
Description =
Error - 21/12/2009 1:00:32 AM | Computer Name = kamil | Source = SPP | ID = 16387
Description =
Error - 21/12/2009 1:00:32 AM | Computer Name = kamil | Source = System Restore | ID = 8193
Description =
Error - 21/12/2009 1:02:39 AM | Computer Name = kamil | Source = SPP | ID = 16387
Description =
Error - 21/12/2009 1:02:39 AM | Computer Name = kamil | Source = System Restore | ID = 8193
Description =
Error - 21/12/2009 1:08:53 AM | Computer Name = kamil | Source = Windows Search Service | ID = 3013
Description =
Error - 21/12/2009 1:13:22 AM | Computer Name = kamil | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 23/11/2009 6:16:58 AM | Computer Name = kamil | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0428)
disappeared from the system without first being prepared for removal.
Error - 25/11/2009 7:43:06 AM | Computer Name = kamil | Source = HTTP | ID = 15016
Description =
Error - 25/11/2009 7:43:23 AM | Computer Name = kamil | Source = Service Control Manager | ID = 7000
Description =
Error - 25/11/2009 7:43:23 AM | Computer Name = kamil | Source = Service Control Manager | ID = 7000
Description =
Error - 25/11/2009 7:43:23 AM | Computer Name = kamil | Source = Service Control Manager | ID = 7026
Description =
Error - 25/11/2009 7:46:57 AM | Computer Name = kamil | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0028)
disappeared from the system without first being prepared for removal.
Error - 25/11/2009 7:46:57 AM | Computer Name = kamil | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0228)
disappeared from the system without first being prepared for removal.
Error - 25/11/2009 7:46:57 AM | Computer Name = kamil | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0328)
disappeared from the system without first being prepared for removal.
Error - 25/11/2009 7:46:57 AM | Computer Name = kamil | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0428)
disappeared from the system without first being prepared for removal.
Error - 25/11/2009 1:22:19 PM | Computer Name = kamil | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection agent has encountered an error when taking
action on spyware or other potentially unwanted software. For more information please
see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=133044
Scan
ID: {DAD87AA8-E86E-479A-AD9A-FD361F6C046A} User: KAMIL\compaq Name: Backdoor:Win32/IRCbot.gen!K
ID:
133044 Severity ID: 5 Category ID: 6 Path: Alert Type: %%805 Action: %%812 Error Code:
0x80508024 Error description: To finish removing spyware and other potentially unwanted
software, you need to run a full scan. For information about scanning options,
see Help and Support.
< End of report >
sadly, my avira keeps detecting the TR/ATRAPS.Gen Trojan every 5(+-) minutes.
thanks in advance for your kind help..
