Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Think ive been hacked

Started by crystal_sword , Nov 01 2010 11:03 PM

  • This topic is locked This topic is locked

#1
crystal_sword
Posted 01 November 2010 - 11:03 PM

crystal_sword

    Member

  • Member
  • PipPip
  • 17 posts
Not sure if i have been hacked. Some of the stuff there looks dodgy, but can't remove.

Please take a look someone

Please check...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:55:10, on 02/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Microsoft Configuration] C:\Users\HP\AppData\Local\Temp\msconfig.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.co...sreqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.s...abs/tgctlcm.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...S.cab109791.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate1ca26a73090e2e0) (gupdate1ca26a73090e2e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11876 bytes
  • 0

Advertisements

#2
crystal_sword
Posted 02 November 2010 - 03:49 PM

crystal_sword

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
BUMP.

Please can some help me?
  • 0

#3
Essexboy
Posted 02 November 2010 - 04:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there bumping your topic may mean you being bypassed, as we look for zero replies. What are your problems

Let me see what you have

Posted Image GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
Posted Image
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Click on Scan all users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#4
crystal_sword
Posted 02 November 2010 - 06:54 PM

crystal_sword

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The GMER TXT ark.txt
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-02 23:57:03
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\HP\AppData\Local\Temp\pxldipoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DFBABAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DFBA9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DFBAB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 82F7CDF0 7 Bytes JMP 8DFBAB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82FE828F 5 Bytes JMP 8DFB65D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 83041063 5 Bytes JMP 8DFB7FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 83042905 7 Bytes JMP 8DFBA9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830A290A 7 Bytes JMP 8DFBABB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 762BA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Mozilla Firefox\firefox.exe[4188] ntdll.dll!LdrLoadDll 770C9390 3 Bytes JMP 010D13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4188] ntdll.dll!LdrLoadDll + 4 770C9394 1 Byte [8A]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4588] USER32.dll!TrackPopupMenu 761914F3 5 Bytes JMP 67135CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{7089373C-39A3-A5D7-72E0F9B1B1BA828D}\{72DE6895-E215-C85D-4F9099F65ABBB5F8}\{8DFB3C3E-A988-D036-8A13836ED250FFE4}
Reg HKLM\SOFTWARE\Classes\CLSID\{7089373C-39A3-A5D7-72E0F9B1B1BA828D}\{72DE6895-E215-C85D-4F9099F65ABBB5F8}\{8DFB3C3E-A988-D036-8A13836ED250FFE4}@RA4KGUJC6T6LBNJRIDQ63C2L6C1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A3898AE7-11D1-364C-50B629D3BDD33730}\{75E2AEA1-D0D7-F395-00074BFE3B49B652}\{C6A3DC00-042F-33E6-17A49D873A8D73F7}
Reg HKLM\SOFTWARE\Classes\CLSID\{A3898AE7-11D1-364C-50B629D3BDD33730}\{75E2AEA1-D0D7-F395-00074BFE3B49B652}\{C6A3DC00-042F-33E6-17A49D873A8D73F7}@RA4KGUJC6T6LBNJRIDQ63C2L6C1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----

______
  • 0

#5
crystal_sword
Posted 02 November 2010 - 06:55 PM

crystal_sword

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL.txt


GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-02 23:57:03
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\HP\AppData\Local\Temp\pxldipoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DFBABAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DFBA9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DFBAB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 82F7CDF0 7 Bytes JMP 8DFBAB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82FE828F 5 Bytes JMP 8DFB65D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 83041063 5 Bytes JMP 8DFB7FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 83042905 7 Bytes JMP 8DFBA9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830A290A 7 Bytes JMP 8DFBABB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 762BA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Mozilla Firefox\firefox.exe[4188] ntdll.dll!LdrLoadDll 770C9390 3 Bytes JMP 010D13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4188] ntdll.dll!LdrLoadDll + 4 770C9394 1 Byte [8A]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4588] USER32.dll!TrackPopupMenu 761914F3 5 Bytes JMP 67135CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{7089373C-39A3-A5D7-72E0F9B1B1BA828D}\{72DE6895-E215-C85D-4F9099F65ABBB5F8}\{8DFB3C3E-A988-D036-8A13836ED250FFE4}
Reg HKLM\SOFTWARE\Classes\CLSID\{7089373C-39A3-A5D7-72E0F9B1B1BA828D}\{72DE6895-E215-C85D-4F9099F65ABBB5F8}\{8DFB3C3E-A988-D036-8A13836ED250FFE4}@RA4KGUJC6T6LBNJRIDQ63C2L6C1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A3898AE7-11D1-364C-50B629D3BDD33730}\{75E2AEA1-D0D7-F395-00074BFE3B49B652}\{C6A3DC00-042F-33E6-17A49D873A8D73F7}
Reg HKLM\SOFTWARE\Classes\CLSID\{A3898AE7-11D1-364C-50B629D3BDD33730}\{75E2AEA1-D0D7-F395-00074BFE3B49B652}\{C6A3DC00-042F-33E6-17A49D873A8D73F7}@RA4KGUJC6T6LBNJRIDQ63C2L6C1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----
  • 0

#6
crystal_sword
Posted 02 November 2010 - 06:56 PM

crystal_sword

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Extras.txt

OTL Extras logfile created on: 02/11/2010 23:59:00 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\HP\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.39 Gb Total Space | 89.72 Gb Free Space | 40.52% Space Free | Partition Type: NTFS
Drive D: | 11.50 Gb Total Space | 2.04 Gb Free Space | 17.74% Space Free | Partition Type: NTFS
Drive E: | 702.31 Mb Total Space | 386.04 Mb Free Space | 54.97% Space Free | Partition Type: UDF

Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1370110664-3231659383-877778500-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00822484-F112-4F6E-80A8-C22D348B5AAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07AF37B4-B803-4954-B625-37460E9651E1}" = rport=138 | protocol=17 | dir=out | app=system |
"{0B292CB8-25BC-4044-9797-A26E0BC69E2B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{0E0D3100-C724-45AD-AF76-A9CFDC6B6A79}" = lport=445 | protocol=6 | dir=in | app=system |
"{285148CE-8FE5-4F17-9158-8BCCB31612D9}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{2D8C6496-1949-4AE5-BDE7-C57C26EA6FCC}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{32299AB1-326D-4DA4-A246-7F0888955288}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{32FEC337-F6EF-4D8E-BABE-C8A04A31FE49}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{3347A99A-A2D9-41E9-AC18-A5E7E3994943}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{38743D64-0B69-4E83-BBCE-33005661A01A}" = lport=138 | protocol=17 | dir=in | app=system |
"{3EA1CEB9-C1C2-4223-A861-894F9CAF6B03}" = lport=27453 | protocol=6 | dir=in | name=bitcomet 27453 tcp |
"{41DBAE18-8467-45A5-ACE0-23439E04708A}" = lport=139 | protocol=6 | dir=in | app=system |
"{445D813D-ACE7-4177-97CF-8AB72598ABC6}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{46D1BBCB-E098-4BBB-8A28-F81AF5434963}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B9EF63B-E34A-4ACD-93DD-8DE5D58F0609}" = rport=137 | protocol=17 | dir=out | app=system |
"{50C92C91-DD5F-4714-A594-24FC82A7CE41}" = lport=27453 | protocol=17 | dir=in | name=bitcomet 27453 udp |
"{54370E0B-80DC-420E-8F54-2FA5196D504F}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{5789C874-31B6-4087-9A35-6C6585869A22}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{5E241BEF-30B1-45AD-87A8-0D96ECB99B29}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{67043805-82B9-4772-9B0F-618645AB324B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B334974-DDC7-49E8-AF45-FAD0C22D7251}" = rport=445 | protocol=6 | dir=out | app=system |
"{7B1BC39B-B10E-4ABC-B9BC-B363BBD3F2DA}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{7F6E21E8-C06B-4D6D-B8A5-B7E60FDCE0C6}" = lport=27453 | protocol=17 | dir=in | name=bitcomet 27453 udp |
"{81B08270-59DE-4993-B363-38136FAB1DDE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{829DB0E8-CCEE-4330-9816-9C37DAA389AA}" = rport=139 | protocol=6 | dir=out | app=system |
"{85E4135A-9CD3-4043-9FA9-91C5B59FAF61}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{85FDE1DF-A712-4898-99F1-C7E8612660CF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{861681FB-9A4C-4C24-A9C5-F6334D3F17E5}" = rport=5357 | protocol=6 | dir=out | app=system |
"{89E42279-486A-4E88-96B9-850F703B7422}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8BB2B605-C952-4156-B6A4-5BE44D2114F1}" = lport=5357 | protocol=6 | dir=in | app=system |
"{8CDE8634-7AAD-477A-86FC-3FF455404F75}" = lport=137 | protocol=17 | dir=in | app=system |
"{8D0161E1-DF1B-4D59-8871-445DF509F646}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{90B819EC-1052-44C8-93CF-54FCDFA8FF54}" = lport=27453 | protocol=6 | dir=in | name=bitcomet 27453 tcp |
"{90C3880F-B109-4D7A-8DD9-EA44D0428948}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{95ED74F9-2217-4768-B35E-A0A2AD4F43C4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{9D513D10-E390-4E96-A468-ECC55DBF54AD}" = rport=5358 | protocol=6 | dir=out | app=system |
"{9DF16157-2269-4AA3-8B7F-94FBEEE9E695}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A9C667E2-6051-49FD-AD4A-42CE795C9AD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9FC1847-F9C7-474E-BFF0-7359C88B4095}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{ACFF22D7-644B-41D9-B1EE-C9320FAD9EAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B51CA6BB-B1D7-4332-A767-5991A1A2DAFF}" = lport=5358 | protocol=6 | dir=in | app=system |
"{C126D724-D4DD-4055-B4F2-64AEB54C8714}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{C7806FCD-8924-4353-AE55-EAA265EE7A1D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CAD4363D-699C-4122-8C4E-6E0C745715BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE833EF8-E18E-44F6-8C73-176D5AC5D086}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D9D712BA-6ED8-45E8-B737-7FF25E4559BC}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{DFE78FE1-8C85-4887-B994-6C3E6CEFBFBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F235506A-4CDA-4338-94E2-770B9D1EA3D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F6F60E21-139F-4EFB-A433-1B6599A05E1D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{FBDAC23D-F75E-4638-9EFB-E40C136EA361}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{FD65456D-2098-414F-8972-5422A16935F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE062CC4-DA5F-4692-B448-D45D36EEBC69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE112FC9-B641-48FD-81D7-A9B237A41624}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04519C5D-FD39-43D5-AFB6-6A6DAE6854CC}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{04DFE30C-FED6-4798-8E37-6B5E46400021}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{0FF3FA2B-9B9F-4B11-9F06-D882E88A6414}" = protocol=6 | dir=in | app=c:\program files\crosus\crosusapp.exe |
"{106F96DD-ABAD-46A3-BAC0-563DEFD77B54}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{14101E73-582E-4041-8A18-ED5C563DEF81}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{1B2CBF05-6CC5-46DB-BBBA-E89912F4C7DE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1D8B49A4-2A55-4E5A-A117-D2CE28429317}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{259FC8AF-BCF0-4AC6-B6B2-02B7C78B7BA7}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{2E503931-AEB7-4452-8FB4-D9A35D1ABA9D}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{328A8CA9-06B3-4A83-9915-B2DE23C795B2}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{331E44EC-F393-4AB7-8096-C67EA4B80158}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{37F9F999-48C0-48E2-9938-396C9E11FB70}" = protocol=58 | dir=in | [email protected],-28545 |
"{38256C35-C058-45F4-B28E-637D05768D31}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{470BABC6-21C0-4417-B7C2-6C8027DBCEA6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E22DD0E-AFFB-402E-8B88-9AEFD713472D}" = protocol=58 | dir=out | [email protected],-28546 |
"{50A3510F-C5A2-47A7-A3DF-B6566B337E9D}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{547B7AE6-EB5F-4C58-A780-67176C0377A9}" = protocol=17 | dir=in | app=c:\program files\igwarlord\igwarlord.exe |
"{55CDEAE2-B3E8-4A66-81C5-30024C0FC8CD}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{5CA68201-0BBD-44E9-9962-C8BE7603DD52}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{6638D450-0D95-444B-92B6-0F456F25B802}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6898BF3C-C894-4C3D-A0FB-B28739B52DBF}" = protocol=6 | dir=in | app=c:\program files\igwarlord\igwarlord.exe |
"{6AD29D7D-1253-42E5-9568-81B23C4377DA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{6DE9F8C1-4D63-4496-9F35-E6C40B485695}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{7217005A-A346-40AA-B87D-8082C9C416E0}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{7411006F-0030-42B3-B091-1CE3CDBE2863}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{75038F93-4E91-4A7A-954B-1871A0A41140}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{777B38CC-091F-45EE-8EA3-ED1DB15DAE94}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{78DB6B3B-91EB-415D-8A98-1FAEC76D6F85}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{826F1A29-A873-4A19-9B83-09C08F66A282}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{83BC555F-DDC1-438B-88E9-99797003222A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{85586D7F-6A5A-4708-AA21-956787BF75C5}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8A1FC70E-98B7-4A82-AC89-BDEEEF01F7DA}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{8AD84EA2-D763-4904-9701-D05873158364}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8C826617-5F1E-477F-86B5-8CB060832AEF}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{8F7CB120-8CBA-4265-842F-7286695505F8}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{90F33CEC-FB35-4AF1-980B-1CFFF7EA72EF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{9DC31921-4EA9-4EA2-A074-F57BED5992F4}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A0A729A3-CC76-41A2-8A33-B6D90D3408FD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A2F8EC91-3186-49DC-BB41-9BAE7F4F5456}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{A8E37400-7437-43D6-9751-FF0ABCF2A09E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AB28EAF7-0D18-47AB-BA8D-FA19AB8C3810}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{AB5C086A-A032-4DBD-9A87-1D8A60745AD9}" = protocol=17 | dir=in | app=c:\program files\crosus\crosusapp.exe |
"{BF468162-77F8-449C-8B51-E4B4D08E9EFE}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{BF7DCB81-A169-4A7B-AF27-2BE10930A571}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\il 2 sturmovik 1946\il2fb.exe |
"{C36366D2-88FD-47B0-B862-FD2B4AF4AA8A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C5158CCC-74B1-42A5-8C9D-73077DFE8811}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{C6961B61-2040-42B4-9416-960BA7A28083}" = protocol=1 | dir=in | [email protected],-28543 |
"{CFCA44E1-4443-4CCA-8170-0AFCE1BCE74F}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{D1DB79B2-EFA7-4525-8B85-A64379F7FA05}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{DB041AB2-26F4-412D-BD74-94E43056D977}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{DB4A4226-D895-411F-9CAD-2C317AE57223}" = protocol=1 | dir=out | [email protected],-28544 |
"{DBC3FB1C-2EC9-45E7-B7AA-417C45BE9867}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\il 2 sturmovik 1946\il2fb.exe |
"{DE80F37C-416F-4E0C-8157-ED078D5C4EA8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{E388BB8A-C8B0-48B6-A1BA-9BFACD13B12F}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{E6C88931-A532-4137-B7D2-99865B37CAA3}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{EE672616-112D-4D80-8255-1854C5845BCA}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{FAF4CAD8-CEF5-4FBF-9F4F-5BE45FD57FFB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FDCC8B6B-9BCB-4067-9A41-78204B5C5515}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0AC46C60-7311-4526-9A29-A9FFBE51F4C1}C:\users\hp\desktop\cybergate rat\cybergate v1.07.5.exe" = protocol=6 | dir=in | app=c:\users\hp\desktop\cybergate rat\cybergate v1.07.5.exe |
"TCP Query User{4AEBF88C-3F01-4A3E-B687-0BD629AB6CE1}C:\program files\steam\steamapps\common\altitude\altitude.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\altitude\altitude.exe |
"TCP Query User{4B3BC77F-267E-4E8B-81B0-0C4A3EF3DFA8}C:\program files\cycles3d\cycles3d.exe" = protocol=6 | dir=in | app=c:\program files\cycles3d\cycles3d.exe |
"TCP Query User{50085703-8DF7-4C6A-90EE-81EA7ED96FCD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{52BC3A37-2102-4527-94B0-9CE1E2C4BD68}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5780ACB1-F972-409F-A851-6800F1C71FD0}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{67C98351-6287-4BC4-A2E7-723A82CA89F6}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{7F268A5D-63A2-43E1-B8FE-4A59DEB37E49}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe |
"TCP Query User{878AF055-5C10-4426-9824-08A439FFBD37}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8BDC2F38-EDA6-40AA-A15C-D350275BDB44}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{99D8EEA4-0BDB-4148-B3D6-C140A8549BAA}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{A160D9CD-A44D-435B-89E1-4B0181BCF1B2}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{A32F67B3-6F3A-42C3-A4FC-603ACD6A0DA0}C:\users\hp\appdata\local\temp\rar$ex01.776\mess-mania v7.0\mess-mania v7.0.exe" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\temp\rar$ex01.776\mess-mania v7.0\mess-mania v7.0.exe |
"TCP Query User{A6DE03E4-2B36-4A56-BA8E-98C324186FCB}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{AB217FBF-1DBD-4672-A828-2C38B2918608}C:\users\hp\desktop\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\hp\desktop\stronghold crusader\stronghold crusader.exe |
"TCP Query User{AE67B464-817D-48DD-8EC8-EBE945F43F3E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B0F8D9C7-D50B-4B2B-B0A4-DCD0D2C4AD4E}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{BD47F36C-6CF8-4ACD-A693-67931599E339}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{C5461062-925A-4022-9B5F-FAD6DB9077B1}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{D37F32DA-32AE-43E0-8B2B-D47D9A068424}C:\program files\htc\aces high ii\aceshigh.exe" = protocol=6 | dir=in | app=c:\program files\htc\aces high ii\aceshigh.exe |
"TCP Query User{DC30549C-B969-4AEF-B760-87F2EFF90E39}C:\program files\take2\hidden and dangerous deluxe\bin\hde.exe" = protocol=6 | dir=in | app=c:\program files\take2\hidden and dangerous deluxe\bin\hde.exe |
"TCP Query User{E0E4FD12-5C7A-46DA-8E29-162C98A95E50}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{ED0AD769-F91C-4E80-ABF6-D781E2435F35}C:\users\hp\desktop\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\hp\desktop\stronghold crusader\stronghold crusader.exe |
"TCP Query User{ED4F45C6-A450-43CB-A27D-CC887AAAE337}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{FECFA52A-2765-45C0-A3D6-DC444541365E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{1E9880BE-BD36-4FF8-A823-60C66707F0D4}C:\program files\cycles3d\cycles3d.exe" = protocol=17 | dir=in | app=c:\program files\cycles3d\cycles3d.exe |
"UDP Query User{1FDBDFBD-8C63-4F67-89BB-97D1EA66EE36}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{2CA95F58-E960-4D02-BC75-A6623A958C91}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3A2B4B4E-00E4-4B93-AC7C-44BE198F77B4}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3C0DC302-5572-4F11-9FF6-0152E5AD606C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4BA804A6-95C1-4A05-8874-03393B5C2025}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{4D3A099A-A450-4E05-A7E4-25FF36A5DF7B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4D5BA5AB-CF3A-439F-8740-B78446EB7832}C:\program files\htc\aces high ii\aceshigh.exe" = protocol=17 | dir=in | app=c:\program files\htc\aces high ii\aceshigh.exe |
"UDP Query User{57864DE8-BDC5-414C-BBB0-E2A55C354F64}C:\program files\steam\steamapps\common\altitude\altitude.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\altitude\altitude.exe |
"UDP Query User{5EA1E72E-0CC8-40F6-9796-8C3F945260DB}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe |
"UDP Query User{6AEA1FBB-53A1-45DF-9E35-FF72E5411F6D}C:\users\hp\desktop\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\hp\desktop\stronghold crusader\stronghold crusader.exe |
"UDP Query User{8BB511A2-044A-4678-B56F-953BEE659C5E}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{9444CE3B-C41B-4D69-AE92-D27224268042}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{A0412059-76F4-4E68-A70A-89A42C7E7551}C:\users\hp\desktop\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\hp\desktop\stronghold crusader\stronghold crusader.exe |
"UDP Query User{B9AA566A-127F-4B99-B2FF-A820F1B2B594}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{C4D604F9-09F1-4739-850C-E24584709BDA}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{D061BDCD-010E-4CA1-87DB-C3DE6E7D96E5}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{D42AE256-0644-4E07-BB4F-CC40853FE75D}C:\users\hp\appdata\local\temp\rar$ex01.776\mess-mania v7.0\mess-mania v7.0.exe" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\temp\rar$ex01.776\mess-mania v7.0\mess-mania v7.0.exe |
"UDP Query User{D7281541-0655-4DFD-AB33-1E7AE5BE02BA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D8D5EF5A-2808-4CC9-BB6A-51E1B9512235}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{EB0263AF-8849-4523-B43E-6F0F086DB309}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{EEB026AE-D321-412B-8D52-01D380778CC3}C:\program files\take2\hidden and dangerous deluxe\bin\hde.exe" = protocol=17 | dir=in | app=c:\program files\take2\hidden and dangerous deluxe\bin\hde.exe |
"UDP Query User{F0A9E401-90FC-4F3C-B0B7-48F54FCEBA4E}C:\users\hp\desktop\cybergate rat\cybergate v1.07.5.exe" = protocol=17 | dir=in | app=c:\users\hp\desktop\cybergate rat\cybergate v1.07.5.exe |
"UDP Query User{F2AAA87E-85B3-4FAE-9840-B0AF80BBEE7C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F44094C8-BDC8-4E77-9DBB-705C454CE84F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}" = Cisco EAP-FAST Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{5783F2D7-7004-0409-0002-0060B0CE6BBA}" = AutoCAD Architecture 2009
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{934B3B19-8193-467A-B356-E73F82647D38}" = Cisco LEAP Module
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAD1449B-DF0C-4118-B76D-68C54009576C}" = Cisco PEAP Module
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"AutoCAD Architecture 2009" = AutoCAD Architecture 2009
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"Championship Manager 01-02" = Championship Manager 01-02
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hardware Helper_is1" = Hardware Helper
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2008a" = MATLAB R2008a
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SopCast" = SopCast 3.0.3
"Steam App 1250" = Killing Floor
"Steam App 15320" = IL-2 Sturmovik: 1946
"Steam App 17480" = Command and Conquer: Red Alert 3
"Steam App 41300" = Altitude
"Steam App 630" = Alien Swarm
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"ULTIMATER" = Microsoft Office Ultimate 2007
"Veetle TV" = Veetle TV 0.9.17
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1370110664-3231659383-877778500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/05/2010 15:19:31 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =

Error - 10/05/2010 12:15:25 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =

Error - 10/05/2010 13:15:25 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =

Error - 16/05/2010 10:38:01 | Computer Name = HP-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 19/05/2010 20:57:05 | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Faulting application SynTPEnh.exe, version 10.0.13.2, time stamp 0x46eb4307,
faulting module SynTPEnh.exe, version 10.0.13.2, time stamp 0x46eb4307, exception
code 0xc0000409, fault offset 0x0002899c, process id 0x804, application start time
0x01caf4ffe397018c.

Error - 24/05/2010 12:32:07 | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = The program il2fb.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: ea8 Start Time: 01cafb5e47162e30 Termination Time: 51

Error - 25/05/2010 18:28:17 | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = The program HPAdvisor.exe version 1.4.19.2433 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 868 Start Time: 01cafc54b20b86c2 Termination Time: 113

Error - 25/05/2010 18:57:18 | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = The program il2fb.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: c80 Start Time: 01cafc595e34ef02 Termination Time: 29

Error - 29/05/2010 22:37:51 | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = The program javaw.exe version 6.0.180.7 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 3e4 Start Time: 01caff9d7eb7a790 Termination Time: 87

Error - 29/05/2010 23:14:26 | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = The program javaw.exe version 6.0.180.7 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: b88 Start Time: 01caffa5bca42080 Termination Time: 137

[ Media Center Events ]
Error - 18/11/2008 09:48:35 | Computer Name = HP-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 31/05/2009 09:05:16 | Computer Name = HP-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 20/01/2010 05:15:43 | Computer Name = HP-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 28/04/2009 22:00:06 | Computer Name = HP-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4523
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 25/10/2010 14:57:28 | Computer Name = HP-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 27/10/2010 23:48:50 | Computer Name = HP-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 04:40:04 on 28/10/2010 was unexpected.

Error - 27/10/2010 23:49:46 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 30/10/2010 19:46:43 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/10/2010 09:13:00 | Computer Name = HP-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.9. The computer with the IP address 192.168.0.2 did not
allow the name to be claimed by this computer.

Error - 31/10/2010 17:46:02 | Computer Name = HP-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.9 for the Network Card with network
address 001F3AB4DEBC has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 31/10/2010 20:51:02 | Computer Name = HP-PC | Source = bowser | ID = 8003
Description =

Error - 31/10/2010 23:52:09 | Computer Name = HP-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.14 for the Network Card with network
address 001F3AB4DEBC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 01/11/2010 08:30:46 | Computer Name = HP-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.9. The computer with the IP address 192.168.0.4 did not
allow the name to be claimed by this computer.

Error - 01/11/2010 12:03:44 | Computer Name = HP-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.9 for the Network Card with network
address 001F3AB4DEBC has been denied by the DHCP server 143.53.150.100 (The DHCP
Server sent a DHCPNACK message).

Error - 02/11/2010 17:26:34 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#7
Essexboy
Posted 03 November 2010 - 01:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi unfortunately you gave me two GMER logs and no OTL main log, this is one I need. Also what are your problems
  • 0

#8
Essexboy
Posted 07 November 2010 - 03:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP