Total Vista Security Virus

View previous topic View next topic Go down

Total Vista Security Virus

Post by BeardedPeaches on Mon Mar 15, 2010 4:40 am

Hi,

I have the Total Vista Security virus. It seems like a new version because before I came here I tried previously known methods of removing it, but they failed. I couldn't identify any virus files in my registry or on my hard drive. However, whenever the virus runs (a couple fake security center windows pop up at startup or when I run ANY .exe file) a process called Ave.exe appears in the Task Manager. I can't figure out how to disable this from running on startup. I can still run almost any .exe using some work around methods and I can run Task Manager, regedit, and msconfig. The only thing that really doesn't work is Internet Explorer. The virus stops me from going anywhere with a fake web page, so I'm typing this on a different computer.

Here's my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:20 PM, on 3/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
F:\Virus Removal\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: fe.trymedia.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\system32\STacSV64.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 9462 bytes

BeardedPeaches
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-08-05
OS OS : Vista
Points Points : 26893
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Vista Security Virus

Post by Belahzur on Mon Mar 15, 2010 9:47 pm

Hi Roger.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total Vista Security Virus

Post by BeardedPeaches on Tue Mar 16, 2010 1:20 am

Sorry I forgot to mention I already tried Malwarebytes. I also completely reinstalled and reupdated it and ran both a quick and full scan, but it found nothing.

I'm now getting error messages when I try to run some programs and they fail to start. Also my computer hangs on startup.

BeardedPeaches
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-08-05
OS OS : Vista
Points Points : 26893
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Vista Security Virus

Post by Belahzur on Tue Mar 16, 2010 5:03 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total Vista Security Virus

Post by BeardedPeaches on Wed Mar 17, 2010 2:01 am

I noticed ave.exe in the following log file, under appdata/local. Is it okay if I delete it?

OTL logfile created on: 3/16/2010 6:31:42 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = F:\Virus Removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 202.68 Gb Free Space | 71.53% Space Free | Partition Type: NTFS
Drive D: | 14.75 Gb Total Space | 7.96 Gb Free Space | 54.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3.72 Gb Total Space | 2.63 Gb Free Space | 70.59% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEACHES
Current User Name: Stephen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/16 18:27:38 | 000,556,032 | ---- | M] (OldTimer Tools) -- F:\Virus Removal\OTL.exe
PRC - [2010/03/14 18:27:50 | 000,202,752 | -HS- | M] () -- C:\Users\Stephen\AppData\Local\ave.exe
PRC - [2009/12/15 16:43:23 | 002,752,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/04 18:19:45 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/03 14:20:29 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/03/19 20:55:02 | 000,161,776 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
PRC - [2008/05/02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2007/08/22 21:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2010/03/16 18:27:38 | 000,556,032 | ---- | M] (OldTimer Tools) -- F:\Virus Removal\OTL.exe
MOD - [2009/08/23 17:22:59 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/04/10 23:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/05/02 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/09/24 18:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/09/04 13:18:40 | 000,470,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2009/09/04 13:18:36 | 007,636,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/04/11 00:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2008/05/02 02:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 20:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/11/09 15:24:36 | 000,242,688 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\STacSV64.exe -- (STacSV)
SRV - [2010/03/10 22:18:22 | 002,462,256 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3648.dll -- (Akamai)
SRV - [2009/10/30 19:36:31 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/04 18:19:45 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/03 14:20:29 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/03/29 21:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/10/16 19:31:12 | 000,906,752 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008/06/05 14:57:09 | 000,047,104 | ---- | M] (absoƖute Software Corp.) [Disabled | Stopped] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2007/08/22 21:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/22 21:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/11/24 16:50:25 | 000,089,680 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2009/11/24 16:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/11/24 16:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/11/24 16:49:10 | 000,053,840 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2009/11/24 16:49:00 | 000,027,216 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2009/07/14 11:18:49 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WudfPf.sys -- (WudfPf)
DRV:64bit: - [2009/05/28 22:52:36 | 005,437,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2009/04/10 22:40:06 | 000,694,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2009/04/10 22:39:57 | 000,178,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/04/10 22:39:55 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2009/04/10 22:39:53 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2009/04/10 22:39:35 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WinUSB.sys -- (WinUSB)
DRV:64bit: - [2008/06/29 08:12:32 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2008/05/10 18:56:36 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2008/02/29 03:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/02/29 03:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008/02/28 23:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 19:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 19:47:27 | 000,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 19:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 19:47:02 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2008/01/20 19:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 19:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 19:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2008/01/20 19:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2008/01/17 20:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 15:25:58 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/10/03 01:18:20 | 000,136,704 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007/08/07 17:31:16 | 003,154,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel(R)
DRV:64bit: - [2007/07/26 09:28:54 | 000,055,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srs_sscfilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV:64bit: - [2007/07/15 17:20:20 | 000,095,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2007/07/15 17:20:20 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2007/07/15 17:20:18 | 000,088,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2007/06/15 22:34:22 | 000,052,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2007/05/31 19:29:06 | 000,330,544 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Si3531.sys -- (Si3531)
DRV:64bit: - [2007/05/23 17:47:28 | 000,020,784 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/05/09 09:37:52 | 000,484,736 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MarvinAVS64.sys -- (PinnacleMarvinAVS)
DRV:64bit: - [2007/04/03 19:52:12 | 000,022,832 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2007/04/03 19:52:12 | 000,017,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2007/02/12 13:37:22 | 000,537,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/11/01 22:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/06 19:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2008/01/20 19:49:57 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUSB)
DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: trymedia.com ([fe] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 71.9.127.107
O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Key error. - C:\Program Files (x86)\Stardock\MyColors\fast64.dll File not found
O24 - Desktop WallPaper: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/09 21:13:15 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 01:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4491b231-1a3e-11dd-be08-001e4cd3f382}\Shell - "" = AutoRun
O33 - MountPoints2\{4491b231-1a3e-11dd-be08-001e4cd3f382}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ec2f253e-432e-11dd-9798-001e4cd3f382}\Shell - "" = AutoRun
O33 - MountPoints2\{ec2f253e-432e-11dd-9798-001e4cd3f382}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37:64bit: - HKCU\...exe [@ = secfile] -- "C:\Users\Stephen\AppData\Local\ave.exe" /START "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = secfile] -- "C:\Users\Stephen\AppData\Local\ave.exe" /START "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2010/03/15 14:47:37 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/03/14 21:25:31 | 000,182,784 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/03/14 21:25:31 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/03/14 21:25:31 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/03/14 21:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/14 21:22:03 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2010/03/14 19:39:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/11 04:01:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/11 04:01:27 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/11 04:01:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/11 04:01:24 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/08 22:34:18 | 000,000,000 | ---D | C] -- C:\Users\Stephen\Photos
[2010/03/04 18:09:58 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\Cool Record Edit Pro
[2010/03/04 17:53:12 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll
[2010/03/04 17:53:12 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll
[2010/03/04 17:53:12 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2010/03/04 17:53:12 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll
[2010/03/04 17:53:12 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2010/03/04 17:53:12 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioVisualization2.dll
[2010/03/04 17:53:12 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll
[2010/03/04 17:53:12 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll
[2010/03/04 17:53:12 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTTextToAudio2.dll
[2010/03/04 17:53:12 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTWMAFile2.dll
[2010/03/04 17:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Sound Recorder
[2010/03/03 21:24:41 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\Free Sound Recorder
[2010/03/03 19:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CFS-Technologies
[2010/03/03 19:53:10 | 000,000,000 | ---D | C] -- C:\Windows\lhsp
[2010/02/23 16:13:22 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/23 16:13:21 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/23 16:12:10 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/23 16:12:10 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/23 16:12:10 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/23 16:12:09 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/23 16:12:08 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/23 16:12:08 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/23 16:12:08 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/23 16:12:08 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/23 16:12:07 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/23 16:12:07 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/23 16:12:07 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/23 16:12:07 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/23 16:12:07 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/23 16:12:07 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/23 16:12:06 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010/02/23 16:12:06 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/23 16:12:06 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/23 16:12:06 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/23 16:11:52 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/02/23 16:11:52 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/02/23 16:11:50 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/02/23 16:11:50 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/02/23 16:11:50 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/02/23 16:11:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/02/19 20:38:34 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Futuremark
[2008/05/10 18:56:35 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\Stephen\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/16 18:36:56 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/16 18:36:56 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/16 18:36:56 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/16 18:31:57 | 015,728,640 | -HS- | M] () -- C:\Users\Stephen\NTUSER.DAT
[2010/03/16 18:31:54 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B39B94A7-04CD-44BD-9B8F-86C82369E3AD}.job
[2010/03/16 18:31:45 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/16 18:31:28 | 000,011,066 | -HS- | M] () -- C:\Users\Stephen\AppData\Local\B21UFLfk3
[2010/03/16 18:31:28 | 000,011,066 | -HS- | M] () -- C:\ProgramData\B21UFLfk3
[2010/03/16 18:30:20 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/16 18:30:20 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/16 18:29:37 | 000,193,249 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/16 18:29:37 | 000,193,249 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/16 18:29:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/16 18:29:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/16 18:29:00 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 21:25:20 | 000,182,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/03/14 21:25:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/03/14 21:25:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/03/14 21:25:19 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2010/03/14 19:39:55 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 18:34:13 | 000,524,288 | -HS- | M] () -- C:\Users\Stephen\NTUSER.DAT{74df4110-fadc-11dd-8062-001e4cd3f382}.TMContainer00000000000000000001.regtrans-ms
[2010/03/14 18:34:13 | 000,065,536 | -HS- | M] () -- C:\Users\Stephen\NTUSER.DAT{74df4110-fadc-11dd-8062-001e4cd3f382}.TM.blf
[2010/03/14 18:33:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/14 18:33:46 | 001,360,604 | -H-- | M] () -- C:\Users\Stephen\AppData\Local\IconCache.db
[2010/03/14 18:27:50 | 000,202,752 | -HS- | M] () -- C:\Users\Stephen\AppData\Local\ave.exe
[2010/03/14 14:52:11 | 000,007,336 | ---- | M] () -- C:\Users\Stephen\AppData\Roaming\wklnhst.dat
[2010/03/14 14:52:11 | 000,005,120 | ---- | M] () -- C:\Users\Stephen\Desktop\Workout Log.wdb
[2010/03/14 09:10:59 | 000,001,460 | ---- | M] () -- C:\Users\Stephen\AppData\Local\d3d9caps64.dat
[2010/03/08 22:50:11 | 000,295,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/08 22:28:04 | 000,071,104 | ---- | M] () -- C:\Users\Stephen\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/08 21:14:21 | 000,000,155 | ---- | M] () -- C:\Windows\cncscore.ini
[2010/03/04 17:53:14 | 000,001,803 | ---- | M] () -- C:\Users\Stephen\Desktop\Cool Record Edit Pro.lnk
[2010/03/04 17:53:14 | 000,000,804 | ---- | M] () -- C:\Users\Stephen\Desktop\Free Sound Recorder.lnk
[2010/02/20 16:15:56 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/02/20 16:14:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/02/20 16:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/02/20 16:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/14 19:39:55 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 19:37:13 | 4293,320,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/14 18:27:51 | 000,011,066 | -HS- | C] () -- C:\Users\Stephen\AppData\Local\B21UFLfk3
[2010/03/14 18:27:51 | 000,011,066 | -HS- | C] () -- C:\ProgramData\B21UFLfk3
[2010/03/14 18:27:50 | 000,202,752 | -HS- | C] () -- C:\Users\Stephen\AppData\Local\ave.exe
[2010/03/13 22:22:21 | 000,005,120 | ---- | C] () -- C:\Users\Stephen\Desktop\Workout Log.wdb
[2010/03/11 20:56:29 | 000,367,704 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_vcredistMSI2566.txt
[2010/03/11 20:56:28 | 000,011,246 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_vcredistUI2566.txt
[2010/03/08 21:14:21 | 000,000,155 | ---- | C] () -- C:\Windows\cncscore.ini
[2010/03/04 17:53:14 | 000,001,803 | ---- | C] () -- C:\Users\Stephen\Desktop\Cool Record Edit Pro.lnk
[2010/03/04 17:53:14 | 000,000,804 | ---- | C] () -- C:\Users\Stephen\Desktop\Free Sound Recorder.lnk
[2010/03/04 17:53:12 | 000,113,486 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2010/01/29 20:01:02 | 000,418,528 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_vcredistMSI7781.txt
[2010/01/29 20:01:01 | 000,011,164 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_vcredistUI7781.txt
[2010/01/11 22:28:28 | 000,193,249 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/01/11 22:28:28 | 000,193,249 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/21 15:03:53 | 000,592,760 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_vcredistMSI2CE0.txt
[2009/12/21 15:03:51 | 000,014,378 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_vcredistUI2CE0.txt
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/20 15:25:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 15:23:44 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/17 11:41:20 | 000,028,137 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\OFMissionEditorConfig.xml
[2009/09/22 20:02:30 | 000,000,433 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/08/27 16:08:39 | 000,041,888 | ---- | C] () -- C:\Windows\SysWow64\drivers\Oreans.sys
[2009/08/23 15:27:10 | 000,080,422 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_vcredistUI1EC3.txt
[2009/08/01 12:21:32 | 000,425,850 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_vcredistMSI59BF.txt
[2009/08/01 12:21:31 | 000,064,068 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_vcredistUI59BF.txt
[2009/07/05 16:08:51 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2009/06/18 20:08:15 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/04/03 18:40:07 | 000,000,036 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\TheHunterSettings.cfg
[2008/12/18 22:39:49 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\cncs232.dll
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/11/06 09:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008/11/06 09:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008/10/20 18:38:12 | 001,880,788 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_NET_Framework35_x64_MSI7E26.txt
[2008/10/20 18:37:29 | 000,175,825 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/10/20 18:37:24 | 000,004,572 | ---- | C] () -- C:\Users\Stephen\AppData\Local\uxeventlog.txt
[2008/10/20 18:37:24 | 000,000,002 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_dotnetfx35error.txt
[2008/10/20 18:37:23 | 000,139,048 | ---- | C] () -- C:\Users\Stephen\AppData\Local\dd_dotnetfx35install.txt
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/08/11 16:18:28 | 000,000,680 | ---- | C] () -- C:\Users\Stephen\AppData\Local\d3d9caps.dat
[2008/07/09 17:29:00 | 000,013,890 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\UserTile.png
[2008/06/29 12:50:35 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2008/06/29 12:50:35 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2008/06/29 12:50:35 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2008/06/29 12:39:30 | 000,000,307 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/06/11 14:46:24 | 000,265,730 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008/06/06 19:13:06 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/06/03 16:41:59 | 000,000,024 | ---- | C] () -- C:\ProgramData\__FileUploader.log
[2008/06/01 00:13:10 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2008/05/29 21:01:31 | 000,001,460 | ---- | C] () -- C:\Users\Stephen\AppData\Local\d3d9caps64.dat
[2008/05/15 16:54:36 | 000,007,336 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\wklnhst.dat
[2008/05/11 18:15:46 | 000,000,552 | ---- | C] () -- C:\Users\Stephen\AppData\Local\d3d8caps.dat
[2008/05/10 18:56:36 | 000,000,034 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\pcouffin.log
[2008/05/10 18:56:35 | 000,093,696 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\ezpinst.exe
[2008/05/10 18:56:35 | 000,007,176 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\pcouffin.cat
[2008/05/10 18:56:35 | 000,001,167 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\pcouffin.inf
[2008/05/08 15:51:02 | 000,053,248 | ---- | C] () -- C:\Users\Stephen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/29 22:20:30 | 000,140,481 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\nvModes.001
[2008/04/29 22:19:37 | 000,140,481 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\nvModes.dat
[2008/03/21 19:34:51 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2008/03/12 16:11:08 | 000,058,792 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2008/03/12 13:11:17 | 000,001,000 | ---- | C] () -- C:\Windows\registry.ini
[2008/03/12 13:11:17 | 000,000,438 | ---- | C] () -- C:\Windows\registry-oem.ini
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/14 18:24:14 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\wceprv.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:302A9871
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1043 bytes -> C:\ProgramData\TEMP:CFAFAA98
< End of report >


Last edited by BeardedPeaches on Wed Mar 17, 2010 3:00 am; edited 1 time in total

BeardedPeaches
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-08-05
OS OS : Vista
Points Points : 26893
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Vista Security Virus

Post by BeardedPeaches on Wed Mar 17, 2010 2:02 am

And here is extras...please note that I downloaded OTL to a flash drive and then ran it because I can't use Internet Explorer on the infected computer.

OTL Extras logfile created on: 3/16/2010 6:31:42 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = F:\Virus Removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 202.68 Gb Free Space | 71.53% Space Free | Partition Type: NTFS
Drive D: | 14.75 Gb Total Space | 7.96 Gb Free Space | 54.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3.72 Gb Total Space | 2.63 Gb Free Space | 70.59% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEACHES
Current User Name: Stephen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Users\Stephen\AppData\Local\ave.exe ()

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BF 16 02 C2 D3 5B CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-987286777-748312672-3327065692-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"30564:TCP" = 30564:TCP:LocalSubNet:Enabled:Multiplicity Port

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"MULTIPL.EXE" = MULTIPL.EXE:LocalSubNet:Enabled:Multiplicity
"MULTISRV32.EXE" = MULTISRV32.EXE:LocalSubNet:Enabled:Multiplicity Service
"C:\Program Files (x86)\Combat Arms\CombatArms.exe" = C:\Program Files (x86)\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Program Files (x86)\Combat Arms\Engine.exe" = C:\Program Files (x86)\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"MULTIPL.EXE" = MULTIPL.EXE:LocalSubNet:Enabled:Multiplicity
"MULTISRV32.EXE" = MULTISRV32.EXE:LocalSubNet:Enabled:Multiplicity Service
"C:\Program Files (x86)\Combat Arms\CombatArms.exe" = C:\Program Files (x86)\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Program Files (x86)\Combat Arms\Engine.exe" = C:\Program Files (x86)\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033E7F07-2246-4D72-AA92-EE9C34539784}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{05403BAB-BE5E-4FA9-8164-095C2AD53C8B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{057C1A27-F441-43BB-8564-CC917BF156B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{090294E5-8B2C-4E2E-B167-B10B36A12106}" = lport=57893 | protocol=6 | dir=in | name=akamai netsession interface |
"{11C3EF9D-D940-4ECD-A806-71900C7F1073}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{23A430E5-17A1-477F-8A57-06E18C8EF7DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B8AC4E0-4C79-4E78-A177-9A4314787516}" = rport=138 | protocol=17 | dir=out | app=system |
"{2C10DE0A-3765-44F9-B2C2-4479F3EC1957}" = rport=139 | protocol=6 | dir=out | app=system |
"{37DD6586-B65B-477E-8B13-CF27EF7467BB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{381A438F-5CED-4E36-814B-CDED06A5F0E3}" = lport=58047 | protocol=6 | dir=in | name=akamai netsession interface |
"{499F31AF-CCAE-4980-9803-44A7B85D81FA}" = lport=58760 | protocol=6 | dir=in | name=akamai netsession interface |
"{4AA48292-BE97-4125-A218-52C49484DA87}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{508F7747-7CF0-417B-A200-371A6689BEFB}" = lport=6112 | protocol=17 | dir=in | name=soase |
"{614E40FC-3891-4C45-A4E2-73F5ED339CE0}" = lport=49203 | protocol=6 | dir=in | name=akamai netsession interface |
"{6E307EBF-73D1-4913-BB95-32D32BA822E8}" = lport=58778 | protocol=6 | dir=in | name=akamai netsession interface |
"{6F2D031E-F1B6-4D2C-BA3D-4CA68C250EAD}" = lport=137 | protocol=17 | dir=in | app=system |
"{6FA63729-1826-4389-AE39-C86803CA94A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{75353F5C-FC27-463D-AEB0-64D9FB181CD7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C806FBB-1E06-4ED1-88FD-E9C96E2178A7}" = rport=137 | protocol=17 | dir=out | app=system |
"{7FA43601-B5BC-49FA-B41E-9712952EBD30}" = lport=6112 | protocol=6 | dir=in | name=soase port tcp |
"{800E7F73-6216-482D-9F1B-CD1C0C3951D7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8F97FFE1-B7C5-4179-B170-1D9311F015E5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9DB25E22-2F90-4693-8157-2FA22FE4BBC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A60D2142-80EE-4D12-93F5-A8AC835D215D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AE4CB06F-E1A9-4764-8CA4-DCEF69BFF69B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BAD27A10-4C41-4E4A-AEDC-697AC2057CF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0C14138-1D42-4E5F-9E5A-278D96730BF6}" = lport=50575 | protocol=6 | dir=in | name=akamai netsession interface |
"{D01979E3-02C5-4364-AD44-12A075F87F71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4A7C306-24B5-4E69-A475-7787D7ADE901}" = lport=50543 | protocol=6 | dir=in | name=akamai netsession interface |
"{DB5E5149-E982-417C-AE58-126AA75642D0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E5B5E92F-47EE-49CF-AB15-F0386D75B75B}" = lport=139 | protocol=6 | dir=in | app=system |
"{E6DE087C-6510-456B-BBEA-46510E2FA966}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E836BC1C-F2DD-4420-81D7-8ED7B040D74D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBD3E68A-C6F2-4480-9CF8-104EBF07D27E}" = lport=49192 | protocol=6 | dir=in | name=akamai netsession interface |
"{EFD107B8-3443-4D12-A0F2-351A338D4241}" = lport=445 | protocol=6 | dir=in | app=system |
"{F3D4FC1F-6C78-4786-A846-A1B412A87992}" = lport=50301 | protocol=6 | dir=in | name=akamai netsession interface |
"{F60F9503-5B7F-481E-8D0F-2158E3CD363E}" = lport=61156 | protocol=6 | dir=in | name=akamai netsession interface |
"{FAC4D9D4-5BC5-4DCA-94E0-098CEC9F84B5}" = lport=49246 | protocol=6 | dir=in | name=akamai netsession interface |
"{FDE55D85-A421-469C-B7C1-BD5C55260CEB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{FF4E1BF3-2DF7-4DD0-BDF3-15CC0E880BEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01299FE3-E129-4E87-AB8D-2DEE0E6F5EC2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0195BD03-A205-464C-BA70-4A97D47FDA25}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0889B2D3-138A-4C31-A298-9B64992091DB}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{0D0A2779-B2F2-49D4-B38D-62B9568EFF39}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 11\programs\rm.exe |
"{19F86268-DFDF-44B8-9647-F4E57D37F316}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{1F80839B-A82A-4D8D-94BB-115EE37A6C3F}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 11\programs\studio.exe |
"{27023A2A-041C-43C9-836C-35D77F271387}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{27522ECF-5DBF-4C6D-9173-FCC9E641491A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{29017800-E4B8-4039-BE6E-E8AF1190CDD8}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{297D23B9-AC68-4EEB-AB58-76F5453C9141}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{29C44553-6F60-4359-8706-F7BC560B8395}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{2C2B96B1-7E58-47D8-84B3-76CBFE24EDB8}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 11\programs\umi.exe |
"{2E4C4CB7-4371-4655-8DD5-200AB15BE770}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 11\programs\umi.exe |
"{2EDB4D8B-91C3-43E6-88C7-86942E1F2140}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{33B65556-4C88-4950-B415-265E7837AB3A}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{38D05B9D-3D24-4858-B178-FBB4851F56DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3EF3DA6D-3E28-48EF-9E9B-DEE64617E401}" = protocol=6 | dir=out | app=system |
"{430F6D0D-5B54-406F-8CDD-8B5C82B5B732}" = protocol=17 | dir=in | app=c:\program files (x86)\combat arms\nmservice.exe |
"{47FA3655-49B2-435F-8D4B-27025801C0B4}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{5302C062-570B-4225-9D2D-A13140152A0E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{556C8079-68EF-4B4C-8C3E-A6C7B0337F4D}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5889EF73-0565-4A72-96DF-2EB94DD26FA6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{62E34C5B-DD2E-4E56-BCE7-12BCF3A03C8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{65F4DDAE-BBE0-4DCD-8E1D-EDB51F260044}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 11\programs\rm.exe |
"{681EA9B5-443C-490B-B016-DAC7F71D5FAA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe |
"{6AC29492-7924-40E6-80C1-256F069A4BE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{7AEB09CE-7A3D-44E5-88A1-0A3FE45115F7}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{7D4C69D0-3500-4460-8B56-0325D24A97A1}" = protocol=6 | dir=in | app=c:\program files (x86)\astoundstereo\aseproc.exe |
"{7EDC8A86-ED6B-471E-94B6-C1248EF3BA37}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{84C5F9FA-F19B-4DC3-BFDB-D7870DE407EB}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\demigod demo\bin\demigod.exe |
"{85308D7A-2D09-46CC-B43C-F3DDD36CDFCB}" = dir=in | app=c:\users\stephen\appdata\local\temp\hp\ojp8000va809_basic_12_en\setup\hpznui40.exe |
"{95F0EFB6-6164-45D8-95CA-A79003986501}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{96B9C3A5-E699-442A-BDB4-76AD3AD9C421}" = protocol=6 | dir=in | app=c:\program files (x86)\worldshift demo\bin\worldshift.exe |
"{9D01A422-BB70-4935-A0F0-9980BC7F5F05}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A36EA5A5-5F9E-415B-AA2B-3CAFF66C8324}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{A72A199E-E5BC-4050-9AD4-C410DB1FE865}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{A8B67778-B39D-4DAA-971F-E24CA63F7DFC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{AC3961FC-9369-4D3D-A033-F12FD35079DB}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{B305D15B-1461-43B5-BF29-BFB4F68B3F6A}" = protocol=17 | dir=in | app=c:\program files (x86)\astoundstereo\aseproc.exe |
"{B91850DE-C521-4A81-ABCC-F65EEE6F3485}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{BAF96B52-C088-4270-9B48-A4C75363B260}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe |
"{C65E1708-B4E4-41E5-A08E-0241D9635759}" = protocol=6 | dir=in | app=c:\program files (x86)\combat arms\nmservice.exe |
"{C80A0769-02F7-4BAD-92C9-54F9238C45E4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CC969196-4474-495B-8173-7B5FFF1D605D}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{CCE58604-C796-4BC0-ACC9-FEF4135447CE}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{CD48758A-CFD4-4424-ABCA-2D8FB2FF5B7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CE5054C0-D930-4B29-8FF1-4FB9A4EB3703}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe |
"{CFC98E80-A995-4590-BFF5-0D595D71C816}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 11\programs\studio.exe |
"{D09190CD-DA3A-45F7-BA62-A0448DC2D4A6}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2 demo\bf2.exe |
"{D14697BC-4D62-4E8E-B90B-4E422B0F2128}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{D54DA037-DB34-487C-ABA8-808D5C11CB06}" = protocol=17 | dir=in | app=c:\program files (x86)\worldshift demo\bin\worldshift.exe |
"{D67EA730-52AE-457F-A6DB-AC723B711AD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{D97AE5D1-DC74-4454-95EF-A091877FC6A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E11E196F-1FEB-497B-BE99-D53CB0DB57F4}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{E22D826B-206D-4C4A-B5C8-097BE34BE15F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe |
"{E2E91981-D86E-4C8F-B0C8-FC732C06AA69}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{E3501B95-6DD1-46E5-9BCD-A7063B9A21D1}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{E544C1E3-19B5-42A2-94EF-41A409D4BE76}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2 demo\bf2.exe |
"{E6F931ED-8EDE-4819-83A5-B66F3FACFFAE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe |
"{ED1583DE-5F25-40A7-9CDD-81143127DF72}" = protocol=6 | dir=in | app=c:\program files (x86)\astoundstereo\astoundstereo.exe |
"{ED844226-322D-4E7D-BEFE-800AA9B286E3}" = protocol=17 | dir=in | app=c:\program files (x86)\astoundstereo\astoundstereo.exe |
"{F33C0579-E697-4995-B26C-F61B010E6A2F}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\demigod demo\bin\demigod.exe |
"{F3450054-787E-4AB9-AA9F-8F377EEC9187}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F3F0D6D3-2427-46C2-8980-2A2897D79929}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F8979F63-8F07-4EF9-9CBA-8A0FECE96B3C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{FF9A8884-6FF6-42D6-B94E-CDBD8E7B710F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe |
"TCP Query User{00DB404D-5ADC-46D8-B9B7-EDC134163C23}C:\program files (x86)\thq\pandemic studios\full spectrum warrior\launcher.locked" = protocol=6 | dir=in | app=c:\program files (x86)\thq\pandemic studios\full spectrum warrior\launcher.locked |
"TCP Query User{0403154A-C0CA-43F3-9AF8-062EE38C14F2}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{0B05770A-2825-45D3-86B8-C490A75FD1F1}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{0B3BA31C-8E56-45C6-8087-843AFB1784C3}C:\program files (x86)\steam\steamapps\gregory7\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\half-life 2 deathmatch\hl2.exe |
"TCP Query User{0C1F684B-7086-4D22-9D2C-55A4088A34E1}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{1858D8F6-81B8-4A96-A669-C364548EADDF}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{1D622FEB-33C2-4B5C-9CD1-0DA6DDA645E4}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"TCP Query User{22786E1D-7873-431D-BA84-71631D03C346}C:\program files (x86)\patrician 2\patrician 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\patrician 2\patrician 2.exe |
"TCP Query User{2D8ECCFA-1A2E-4531-B15E-2E880B4D2020}C:\program files (x86)\ubisoft\demo\gearbox software\brothersinarmseib\system\bia.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\demo\gearbox software\brothersinarmseib\system\bia.exe |
"TCP Query User{36F857AA-9ECD-4CBD-AD11-0E3156C4B12D}C:\program files (x86)\steam\steamapps\gregory7\synergy\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\synergy\hl2.exe |
"TCP Query User{3C3851D2-B72A-4F48-86E1-E55B3AC641F6}C:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3oshelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3oshelper.exe |
"TCP Query User{44D99A42-8592-4CB9-AE1A-6B70B3A111B0}C:\program files (x86)\steam\steamapps\gregory7\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\insurgency\hl2.exe |
"TCP Query User{453F045F-3F60-441B-9884-D9875E299407}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45C99942-854E-4DFE-B3B2-4D80F96DB6F7}C:\program files (x86)\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"TCP Query User{46C90587-5707-4A9F-82C7-B636F2C20AB9}C:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd |
"TCP Query User{55F47DEE-F305-4C1D-8A24-3FB02B2264D0}C:\program files (x86)\tremulous\tremulous.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tremulous\tremulous.exe |
"TCP Query User{5706F51B-539A-4151-B82F-E7592C21C265}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{5B4B5936-2952-4F1A-895D-9514CEAEB48D}F:\patrician 2\patrician 2.exe" = protocol=6 | dir=in | app=f:\patrician 2\patrician 2.exe |
"TCP Query User{6279C96A-E63B-482C-9146-DA9FA5C99B62}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"TCP Query User{7200B653-BE81-4D37-B017-A136752137C1}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"TCP Query User{73AAB7FA-FE83-470B-B568-76A8D5209AF8}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo custom edition\haloce.exe |
"TCP Query User{74F29696-9A87-4AE7-84C8-C143CD480E1B}C:\program files (x86)\strategy first\patrician 2\patrician 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\strategy first\patrician 2\patrician 2.exe |
"TCP Query User{7552B9F5-DDA6-48B6-B892-2C4BE694706F}C:\program files (x86)\activision\call of duty - world at war beta\codwawbeta.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war beta\codwawbeta.exe |
"TCP Query User{79FC694F-C5FB-4167-84A1-B975EDC1C6B5}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{7BC07105-1743-40F3-872D-4BB7F35EDB3F}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"TCP Query User{7D80687F-12FF-441F-B3C7-CE90E677211E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{7DEAED91-72C8-4109-AADF-58B5E6C0FD2D}C:\program files (x86)\steam\steamapps\mathias12131415\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mathias12131415\source sdk base\hl2.exe |
"TCP Query User{8D22E2B3-747D-4D42-BC99-AF9ACC3687E9}C:\program files (x86)\thq\supreme commander\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\supreme commander\gpgnet\gpg.multiplayer.client.exe |
"TCP Query User{92CA0A15-1771-47CD-9ACE-4A080A6A44BB}C:\program files (x86)\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\homeworld2\bin\release\homeworld2.exe |
"TCP Query User{92E18A73-5223-4A38-BC91-00D26F0FE91C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{95EBC0DC-230E-4730-821F-D92C59C252CA}C:\program files (x86)\steam\steamapps\gregory7\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\source sdk base\hl2.exe |
"TCP Query User{96240981-F47E-4680-BD06-EF875C0471E9}C:\program files (x86)\call of duty\coduomp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty\coduomp.exe |
"TCP Query User{9852CB6E-C2B8-418C-8479-D155087634EB}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"TCP Query User{98F53EBA-2B8B-40B3-9ABE-B7BA3E24980F}C:\program files (x86)\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe" = protocol=6 | dir=in | app=c:\program files (x86)\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe |
"TCP Query User{A3A029F4-36A6-43B8-9C3A-E62477C2FFCB}C:\program files (x86)\thq\supreme commander\bin\supremecommander.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\supreme commander\bin\supremecommander.exe |
"TCP Query User{A59C8CB4-2571-4D72-B939-39AFB91F516B}C:\program files (x86)\steam\steamapps\gregory7\age of chivalry\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\age of chivalry\hl2.exe |
"TCP Query User{A9333FE8-4A02-4244-A0A0-143A4AD813BC}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{B0431D9B-CCE2-4590-99C1-24903E3C527C}C:\program files (x86)\steam\steamapps\gregory7\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\source sdk base\hl2.exe |
"TCP Query User{BA5B83CC-C62F-41F4-9A48-1BFA7BFCD865}C:\program files (x86)\midway home entertainment\rise and fall\riseandfall.exe" = protocol=6 | dir=in | app=c:\program files (x86)\midway home entertainment\rise and fall\riseandfall.exe |
"TCP Query User{BCD1ABCB-1A5F-40D0-8C01-F3F3614436D0}C:\program files (x86)\acdn hawks\run\dmcr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acdn hawks\run\dmcr.exe |
"TCP Query User{BE94CA7B-F594-4ED2-B65B-5F5F67E7AE98}C:\program files (x86)\steam\steamapps\gregory7\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\day of defeat source\hl2.exe |
"TCP Query User{C0A0DFBE-547D-4ABE-8F0E-013095676749}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"TCP Query User{CFBA4A90-F8F8-4F6E-8EF5-5D87C60341C4}C:\program files (x86)\steam\steamapps\gregory7\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\counter-strike source\hl2.exe |
"TCP Query User{D5CE4C41-EAC7-4CFC-A8F4-7870A3C066F5}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe |
"TCP Query User{F44DCAAC-DA19-4BEA-A593-28B12EB28F89}C:\program files (x86)\emote launcher\emote\launcher\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emote launcher\emote\launcher\launcher.exe |
"TCP Query User{FDB0BB35-31A0-4C6D-A50E-15F8B5F26FC1}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"TCP Query User{FEA49A05-7E6B-4605-8A76-9CA91EFEC2A4}C:\program files (x86)\steam\steamapps\gregory7\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\source sdk base 2007\hl2.exe |
"TCP Query User{FF4EE794-3736-43A6-826A-10E1F26A7822}C:\program files (x86)\steam\steamapps\gregory7\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\zombie panic! source\hl2.exe |
"UDP Query User{0048C8E0-FF30-486D-922F-55E652572467}C:\program files (x86)\steam\steamapps\gregory7\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\zombie panic! source\hl2.exe |
"UDP Query User{005D2C8A-BB89-492A-860C-C2E795CE2863}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{03FBEE2D-F95B-4B85-B7B5-269DADC28043}C:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3oshelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3oshelper.exe |
"UDP Query User{0C91817F-E50C-41B2-8D64-326C45299856}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{108F56B8-4235-47E2-8E03-42DBC4738707}C:\program files (x86)\acdn hawks\run\dmcr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acdn hawks\run\dmcr.exe |
"UDP Query User{11DBB3CC-1963-4A96-8377-F94BAD3148F8}C:\program files (x86)\steam\steamapps\gregory7\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\insurgency\hl2.exe |
"UDP Query User{1848B79F-6647-4BDA-81DB-0625306574A2}C:\program files (x86)\steam\steamapps\gregory7\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\source sdk base\hl2.exe |
"UDP Query User{27FCA270-94F5-465D-B0E9-A9933AA93D47}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{34854E76-90C2-4578-892A-2ABBF52539A4}C:\program files (x86)\emote launcher\emote\launcher\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emote launcher\emote\launcher\launcher.exe |
"UDP Query User{39AC3F8D-1DAB-4550-98D4-B3591FC77820}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{3DDD0A26-F18B-40FF-949B-08FF866E6625}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"UDP Query User{485B93CA-1696-4697-AE27-9C9C9CD1B992}C:\program files (x86)\steam\steamapps\gregory7\age of chivalry\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\age of chivalry\hl2.exe |
"UDP Query User{486E629D-8EE1-43AE-8159-32B38264C5BE}C:\program files (x86)\ubisoft\demo\gearbox software\brothersinarmseib\system\bia.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\demo\gearbox software\brothersinarmseib\system\bia.exe |
"UDP Query User{490EBECE-D5A2-4AA7-BEEF-CDEE0754EE55}C:\program files (x86)\steam\steamapps\gregory7\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\day of defeat source\hl2.exe |
"UDP Query User{4951335A-DCC0-4EB1-A272-478CA9E741DB}C:\program files (x86)\steam\steamapps\gregory7\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\source sdk base 2007\hl2.exe |
"UDP Query User{50EBF419-8C9E-49BF-85F5-CAD32475144A}C:\program files (x86)\thq\supreme commander\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\supreme commander\gpgnet\gpg.multiplayer.client.exe |
"UDP Query User{52860FB9-F972-4587-8370-A23DA1220C41}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{5A01D629-805F-4951-91DD-E144DFC195E8}F:\patrician 2\patrician 2.exe" = protocol=17 | dir=in | app=f:\patrician 2\patrician 2.exe |
"UDP Query User{5D66D4C2-0BE8-4F6F-8070-0655534C52FF}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo custom edition\haloce.exe |
"UDP Query User{6006085A-3569-497D-BF25-F772A8CAF32E}C:\program files (x86)\steam\steamapps\gregory7\synergy\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\synergy\hl2.exe |
"UDP Query User{638355C2-BC52-47C7-A3D0-8D48E07B6853}C:\program files (x86)\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe" = protocol=17 | dir=in | app=c:\program files (x86)\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe |
"UDP Query User{657EF807-072A-4346-B363-E06E22D43938}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"UDP Query User{6F61F192-4091-4498-B160-3C81B7C2B0E0}C:\program files (x86)\strategy first\patrician 2\patrician 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\strategy first\patrician 2\patrician 2.exe |
"UDP Query User{6F736E6A-8AA2-45ED-9025-5654E56DD5F2}C:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd |
"UDP Query User{77CC98D8-16E8-4432-82FD-CEEE2D5E4A82}C:\program files (x86)\thq\pandemic studios\full spectrum warrior\launcher.locked" = protocol=17 | dir=in | app=c:\program files (x86)\thq\pandemic studios\full spectrum warrior\launcher.locked |
"UDP Query User{7FF497C8-F150-4BB1-8C7C-4F09BDE0D060}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"UDP Query User{84DA6A71-E9D2-459E-B19E-EC504D2861A0}C:\program files (x86)\steam\steamapps\gregory7\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\counter-strike source\hl2.exe |
"UDP Query User{8914B855-107E-434A-A466-850E7DB4C72D}C:\program files (x86)\steam\steamapps\mathias12131415\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mathias12131415\source sdk base\hl2.exe |
"UDP Query User{903838A1-ACD6-43A4-9FD4-45B437E043FC}C:\program files (x86)\tremulous\tremulous.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tremulous\tremulous.exe |
"UDP Query User{A1886600-9F31-4420-A098-BA7AEE397B2C}C:\program files (x86)\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\homeworld2\bin\release\homeworld2.exe |
"UDP Query User{A52109F0-428B-4F19-A719-2800EB3361F4}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{AD4295FC-4838-46CD-8A15-3471F5AB4FF8}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe |
"UDP Query User{B1C69F47-25D0-4E7F-8F76-78D710F1636D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{B1C798FC-D12A-40A5-835B-DE8443ECC161}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B3FA0326-BD31-4224-AFA6-627530788E6F}C:\program files (x86)\activision\call of duty - world at war beta\codwawbeta.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war beta\codwawbeta.exe |
"UDP Query User{B4B686FA-403F-419E-8926-5827BDCF0E89}C:\program files (x86)\steam\steamapps\gregory7\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\half-life 2 deathmatch\hl2.exe |
"UDP Query User{B9658A16-2420-4214-886B-03F93AE82292}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{C4694971-4F70-4196-BD65-F774AF82D602}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"UDP Query User{C680A3C8-871A-4A0B-8A05-B774F7E8A81B}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"UDP Query User{C6A66156-6E37-480F-9611-DF852F48F721}C:\program files (x86)\thq\supreme commander\bin\supremecommander.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\supreme commander\bin\supremecommander.exe |
"UDP Query User{C9EC994C-FE4C-4106-BBE1-1CDEA6B17FEE}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"UDP Query User{D51E901F-FEC7-4DA2-997D-B625438610D5}C:\program files (x86)\call of duty\coduomp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty\coduomp.exe |
"UDP Query User{D8D9BEF3-A94A-4AD4-B505-D2F85AD9CE2C}C:\program files (x86)\patrician 2\patrician 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\patrician 2\patrician 2.exe |
"UDP Query User{E10C5A0D-B7FE-4C7F-97C7-E073F3B322DD}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{EC6B604A-185F-4E74-9102-5E4F332CA665}C:\program files (x86)\midway home entertainment\rise and fall\riseandfall.exe" = protocol=17 | dir=in | app=c:\program files (x86)\midway home entertainment\rise and fall\riseandfall.exe |
"UDP Query User{EDE4E718-16B6-4CC9-AFF5-2E34CBCE714D}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{F0EC5647-B5C1-45C6-A964-004D3BF30FAA}C:\program files (x86)\steam\steamapps\gregory7\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gregory7\source sdk base\hl2.exe |
"UDP Query User{F75B4EA5-C7D3-4840-B1C0-A88E6C3B29AF}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5400
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{68451E5C-0A9C-4D5C-8D06-6E296242E908}" = 64 Bit HP CIO Components Installer
"{6AE1CCC4-E49F-4107-BBCA-7B5984F47AE1}" = Network64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E7EEEE67-CF08-4301-88EC-70313E110458}" = HP Officejet Pro 8000 A809 Series
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1649DB2E-D0E1-41CB-8E04-504904B371BB}" = SAPI5SR
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4599F880-0BB8-4F56-8E9C-5EC98B378A30}" = 8000A809_BasicWeb
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5194F1F9-2C98-4481-B9AA-A2078B56AF4E}" = The Entente Demo
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CA53298-AB86-49C7-8040-D5E7BA2F703A}" = NVIDIA PhysX Particle Fluid Demo
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8EC5ACA2-745B-4BE0-9BEE-9355582CA3DB}" = 8000A809_Help_BasicWeb
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{994351DD-1653-425A-AC0B-AB38CB6D686D}" = Aliens vs. Predator 2 Single-Player Demo
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D88A52E-DAEB-4438-A05C-84F90F1C9E2F}" = Kohan II Kings of War Demo
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAB8F9CE-A8E9-4CE8-B64D-00C1F09242E8}" = SWAT 4 Gold
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B42F73D4-AFDA-4761-B3F4-23A872D11339}" = Morrowind
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"avast!" = avast! Antivirus
"Cossacks : Back To War" = Cossacks - Back To War
"Da Vinchi game version 1.0_is1" = Da Vinchi game version 1.0
"FLV Player" = FLV Player 2.0 (build 25)
"Free Sound Recorder_is1" = Free Sound Recorder 2010 v8.2.1
"Google Updater" = Google Updater
"Graphical Enhancement Resources" = Graphical Enhancement Resources 2.5
"Graphical Enhancement Textures" = Graphical Enhancement Textures 2.5
"Halo" = Microsoft Halo
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"Impulse" = Impulse
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9D88A52E-DAEB-4438-A05C-84F90F1C9E2F}" = Kohan II Kings of War Demo
"InsurgencyMod" = Insurgency: Modern Infantry Combat
"LHTTSENG" = L&H TTS3000 British English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Money2007b" = Microsoft Money Essentials
"Mount&Blade Warband" = Mount&Blade Warband
"MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Music Mod" = Music Mod 1.0
"ObjectDock" = ObjectDock
"OFP:DR Damage Rebalance MOD" = OFP:DR Damage Rebalance MOD
"OpenAL" = OpenAL
"PiLfIuS!_is1" = PiLfIuS! 0.9
"PoiZone" = PoiZone
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"Resistance And Liberation" = rnl alpha4_full
"RivaTuner" = RivaTuner v2.22
"SourceForts" = SourceForts
"Speakonia_is1" = Speakonia
"Steam App 1250" = Killing Floor
"Steam App 12900" = Audiosurf
"Steam App 17510" = Age of Chivalry
"Steam App 17700" = Insurgency
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"SumatraPDF" = SumatraPDF
"SystemRequirementsLab" = System Requirements Lab
"Toxic Biohazard" = Toxic Biohazard
"Tunatic" = Tunatic
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WhiteCap" = WhiteCap
"WinLiveSuite_Wave3" = Windows Live Essentials
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Muziic Player & Encoder" = Muziic Player & Encoder
"Sins of a Solar Empire" = Sins of a Solar Empire

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/5/2008 4:06:59 PM | Computer Name = Peaches | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
failed, 00000005.

Error - 7/7/2008 2:34:22 PM | Computer Name = Peaches | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Stephen\AppData\Local\Microsoft\Messenger\BeardedPeaches@hotmail.com\SharingMetadata\Working\database_40DE_3C12_DE3B_FEAA\fsr.log
failed, 00000005.

Error - 7/10/2008 8:56:43 PM | Computer Name = Peaches | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C11MH75Z\bones[1].htm
failed, 00000005.

Error - 7/14/2008 2:39:19 PM | Computer Name = Peaches | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\SysWOW64\conime.exe failed, 00000005.

Error - 7/27/2008 3:17:08 PM | Computer Name = Peaches | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Stephen\AppData\Local\Microsoft\Messenger\BeardedPeaches@hotmail.com\SharingMetadata\Logs\Dfsr00005.log
failed, 00000005.

Error - 8/12/2008 5:56:56 PM | Computer Name = Peaches | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

Error - 8/21/2008 3:17:55 PM | Computer Name = Peaches | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files (x86)\Internet Explorer\iedw.exe failed, 00000005.

Error - 8/24/2008 3:27:07 PM | Computer Name = Peaches | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IU7OWY5D\all[1].htm
failed, 00000005.

Error - 10/20/2008 10:05:02 PM | Computer Name = Peaches | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Stephen\AppData\Local\Microsoft\Messenger\BeardedPeaches@hotmail.com\SharingMetadata\Working\database_40DE_3C12_DE3B_FEAA\fsr.log
failed, 00000005.

Error - 8/23/2009 6:12:28 PM | Computer Name = Peaches | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.] failed, 00000083.


[ Application Events ]
Error - 2/27/2010 12:26:17 AM | Computer Name = Peaches | Source = WPDMTPDriver | ID = 80836
Description =

Error - 2/27/2010 2:17:06 AM | Computer Name = Peaches | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x47e2d72b,
exception code 0xc0000005, fault offset 0x003d553e, process id 0x1234, application
start time 0x01cab7724115d100.

Error - 2/28/2010 4:33:53 PM | Computer Name = Peaches | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module materialsystem.dll, version 0.0.0.0, time stamp 0x473a5955, exception
code 0xc0000005, fault offset 0x0000ab06, process id 0x388, application start time
0x01cab8acbc60a340.

Error - 2/28/2010 4:42:48 PM | Computer Name = Peaches | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module materialsystem.dll, version 0.0.0.0, time stamp 0x473a5955, exception
code 0xc0000005, fault offset 0x0000ab06, process id 0x1388, application start time
0x01cab8b584974d20.

Error - 3/1/2010 10:18:32 PM | Computer Name = Peaches | Source = System Restore | ID = 8193
Description =

Error - 3/2/2010 11:11:58 PM | Computer Name = Peaches | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module d3d9.dll, version 6.0.6002.18005, time stamp 0x49e03705, exception
code 0xc0000005, fault offset 0x0004b468, process id 0xfa4, application start time
0x01caba7f24debaf0.

Error - 3/6/2010 1:40:54 AM | Computer Name = Peaches | Source = WPDMTPDriver | ID = 80836
Description =

Error - 3/9/2010 1:07:04 AM | Computer Name = Peaches | Source = Application Error | ID = 1000
Description = Faulting application mount&blade.exe, version 0.7.3.0, time stamp
0x490b190a, faulting module mount&blade.exe, version 0.7.3.0, time stamp 0x490b190a,
exception code 0xc0000005, fault offset 0x001116bd, process id 0x1778, application
start time 0x01cabf43f297c090.

Error - 3/9/2010 1:50:22 AM | Computer Name = Peaches | Source = WinMgmt | ID = 10
Description =

Error - 3/11/2010 11:28:25 AM | Computer Name = Peaches | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 7/8/2008 9:03:36 PM | Computer Name = Peaches | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/14/2008 9:08:08 PM | Computer Name = Peaches | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/22/2008 8:25:56 PM | Computer Name = Peaches | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 11/28/2008 3:44:48 PM | Computer Name = Peaches | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 12/18/2008 12:00:02 AM | Computer Name = Peaches | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/1/2009 2:51:48 AM | Computer Name = Peaches | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/29/2009 1:34:08 PM | Computer Name = Peaches | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/31/2009 4:33:08 PM | Computer Name = Peaches | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/11/2009 3:27:53 PM | Computer Name = Peaches | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/3/2009 5:46:44 PM | Computer Name = Peaches | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/16/2010 9:31:14 PM | Computer Name = Peaches | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Partition_1.

Error - 3/16/2010 9:31:14 PM | Computer Name = Peaches | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Partition_1.

Error - 3/16/2010 9:31:14 PM | Computer Name = Peaches | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Partition_1.

Error - 3/16/2010 9:31:14 PM | Computer Name = Peaches | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Partition_1.

Error - 3/16/2010 9:31:14 PM | Computer Name = Peaches | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Partition_1.

Error - 3/16/2010 9:31:14 PM | Computer Name = Peaches | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Partition_1.

Error - 3/16/2010 9:31:31 PM | Computer Name = Peaches | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Partition_1.

Error - 3/16/2010 9:31:31 PM | Computer Name = Peaches | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Partition_1.

Error - 3/16/2010 9:31:51 PM | Computer Name = Peaches | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 3/16/2010 9:31:51 PM | Computer Name = Peaches | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >

BeardedPeaches
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-08-05
OS OS : Vista
Points Points : 26893
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Vista Security Virus

Post by Belahzur on Wed Mar 17, 2010 9:41 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total Vista Security Virus

Post by BeardedPeaches on Thu Mar 18, 2010 1:37 am

Thanks a lot man, my computer seems to be runnning just about 100% after running Malwarebytes again and deleting ave.exe. Anyway, here's the log file:

Malwarebytes' Anti-Malware 1.44
Database version: 3878
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/17/2010 5:59:31 PM
mbam-log-2010-03-17 (17-59-31).txt

Scan type: Quick Scan
Objects scanned: 100324
Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Stephen\AppData\Local\ave.exe" /START "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BeardedPeaches
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-08-05
OS OS : Vista
Points Points : 26893
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Vista Security Virus

Post by Belahzur on Thu Mar 18, 2010 11:25 pm

Hello.

This should be okay now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum