TR/Vundo.Gen2 can't seem to get rid of it.

View previous topic View next topic Go down

TR/Vundo.Gen2 can't seem to get rid of it.

Post by Vanzandtt on Thu Mar 25, 2010 1:05 am

Hello guys,

I'd like to start off by saying that I appreciate what you guys are doing. I've read through some of the stuff that you guys help out with and it's quite amazing how quickly things get done here. My father has his own business fixing computers, virus removals, etc. I've kind of learned what I could from him but I'm quite stumped here. I have never let a virus take over my computer and it's not going to happen now!

The virus, from what AntiVir says, is TR/Vundo.Gen2. It's a trojan, obviously.
How I got it? Received a popup and clicked it (accidentally).

At first, I was spammed with AntiVir saying it had about 17 detections all with either TR/Vundo.Gen2 or TR/Crypt.ZPACK.Gen.
After I told AntiVir to go ahead and delete the files, a Windows Security popup came up, but it said my firewall was down. (I never turn it off).
I clicked it at first, then realized I should check my processes first. I ctrl-alt-delete'd and went to processes. All the usual stuff was running except for one particular object.. ave.exe which didn't have a description in it, so I closed it. Windows Security went away! I then went to control panel, opened up the REAL security and it said everything was running normal, with the exception of UAC (which I can't stand).
Every time after that when trying to run any program (firefox, antivirus software, spybot search & destroy), I'd get the Windows Security saying it was an unknown process and it wanted to stop it.. I kept closing ave.exe as it came up. I finally went to it's source (in my Users/Van/Local/Temp) folder and it wasn't there, and yet.. it was running.

So far I've downloaded HijackThis, ran my virus scanner once and deleted everything that came up, ran spybot a billion times with the same results.. it keeps finding more trojans, even ran windows defender which kept allowing some unknown process to startup. I'm running Windows Defender again on a quick scan this time cause I'm about to head to work.

Right now my computer is running at 100% CPU usage, with only 3 things being open. My virus scanner, spybot, and firefox. It's never this slow.

Anyways, here's my HijackThis report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:18 PM, on 3/24/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
c:\program files (x86)\common files\logitech\lvmvfm\LVPrS64H.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\internet explorer\wmpscfgs.exe
C:\program files (x86)\rocketdock\rocketdock .exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2358d94e-d9d8-4634-829a-cbecb3a8b488} - C:\Windows\SysWOW64\honumopi.dll (file missing)
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Java\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files (x86)\EVGA Precision\EVGAPrecisionWrapper.exe" /s
O4 - HKLM\..\Run: [Adobe_Reader] c:\program files (x86)\internet explorer\wmpscfgs.exe
O4 - HKLM\..\Run: [widapurowi] Rundll32.exe "zelovumi.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\program files (x86)\rocketdock\rocketdock .exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Van\AppData\Roaming\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Van\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\iEvony\Skype4COM.dll
O20 - AppInit_DLLs: honumopi.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: COMServer - Unknown owner - C:\Windows\system32\msapps\comsrvr.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 11594 bytes

Vanzandtt
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Vundo.Gen2 can't seem to get rid of it.

Post by Belahzur on Thu Mar 25, 2010 1:24 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/Vundo.Gen2 can't seem to get rid of it.

Post by Vanzandtt on Thu Mar 25, 2010 1:44 am

otl.txt file. (1st one)




OTL logfile created on: 3/24/2010 9:34:56 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Van\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.98 Gb Total Space | 54.71 Gb Free Space | 12.08% Space Free | Partition Type: NTFS
Drive D: | 12.78 Gb Total Space | 1.75 Gb Free Space | 13.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 6.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VANSCOMP
Current User Name: Van
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/24 21:34:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Van\Desktop\OTL.exe
PRC - [2010/03/24 21:24:20 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/23 18:06:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/01/11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/03 19:50:27 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/08/05 22:37:40 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/09 22:35:54 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\teatimer .exe
PRC - [2008/07/14 14:43:04 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/06/11 03:51:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\rocketdock .exe
PRC - [2006/11/15 23:12:54 | 000,064,288 | ---- | M] (Logitech Inc.) -- c:\Program Files (x86)\Common Files\Logitech\LVMVFM\LVPrS64H.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,065,536 | -HS- | M] () -- C:\Windows\SysWOW64\zelovumi.dll
MOD - [2010/03/24 21:34:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Van\Desktop\OTL.exe
MOD - [2008/01/20 22:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 22:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2006/11/15 23:03:24 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/07 16:24:16 | 000,470,240 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/01/07 16:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2008/01/20 22:50:24 | 000,027,648 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 11:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2006/11/24 16:36:52 | 000,716,800 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2006/11/15 23:14:02 | 000,171,808 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV:64bit: - [2006/11/15 23:12:42 | 000,171,808 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2010/03/24 16:25:17 | 000,012,288 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\msapps\comsrvr.exe -- (COMServer)
SRV - [2010/03/23 04:21:09 | 000,271,856 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2010/03/23 04:21:09 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2010/03/04 21:38:39 | 002,462,256 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3648.dll -- (Akamai)
SRV - [2010/01/11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/03 19:50:27 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/24 23:47:18 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/05 22:37:40 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/09 22:35:54 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/27 11:39:50 | 000,170,016 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/04/26 20:05:00 | 002,870,429 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/04/15 09:42:56 | 000,273,952 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/07/27 14:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/14 14:43:04 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/11 03:51:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/12/07 23:45:29 | 000,074,880 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/07/14 14:18:49 | 000,112,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WudfPf.sys -- (WudfPf)
DRV:64bit: - [2009/06/30 18:08:56 | 000,033,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/09 12:25:12 | 000,042,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/02/18 13:25:10 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/02/18 13:25:09 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/02/07 12:14:03 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05)
DRV:64bit: - [2008/12/23 03:47:52 | 000,188,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/05 16:24:13 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/10/31 03:00:24 | 000,085,936 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2008/06/10 22:51:32 | 000,395,800 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/04/04 14:47:40 | 000,178,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiH8000.sys -- (SaiH8000)
DRV:64bit: - [2008/03/25 05:50:18 | 007,715,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/02/12 11:50:14 | 000,286,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys -- (CAXHWBS3)
DRV:64bit: - [2008/02/12 11:48:10 | 000,740,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/02/12 11:47:08 | 001,481,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:04 | 000,098,816 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2008/01/20 22:46:53 | 000,036,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WinUSB.sys -- (WinUSB)
DRV:64bit: - [2007/10/18 11:37:10 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/11/24 16:48:36 | 002,565,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/11/24 16:48:36 | 002,565,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2006/11/16 18:26:44 | 000,019,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2006/11/15 23:12:08 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV:64bit: - [2006/11/15 23:11:56 | 002,345,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys -- (LVMVDrv)
DRV:64bit: - [2006/11/15 23:11:00 | 000,997,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys -- (LVcKap64)
DRV:64bit: - [2006/11/10 23:56:34 | 000,057,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2006/11/10 23:53:07 | 000,987,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2006/11/10 23:52:55 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2006/10/18 02:00:00 | 000,052,760 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/06/19 10:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2005/11/07 06:33:12 | 000,021,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow)
DRV - [2009/04/27 21:19:02 | 000,014,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2009/02/07 12:14:03 | 000,053,248 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\acedrv05.dll -- (acedrv05)
DRV - [2009/01/14 23:39:16 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/01/20 22:49:57 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\winusb.dll -- (WinUSB)
DRV - [2007/04/13 18:43:10 | 000,105,176 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/06/19 10:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)
DRV - [2005/01/01 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.17
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.4.1.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.3.3
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.7.3
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/23 18:06:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/23 18:06:54 | 000,000,000 | ---D | M]

[2010/03/22 05:20:04 | 000,000,000 | ---D | M] -- C:\Users\Van\AppData\Roaming\Mozilla\Extensions
[2010/03/22 05:20:04 | 000,000,000 | ---D | M] -- C:\Users\Van\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/09/11 12:45:23 | 000,000,000 | ---D | M] -- C:\Users\Van\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/24 21:33:01 | 000,000,000 | ---D | M] -- C:\Users\Van\AppData\Roaming\Mozilla\Firefox\Profiles\l790g20f.default\extensions
[2010/03/10 22:07:00 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Van\AppData\Roaming\Mozilla\Firefox\Profiles\l790g20f.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/06 23:23:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Van\AppData\Roaming\Mozilla\Firefox\Profiles\l790g20f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/16 08:10:02 | 000,000,000 | ---D | M] (Demonoid Toolbar) -- C:\Users\Van\AppData\Roaming\Mozilla\Firefox\Profiles\l790g20f.default\extensions\{35b675b9-7f34-40df-8f49-5fab6b7e4aef}(50)
[2010/03/23 04:54:39 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Van\AppData\Roaming\Mozilla\Firefox\Profiles\l790g20f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/08/01 00:16:17 | 000,000,000 | ---D | M] -- C:\Users\Van\AppData\Roaming\Mozilla\Firefox\Profiles\l790g20f.default\extensions\iaplayer@instantaction.com
[2010/02/17 18:53:27 | 000,000,000 | ---D | M] -- C:\Users\Van\AppData\Roaming\Mozilla\Firefox\Profiles\l790g20f.default\extensions\personas@christopher.beard
[2010/03/10 22:07:00 | 000,000,000 | ---D | M] -- C:\Users\Van\AppData\Roaming\Mozilla\Firefox\Profiles\l790g20f.default\extensions\sxipper@sxip.com
[2010/01/21 21:22:24 | 000,004,554 | ---- | M] () -- C:\Users\Van\AppData\Roaming\Mozilla\Firefox\Profiles\l790g20f.default\searchplugins\aim-search.xml
[2009/01/06 14:28:04 | 000,000,878 | ---- | M] () -- C:\Users\Van\AppData\Roaming\Mozilla\Firefox\Profiles\l790g20f.default\searchplugins\conduit.xml
[2010/03/24 20:33:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/24 20:31:37 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2008/08/21 18:17:06 | 000,103,864 | ---- | M] (ASP) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2008/12/10 21:21:54 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2008/08/21 18:17:08 | 000,120,248 | ---- | M] (MGame) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPMFireLauncher.dll
[2009/11/29 22:42:49 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/03/20 18:37:40 | 000,380,731 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 13117 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2358d94e-d9d8-4634-829a-cbecb3a8b488} - C:\Windows\SysWOW64\zelovumi.dll ()
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ()
O4 - HKLM..\Run: [EVGAPrecision] C:\program files (x86)\evga precision\EVGAPrecisionWrapper.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\teatimer.exe ()
O4 - Startup: C:\Users\Van\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0
O8:64bit: - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8:64bit: - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Van\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\iEvony\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (honumopi.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Van\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Van\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MsMpEng.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/17 23:16:44 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2007/07/20 10:41:52 | 000,000,049 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{875f8272-e504-11dd-b376-002354031710}\Shell - "" = AutoRun
O33 - MountPoints2\{875f8272-e504-11dd-b376-002354031710}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found
O33 - MountPoints2\M\Shell\phone\command - "" = M:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37:64bit: - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/24 21:34:38 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Van\Desktop\OTL.exe
[2010/03/24 20:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/24 20:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Van\AppData\Roaming\SystemProc
[2010/03/24 20:19:46 | 000,000,000 | ---D | C] -- C:\Users\Van\AppData\Local\Temp
[2010/03/24 16:25:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\msapps
[2010/03/23 05:25:52 | 000,000,000 | ---D | C] -- C:\Users\Van\AppData\Local\The Lord of the Rings Online
[2010/03/22 05:25:18 | 000,000,000 | ---D | C] -- C:\Users\Van\AppData\Roaming\Vivox
[2010/03/17 22:13:34 | 000,000,000 | ---D | C] -- C:\LazyTown Soundtrack
[2010/03/14 03:50:57 | 000,000,000 | ---D | C] -- C:\David Stone - (Micah Dalton 02) - The Orpheus Deception - Unabridged (14.47) (MP3 - 48kb)
[2010/03/14 03:47:24 | 000,000,000 | ---D | C] -- C:\J.R.R. Tolkien - The Lord of the Rings Unabridged Audiobook
[2010/03/14 03:44:24 | 000,000,000 | ---D | C] -- C:\The Enlightened Man's Book Collection
[2010/03/14 03:29:19 | 000,000,000 | ---D | C] -- C:\Douglas Adams - Audiobooks
[2010/03/14 03:23:24 | 000,000,000 | ---D | C] -- C:\Internet Library - O
[2010/03/13 16:24:44 | 000,000,000 | ---D | C] -- C:\Users\Van\AppData\Roaming\Ventrilo
[2010/03/13 16:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/03/12 18:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
[2010/03/12 17:15:49 | 000,000,000 | ---D | C] -- C:\Users\Van\AppData\Local\BuildAGadget Content
[2010/03/04 17:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\championBuilder
[2010/03/03 11:49:11 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/03/03 09:38:55 | 000,000,000 | ---D | C] -- C:\BIOSHOCK
[2010/03/02 22:43:39 | 000,000,000 | ---D | C] -- C:\Users\Van\Documents\Command and Conquer Generals Data
[2010/03/02 22:41:00 | 000,000,000 | ---D | C] -- C:\Users\Van\Documents\Command and Conquer Generals Zero Hour Data
[2010/03/02 22:26:09 | 000,000,000 | ---D | C] -- C:\Generals
[2010/03/02 18:55:16 | 000,000,000 | ---D | C] -- C:\Generals and Zero Hour
[2010/02/26 22:46:26 | 000,000,000 | ---D | C] -- C:\Armadillo run v1.0.6
[2010/02/26 22:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Armadillo Run Demo
[2010/02/24 20:19:46 | 000,000,000 | ---D | C] -- C:\Users\Van\{0b078a6f-a69f-4790-8cae-17f52c24684a}
[2010/02/24 20:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2010/02/23 16:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/02/23 16:24:04 | 000,068,200 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/02/23 16:24:03 | 004,321,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/02/23 16:24:00 | 014,924,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/02/23 16:23:58 | 009,388,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/02/23 16:23:58 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/02/23 16:23:57 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/02/23 16:23:57 | 004,061,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/02/23 16:23:55 | 011,639,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/02/23 12:01:13 | 000,000,000 | ---D | C] -- C:\Users\Van\AppData\Local\Deployment
[2010/02/23 12:01:13 | 000,000,000 | ---D | C] -- C:\Users\Van\AppData\Local\Apps
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\Van\AppData\Local\*.tmp files -> C:\Users\Van\AppData\Local\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,065,536 | -HS- | M] () -- C:\Windows\SysWow64\naruhoku.dll
[2010/03/24 21:38:08 | 000,790,246 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/24 21:38:08 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/24 21:38:08 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/24 21:38:04 | 038,438,016 | ---- | M] () -- C:\Users\Van\Desktop\avira_antivir_personal_en.exe.part
[2010/03/24 21:38:04 | 000,000,000 | ---- | M] () -- C:\Users\Van\Desktop\avira_antivir_personal_en.exe
[2010/03/24 21:34:49 | 017,301,504 | -HS- | M] () -- C:\Users\Van\ntuser.dat
[2010/03/24 21:34:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Van\Desktop\OTL.exe
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/03/24 21:32:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/03/24 21:32:12 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/03/24 21:32:12 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/03/24 21:32:12 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/03/24 21:32:12 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/03/24 21:32:12 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/03/24 21:32:12 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/03/24 21:32:12 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/03/24 21:32:11 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/03/24 21:32:11 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/03/24 21:30:45 | 000,061,257 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/24 21:30:44 | 000,061,257 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/24 21:30:30 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 21:30:30 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 21:30:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/24 21:30:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/24 21:29:11 | 000,524,288 | -HS- | M] () -- C:\Users\Van\ntuser.dat{ce72fb3c-d300-11de-a688-002354031710}.TMContainer00000000000000000001.regtrans-ms
[2010/03/24 21:29:11 | 000,065,536 | -HS- | M] () -- C:\Users\Van\ntuser.dat{ce72fb3c-d300-11de-a688-002354031710}.TM.blf
[2010/03/24 21:29:08 | 004,964,292 | -H-- | M] () -- C:\Users\Van\AppData\Local\IconCache.db
[2010/03/24 17:16:58 | 000,030,208 | ---- | M] () -- C:\Users\Van\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/24 16:53:13 | 000,010,346 | -HS- | M] () -- C:\Users\Van\AppData\Local\Mh3jm32txN
[2010/03/24 16:53:13 | 000,010,346 | -HS- | M] () -- C:\ProgramData\Mh3jm32txN
[2010/03/24 16:53:10 | 000,203,776 | -HS- | M] () -- C:\Users\Van\AppData\Local\128822158.dll
[2010/03/24 16:25:19 | 000,203,776 | -HS- | M] () -- C:\Users\Van\AppData\Local\ave.exe
[2010/03/24 16:25:19 | 000,165,376 | ---- | M] () -- C:\Windows\Pnymia.exe
[2010/03/20 18:37:40 | 000,380,731 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/03/20 18:37:20 | 000,380,731 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100320-183740.backup
[2010/03/16 14:52:08 | 000,000,000 | ---- | M] () -- C:\Users\Van\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/03/13 16:22:51 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/10 00:08:07 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForVan.job
[2010/03/04 20:11:22 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/03/04 20:11:22 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/03/03 11:49:11 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/03/02 22:49:09 | 000,001,844 | ---- | M] () -- C:\Users\Van\AppData\Roaming\wklnhst.dat
[2010/03/02 22:24:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/02/23 16:22:39 | 000,380,176 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100320-183720.backup
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\Van\AppData\Local\*.tmp files -> C:\Users\Van\AppData\Local\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,065,536 | -HS- | C] () -- C:\Windows\SysWow64\naruhoku.dll
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/03/24 21:24:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/03/24 21:24:22 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/03/24 20:22:16 | 000,212,864 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/03/24 16:48:56 | 000,203,776 | -HS- | C] () -- C:\Users\Van\AppData\Local\128822158.dll
[2010/03/24 16:25:30 | 000,165,376 | ---- | C] () -- C:\Windows\Pnymia.exe
[2010/03/24 16:25:20 | 000,010,346 | -HS- | C] () -- C:\Users\Van\AppData\Local\Mh3jm32txN
[2010/03/24 16:25:20 | 000,010,346 | -HS- | C] () -- C:\ProgramData\Mh3jm32txN
[2010/03/24 16:25:19 | 000,203,776 | -HS- | C] () -- C:\Users\Van\AppData\Local\ave.exe
[2010/03/16 14:52:08 | 000,000,000 | ---- | C] () -- C:\Users\Van\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/03/13 16:22:40 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/04 21:39:31 | 000,334,308 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistMSI19A3.txt
[2010/03/04 21:39:30 | 000,011,198 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistUI19A3.txt
[2010/03/04 20:11:22 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/03/04 20:11:22 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/03/02 22:24:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/02/23 16:24:04 | 013,795,688 | ---- | C] () -- C:\Windows\SysNative\drivers\nvlddmkm.sys
[2010/02/23 16:24:04 | 000,065,640 | ---- | C] () -- C:\Windows\SysNative\OpenCL.dll
[2010/02/23 16:24:04 | 000,011,240 | ---- | C] () -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/02/23 16:24:04 | 000,009,163 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/02/23 16:24:03 | 020,469,352 | ---- | C] () -- C:\Windows\SysNative\nvoglv64.dll
[2010/02/23 16:24:03 | 006,020,712 | ---- | C] () -- C:\Windows\SysNative\nvwgf2umx.dll
[2010/02/23 16:23:58 | 004,325,992 | ---- | C] () -- C:\Windows\SysNative\nvcuvenc.dll
[2010/02/23 16:23:58 | 002,332,776 | ---- | C] () -- C:\Windows\SysNative\nvcuvid.dll
[2010/02/23 16:23:55 | 016,051,304 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2010/02/23 16:23:55 | 005,416,552 | ---- | C] () -- C:\Windows\SysNative\nvcuda.dll
[2010/02/23 16:23:55 | 000,202,344 | ---- | C] () -- C:\Windows\SysNative\nvcod189.dll
[2010/02/23 16:23:55 | 000,202,344 | ---- | C] () -- C:\Windows\SysNative\nvcod.dll
[2010/01/27 16:12:13 | 000,335,078 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistMSI225B.txt
[2010/01/27 16:12:13 | 000,011,230 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistUI225B.txt
[2009/12/11 14:36:36 | 000,333,864 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistMSI00EC.txt
[2009/12/11 14:36:36 | 000,013,418 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistUI00EC.txt
[2009/11/12 19:25:39 | 000,333,382 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistMSI0445.txt
[2009/11/12 19:25:37 | 000,017,618 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistUI0445.txt
[2009/11/03 20:10:20 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2009/09/11 17:36:45 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll
[2009/08/16 22:04:50 | 000,371,994 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistMSI226D.txt
[2009/08/16 22:04:50 | 000,011,212 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistUI226D.txt
[2009/08/09 21:34:54 | 000,012,996 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistUI6896.txt
[2009/08/09 21:33:40 | 000,600,003 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/08/09 21:33:37 | 000,574,624 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_dotnetfx35install.txt
[2009/08/09 21:33:37 | 000,000,002 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_dotnetfx35error.txt
[2009/08/09 21:26:05 | 000,009,232 | ---- | C] () -- C:\Windows\my.ini.old
[2009/08/09 21:11:22 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/09 20:40:50 | 000,332,928 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistMSI3F24.txt
[2009/08/09 20:40:45 | 000,030,590 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistUI3F24.txt
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/05 18:50:51 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2009/07/30 22:09:43 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/07/19 21:52:10 | 000,005,045 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr
[2009/06/30 19:54:50 | 000,061,257 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/30 19:54:47 | 000,061,257 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/27 21:53:17 | 000,028,097 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/05/27 21:53:06 | 000,033,120 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_dotnetfx3install.txt
[2009/05/27 21:53:06 | 000,000,604 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_dotnetfx3error.txt
[2009/05/18 22:27:54 | 000,416,876 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistMSI3C1D.txt
[2009/05/18 22:27:54 | 000,011,406 | ---- | C] () -- C:\Users\Van\AppData\Local\dd_vcredistUI3C1D.txt
[2009/04/17 01:46:32 | 000,564,224 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/04/17 01:46:22 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/04/17 01:46:21 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/04/17 01:46:21 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/02/20 20:49:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/02/19 08:02:19 | 000,000,091 | ---- | C] () -- C:\Users\Van\AppData\Local\fusioncache.dat
[2009/02/19 07:52:53 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/02/07 12:14:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll
[2009/01/14 23:38:26 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2009/01/12 21:01:07 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/01/11 18:49:24 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2009/01/11 18:05:10 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2009/01/11 18:05:10 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2009/01/11 18:05:10 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2009/01/11 18:05:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2009/01/11 16:00:22 | 001,559,040 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/01/11 16:00:22 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/11 15:40:59 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\FoxImager.dll
[2008/12/23 11:23:46 | 000,000,280 | ---- | C] () -- C:\Windows\Sierra.ini
[2008/12/22 20:16:38 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2008/12/19 14:47:39 | 000,001,100 | ---- | C] () -- C:\Users\Van\AppData\Local\d3d8caps.dat
[2008/12/16 00:42:11 | 000,030,208 | ---- | C] () -- C:\Users\Van\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/11 16:01:50 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2008/12/09 11:17:07 | 000,001,844 | ---- | C] () -- C:\Users\Van\AppData\Roaming\wklnhst.dat
[2008/12/02 00:00:40 | 000,002,032 | ---- | C] () -- C:\Users\Van\AppData\Local\d3d9caps.dat
[2008/12/01 23:10:30 | 000,001,460 | ---- | C] () -- C:\Users\Van\AppData\Local\d3d9caps64.dat
[2008/09/02 06:25:24 | 000,003,038 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/09/02 05:56:54 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/09/02 05:56:54 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\SysWow64\drivers\ADFUUD.SYS
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\ADFUUD.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4240575B
< End of report >

Vanzandtt
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Vundo.Gen2 can't seem to get rid of it.

Post by Vanzandtt on Thu Mar 25, 2010 1:45 am

extras.txt (2nd one)





OTL Extras logfile created on: 3/24/2010 9:34:56 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Van\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.98 Gb Total Space | 54.71 Gb Free Space | 12.08% Space Free | Partition Type: NTFS
Drive D: | 12.78 Gb Total Space | 1.75 Gb Free Space | 13.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 6.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VANSCOMP
Current User Name: Van
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1245720577-1215183912-642781557-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CFA10A-98FC-4EE0-9769-D74F58BD3EA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{087096F6-6163-4395-8288-D20640BF71D0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1822E18A-5B9E-45B9-9420-D1FF127BF518}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2CF5A8D9-6363-4EB7-B794-B8520581C997}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{32721D3B-A56D-4BAE-B5FC-A82C7092C64B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{34609677-FDB2-453F-8B16-DBFEDDC24867}" = rport=139 | protocol=6 | dir=out | app=system |
"{3564FB9B-17FF-4445-B001-964C2CBE283B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4768D9A0-2AE3-4D38-9059-66CECD3A4865}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7525AC6F-1881-4906-9D5B-FE05AD50D729}" = lport=138 | protocol=17 | dir=in | app=system |
"{7B36E8B0-5AFC-4CB5-832F-170548EF49B8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7B4FBF5E-E551-4714-A4C4-A095414127B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F2EEFF8-24BB-46E0-BD35-591A36DD1E51}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FC4692C-5AB7-42B9-8BC7-572F53858513}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E94E4D5-4CC3-41DA-8666-913A5280344F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B25D9857-5834-4277-AD74-571FABFB1646}" = rport=137 | protocol=17 | dir=out | app=system |
"{B477B1D1-67FB-4BAA-ACE0-7A735A274339}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{BCD7D48F-E3F1-4481-AB06-DBD199B99DFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E598BEB2-7783-4845-95B4-33316C48BB8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6284D3A-9581-4934-A0CE-DADC33EE8F1E}" = lport=139 | protocol=6 | dir=in | app=system |
"{E688FE8C-49A5-470F-A409-50EBF1AA692E}" = rport=445 | protocol=6 | dir=out | app=system |
"{ECC663A4-B71B-43C8-9A70-71D832690D0B}" = lport=445 | protocol=6 | dir=in | app=system |
"{F1E0D46A-1F76-44D8-94A0-0489C9EB868D}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F14A72-AB04-4CF1-8BFF-5CAA9C1698CB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{01F81270-D98F-433B-9116-A98FEDD27711}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{06F21FDB-1E4B-44FF-B364-FEE2ECEBA220}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{08DCBA1C-F475-430A-9462-8969DE99919D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{1489A8A9-B2F7-4625-AC3F-CD35841EC9EC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{14985067-CE1A-4D31-973D-DBFA75EA7DB4}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{15692E8C-E3E8-4104-B019-E26F2A2734AF}" = protocol=6 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe |
"{17A6E22F-1904-4B91-9DE7-C27B0DEF5333}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1DE7755D-828F-46FE-BE62-369EB83C9701}" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy\spybotsd.exe |
"{1EA6D469-2EEB-4E7D-BEC9-59564014AF6D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{21856B59-FC46-4188-8DDE-E3CA08509904}" = protocol=17 | dir=in | app=c:\users\van\appdata\local\temp\purplebean.exe |
"{21AC6809-911D-4E21-A32B-840EABF78155}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\logitech\lvmvfm\lvprs64h.exe |
"{2212C9CA-5127-44F6-96A3-A1C488BD954B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{24EAAD63-CE81-4E92-A2FF-737177879A98}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{263A5C02-A5C7-4786-9C3B-844A9B786D4F}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{292C880D-8183-4FD4-BAA6-83F8D5160170}" = protocol=17 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe |
"{29865A1A-A280-43D8-925A-65E120582AB6}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |
"{2B89617A-90E9-4C3E-8FD7-FA178DFDD896}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avgnt.exe |
"{3389595A-D035-4225-877D-11DCC6DE373E}" = protocol=6 | dir=in | app=c:\users\van\appdata\local\apps\2.0\k6zrtbkq.8z1\kctp8klr.kb2\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{3435DFAA-F69E-4760-87FE-F00D4E54EFAE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{35C87A24-29BB-42DA-9D3C-FED7C50FE606}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |
"{35F18C7D-71AB-4482-9E12-00572E04FB45}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{38D3C300-833C-460F-BA3E-AF6B656B74CF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{3B30F95F-FA1E-4CBF-8556-E95C0EECD2A8}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{3FBCFCD6-EBBC-47E4-83C2-ABA47FC19189}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{4174BBDC-782E-4466-96C4-F9A638970B3D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{41E63B92-929D-4CDB-9C02-BF48750177B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{441840A8-6046-4904-B89D-6B5614B2BC98}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\logitech\lvmvfm\lvprs64h.exe |
"{44BEA170-6066-47E4-9E7F-1D55EF83C61F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{46974514-07DA-4304-85AF-72D6C03692E8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{4B661D8A-488C-47AB-9F9C-15D23804B2CB}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4E3A313A-3A3D-4B07-9644-D5AAFFFD83AC}" = protocol=17 | dir=in | app=c:\users\van\appdata\local\apps\2.0\k6zrtbkq.8z1\kctp8klr.kb2\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{51725038-87A0-4637-B962-64B85E781E58}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{52E005B5-6711-4BA7-8B32-2BB03A651162}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{5330E27E-3D5B-4970-B3D4-0EF8E1C48B9C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{553FC631-4D12-4931-9F9E-D7AD00532176}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5A369875-84A4-475C-A663-6C3A94986520}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{5CA7EF67-6EB3-47A1-8206-BA4323A3A52F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5F48B757-A5F3-4D17-9E71-2D7646A9CE7F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{616F71BC-5799-4275-84BE-424B92C6C837}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{631D6A67-2AE4-4AA6-93FB-41B825E7F2A0}" = protocol=6 | dir=in | app=c:\users\van\appdata\roaming\mjusbsp\magicjack.exe |
"{63D08848-335D-4019-B4E8-373968EF24AE}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{63EDFDCE-9644-4338-ABC5-FE55834CAF19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{66093E7E-83BE-4FFB-AF20-98B0D6A59E33}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{694121A5-B31C-4AA6-B151-8ECC854E3A52}" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy\spybotsd.exe |
"{6EAE9D7F-9932-4FA3-AC95-D8F3D16F3FCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{70069681-E62C-427E-B3A9-6F01164736F3}" = protocol=6 | dir=in | app=c:\users\van\appdata\local\temp\tqugl.exe |
"{7402E993-7594-4D3F-8886-4F9A51152D25}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avgnt.exe |
"{750BCF15-EE02-4135-81C4-FE79BA8F9A2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{76C0C5BD-ED8D-43B9-B655-B111D4D20834}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{789A8DF5-7A90-4C75-BC50-1344500E774D}" = protocol=17 | dir=in | app=c:\users\van\appdata\local\temp\tqugl.exe |
"{79A92D40-60E6-4968-B197-A07B7F4AB836}" = protocol=17 | dir=in | app=c:\windows\syswow64\ctfmon.exe |
"{7E8B8FDB-281D-4B07-B6B7-2045EA0063AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{7EF266FA-39BB-4FD2-B7D2-92427B5F92A5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7F649237-EE59-475B-A42B-252DF0D592BC}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{85E36CC2-EBBB-45BB-B88D-E1D35A9496E5}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{86250390-447D-4FEB-940D-31F404B2D240}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8A157F63-7FA1-4AFF-98B4-D24FD77F75D4}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\diablo ii.exe |
"{8DF33D8D-6155-494C-B615-B707A4068C68}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avgnt.exe |
"{914AC31E-5101-47AB-8405-7814DF5F6F4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{96688271-663D-4FF5-9D95-DA92D1FEAF2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{9C7844FE-46C9-4E56-93BE-F93846D324D2}" = protocol=6 | dir=in | app=c:\users\van\appdata\local\temp\sssjrf .exe |
"{9D06713A-E9F7-4133-8321-169C92E1C337}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{9DEFAA57-8F1B-4F32-9852-0671D662DF35}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{A3688E72-2FE3-430F-9458-D26E1F49BAED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BD05240A-6595-48A3-BD4B-2A6D2C8EA46E}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{BF6BEA97-7686-409C-9F5B-18770022A316}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{C01DABE0-B478-47B0-8336-B03610FA48E5}" = protocol=6 | dir=in | app=c:\games\electronic arts\warhammer online - age of reckoning\war.exe |
"{C2B00A57-AC7C-4270-B044-9C19ABA87788}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C2F5F287-1E1A-476E-AC17-E73A0C0E01A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C52AB4BB-D474-4AAC-AE41-45CAAA4D92B0}" = dir=in | app=c:program filespando networksmedia boosterpmb.exe |
"{C673E23D-4DBF-4D93-B036-3BC3A7EDD363}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CB609438-577F-4A03-8719-04AAE4761E21}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\diablo ii.exe |
"{CDA922FE-393F-4376-A522-CF8A7DA387D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CF41C725-88E8-4233-8822-C2DA748A2199}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{D6724112-8662-464F-85AD-270A3B8BD731}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6AB4FA6-BF65-4760-BF57-AE986D8967E2}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat |
"{DAE7CC16-8DC6-4891-9630-4C20C09F3E00}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\ra3.exe |
"{DC3C8D44-9621-43F9-8D18-42B2434FEF13}" = protocol=17 | dir=in | app=c:\users\van\appdata\local\temp\sssjrf .exe |
"{DC450127-42A8-48C2-8092-C86AC784D170}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DCD8161B-9FBE-4341-82F0-D15D903C4A2C}" = protocol=17 | dir=in | app=c:\games\electronic arts\warhammer online - age of reckoning\war.exe |
"{DE62EF08-6C08-4C7E-B2EC-56A02A114F46}" = protocol=17 | dir=in | app=c:\users\van\appdata\roaming\mjusbsp\magicjack.exe |
"{E1977568-40B6-4700-846E-506582699207}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{E41A9DE1-C98E-40CF-A1F8-32421BFB8E83}" = protocol=6 | dir=in | app=c:\windows\syswow64\ctfmon.exe |
"{E649BA77-26C3-40F6-B8E4-221668D67EA2}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E6758C6F-202A-46A5-AD4C-0B94B2B3EB2C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F021BC60-1974-48D9-96C0-022910A44D8F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\ra3.exe |
"{F31168E5-7F22-4111-AA8C-EDC85C72FF2A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F68B84DF-238D-43C1-BEA5-791D4298F516}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F89FF670-0C69-4484-848A-9D312033CE15}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |
"{F922D43E-F47A-47BF-8B3B-6C09F48F2F93}" = protocol=6 | dir=in | app=c:\users\van\appdata\local\temp\purplebean.exe |
"{FA1C5160-E44E-41F7-9AE4-AA6D3434F16C}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{FAA62D66-F0F1-488E-B24F-4C87277A199A}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |
"{FF122A34-8329-4088-B4FE-EDEC5B84A2C0}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"TCP Query User{0434FB89-96AC-48B2-B6C4-53E1C674129A}C:\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\empire earth\empire earth.exe |
"TCP Query User{0C449BDB-F37D-485C-9702-2CDF4EE23717}C:\program files (x86)\darkfall\lobby.exe" = protocol=6 | dir=in | app=c:\program files (x86)\darkfall\lobby.exe |
"TCP Query User{0EC4574B-03A1-446D-9719-82A45B7BF4AF}C:\program files (x86)\steam\steamapps\xshamitzx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\team fortress 2\hl2.exe |
"TCP Query User{11DCFF6B-48C5-492C-8DB8-621BA79B6DFA}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{148D36F7-09A3-46EF-89A2-4602301F0779}C:\program files (x86)\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the lord of the rings online\lotroclient.exe |
"TCP Query User{1DA68F4C-EBEF-4745-8449-B7DD94E7612D}C:\users\van\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\van\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{3166C8AD-1E3F-4948-85A0-B369A3E7B693}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{33FDA4D8-9418-448A-ADBF-19983E51C0EA}C:\java\bin\java.exe" = protocol=6 | dir=in | app=c:\java\bin\java.exe |
"TCP Query User{344D5E43-944B-4046-B595-85152B0592E3}C:\users\public\games\world of warcraft - actual wow\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft - actual wow\launcher.exe |
"TCP Query User{45D8A811-D58C-4CD7-87C1-EF8154DDA8D1}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{4DB15C7D-815B-4BC6-AD58-5B7B0C4D869C}C:\dynamix\tribes\t1vista.exe" = protocol=6 | dir=in | app=c:\dynamix\tribes\t1vista.exe |
"TCP Query User{529825A3-7C38-4DC4-83F3-294247D71839}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{5A46818C-F2BA-4BC6-B48D-333869466AB5}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"TCP Query User{5A95A3F3-B012-45B6-92DE-E662ED711363}C:\program files (x86)\steam\steamapps\xshamitzx\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\source sdk base\hl2.exe |
"TCP Query User{5D4388C0-B559-4E11-81AB-9531F479733F}C:\users\van\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\van\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{63624128-8EDF-45CB-88C7-182D47B88F23}C:\program files (x86)\steam\steamapps\xshamitzx\dark messiah might and magic multi-player\mm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\dark messiah might and magic multi-player\mm.exe |
"TCP Query User{6D5AEA40-7949-472C-B2DE-211D4B60F725}C:\program files (x86)\steam\steamapps\xshamitzx\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\source sdk base 2007\hl2.exe |
"TCP Query User{82A85200-7D1E-4AB4-BCE8-F28C968438D2}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{8C14D56E-8ADC-4203-ACC5-DD5A82166F06}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{8EB79A7D-DD23-4A0E-B7FE-65FC49CA2D2B}C:\users\van\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\van\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{94BDABC2-F2DF-4DDC-A0C4-FB1115620DA9}C:\users\van\desktop\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\van\desktop\arcemu\arcemu-world.exe |
"TCP Query User{958A119E-1419-49FD-9461-B8E9976424AA}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{993384F7-9D51-4F5C-AC52-C1A48BA0CCC0}C:\program files (x86)\steam\steamapps\xshamitzx\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\half-life\hl.exe |
"TCP Query User{9CBB6ABC-ACFB-40BD-95B8-14F22A2646F1}C:\program files (x86)\steam\steamapps\xshamitzx\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\counter-strike source\hl2.exe |
"TCP Query User{AAFE12FB-120F-4852-ACFB-CF8111EF8FEF}C:\program files (x86)\steam\steamapps\xshamitzx\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\half-life 2 deathmatch\hl2.exe |
"TCP Query User{D371F596-40AE-4830-8603-E0C81D10472F}C:\program files (x86)\microsoft games\dungeon siege\dsloa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\dungeon siege\dsloa.exe |
"TCP Query User{E24587E7-A30F-417C-82BF-F073DEE4D998}C:\users\van\desktop\hearthstone\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\van\desktop\hearthstone\apache\bin\httpd.exe |
"TCP Query User{E726AFC0-7296-4BE1-8537-424738FD9966}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe |
"TCP Query User{E7DF56CA-37CB-46B3-9224-613E33B29329}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
"TCP Query User{F36C3D85-89CB-45A9-A896-9AC28F44DBC4}C:\users\van\desktop\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\van\desktop\arcemu\arcemu-logonserver.exe |
"TCP Query User{FF988E00-FC21-4AC5-BA1F-D486D797969A}C:\users\van\desktop\arcemu\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\van\desktop\arcemu\mysql\bin\mysqld.exe |
"UDP Query User{06A21697-8DE1-405B-973B-17D90BFBC482}C:\program files (x86)\microsoft games\dungeon siege\dsloa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\dungeon siege\dsloa.exe |
"UDP Query User{19B13E2F-AA6C-414E-BB9A-6811BF89EA5B}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe |
"UDP Query User{1EA46B73-B37B-436F-9DBC-87B9753FEDCA}C:\users\van\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\van\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{256FDA0B-2A0F-403C-A6B0-A93B4E4A2193}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{31694C31-314B-4DF2-866A-03FF226F5618}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{340E3430-72D3-4952-B761-C9E21DCB4312}C:\program files (x86)\steam\steamapps\xshamitzx\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\half-life 2 deathmatch\hl2.exe |
"UDP Query User{3E2B84D0-91FE-4B5F-8D3A-A91D5C97E391}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{4AEA559B-B3EE-4A2B-9E00-96D795D03596}C:\users\van\desktop\hearthstone\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\van\desktop\hearthstone\apache\bin\httpd.exe |
"UDP Query User{52799D48-0A47-4F4E-A2F8-638948FE060E}C:\users\van\desktop\arcemu\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\van\desktop\arcemu\mysql\bin\mysqld.exe |
"UDP Query User{63D65EB5-DBA4-4BB1-A9AB-C85283C575A5}C:\program files (x86)\darkfall\lobby.exe" = protocol=17 | dir=in | app=c:\program files (x86)\darkfall\lobby.exe |
"UDP Query User{6651D17E-D82D-4227-A594-732C0A4269FD}C:\program files (x86)\steam\steamapps\xshamitzx\dark messiah might and magic multi-player\mm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\dark messiah might and magic multi-player\mm.exe |
"UDP Query User{6B356A9E-5828-45AD-90E9-087E134AFDFE}C:\program files (x86)\steam\steamapps\xshamitzx\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\source sdk base 2007\hl2.exe |
"UDP Query User{70A47C2A-9E7F-4028-91E0-5FA8737D5A4E}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{79191F60-2BD5-4396-8B57-642EEC48E901}C:\program files (x86)\steam\steamapps\xshamitzx\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\source sdk base\hl2.exe |
"UDP Query User{7C1F535B-CB26-4CAC-BEAF-9E52BFC87668}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
"UDP Query User{7D396ADA-8561-498C-A0A8-70EE5835A629}C:\users\public\games\world of warcraft - actual wow\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft - actual wow\launcher.exe |
"UDP Query User{8474137B-7C64-4D1B-A9D4-5B8387426D5D}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{8BEC7C9E-05BF-4F16-81D8-4F55B7079620}C:\users\van\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\van\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{8F56846B-03FD-403D-AA61-E8C632060174}C:\users\van\desktop\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\van\desktop\arcemu\arcemu-world.exe |
"UDP Query User{9048B7E1-A325-49DE-9FDF-9DFE2C474760}C:\users\van\desktop\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\van\desktop\arcemu\arcemu-logonserver.exe |
"UDP Query User{91CFC451-1A8F-48F0-90BE-C07E7E6A05F8}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{9473263E-781C-4B6F-B867-754E24361033}C:\program files (x86)\steam\steamapps\xshamitzx\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\counter-strike source\hl2.exe |
"UDP Query User{9D89B26A-8E78-4CCC-9992-3994B26ADB7B}C:\program files (x86)\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the lord of the rings online\lotroclient.exe |
"UDP Query User{A5CDA874-9E38-4B25-B7BD-31C3C096F4E4}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{B269F10C-6243-4C4C-9BDE-87B873716BFC}C:\program files (x86)\steam\steamapps\xshamitzx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\team fortress 2\hl2.exe |
"UDP Query User{BFDEB535-95F3-4CAD-83B4-7A7C3BA3666D}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{C31E1805-E45C-491D-BA14-4E651689CAC8}C:\java\bin\java.exe" = protocol=17 | dir=in | app=c:\java\bin\java.exe |
"UDP Query User{C66DEAE9-8444-415C-9D27-D54442FEA162}C:\program files (x86)\steam\steamapps\xshamitzx\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xshamitzx\half-life\hl.exe |
"UDP Query User{EF95CCBF-BD26-484F-9D69-F1C6E5795A74}C:\dynamix\tribes\t1vista.exe" = protocol=17 | dir=in | app=c:\dynamix\tribes\t1vista.exe |
"UDP Query User{F2E694EE-9230-40DC-8194-A07ABBF7B76C}C:\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\empire earth\empire earth.exe |
"UDP Query User{F59603D9-C1AC-4349-9989-501508198EE8}C:\users\van\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\van\appdata\roaming\imvuclient\1vivoxvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{88C7AEBE-7C64-49B6-AC85-EA19DCD08E89}" = Logitech Audio Echo Cancellation Component for 64-bit Windows
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99C878DC-D1C9-41BC-B1C6-830852966E88}" = Logitech QuickCam
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{B0E1D8C3-099F-4705-B4D8-54E0A969B354}" = MVisn64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"Shop for HP Supplies" = Shop for HP Supplies
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB0c}" = LaTale_eu_Test
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18B91BF0-501A-4E57-AD77-8C4722D40B8A}" = PCRPG Client Updater v1.02
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2158685C-E2B3-4026-B0A1-0FFE31837AFD}" = PlayLinc
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{32F27FAA-60D1-4EC3-8502-51AEC72BF50F}" = DarkCrusade
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6102D63A-9387-4FC8-98E4-181121F8C0BA}" = MPlugin
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{65B40BE5-40B0-435D-A9DD-9167903A0448}" = The Ultimate TribesRPG Pack
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{8F99E711-CE74-4718-BE04-19D1A53A735C}" = Warhammer 40,000: Dawn Of War - Platinum Edition
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{958AF490-810C-4D3E-AA82-EBA2CE41DA20}" = Station Launcher for EverQuest II
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B763348-BDD5-4353-AFC9-F515C5B1BAFE}_is1" = Dawn of Light v1.9 r1512
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B0C60A57-0353-498B-BDF0-AE83BFE3B4B9}_is1" = championBuilder v0.4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D54049D3-256C-4E19-AAE9-861F6B00BF29}" = AGEIA GAME System Software
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DF69522D-E99F-4472-A701-8C1AD56136CD}" = MySQL Server 5.1
"{E0303B6A-C675-4102-95DA-C013625BFA99}" = GTA San Andreas
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ - Mines of Moria™ - Live
"35db03d1-a4e1-4903-a333-41775d3a193f_is1" = Turbine Download Manager
"5be6e718-d1d6-4db3-8dca-58b29be12bd6_is1" = The Lord of the Rings Online(TM): Shadows of Angmar(TM)
"62289540-dc30-11dc-95ff-0800200c9a66_is1" = Turbine Download Manager - Live
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"ArtMoney SE_is1" = ArtMoney SE v7.29
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Bookworm Adventures Deluxe 1.0.1.100" = Bookworm Adventures Deluxe 1.0.1.100
"Champions Online" = Champions Online
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Command & Conquer" = Command & Conquer
"DAOCCharplan" = DAOC-Charplan
"Dark Age of Camelot - Catacombs_is1" = Dark Age of Camelot - Catacombs
"Dark Age of Camelot - Darkness Rising_is1" = Dark Age of Camelot - Darkness Rising
"Dark Age of Camelot - Labyrinth of the Minotaur_is1" = Dark Age of Camelot - Labyrinth of the Minotaur
"Dark Age of Camelot - Shrouded Isles_is1" = Dark Age of Camelot - Shrouded Isles
"Diablo II" = Diablo II
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"DVDx_is1" = DVDx
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"GetRight_is1" = GetRight
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Grand Fantasia" = Grand Fantasia
"GTK 2.0" = GTK+ Runtime 2.12.12 rev a (remove only)
"Gunz" = ijji - Gunz
"Hamachi" = Hamachi 1.0.3.0
"HeidiSQL_is1" = HeidiSQL 4.0
"HijackThis" = HijackThis 2.0.2
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.5 Full
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"mIRC" = mIRC
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MSNINST" = MSN
"Natural Selection_is1" = Natural Selection 3.2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Peggle Deluxe1.0" = Peggle Deluxe
"Peggle Nights Deluxe1.023" = Peggle Nights Deluxe
"Picture Resize_is1" = Free Picture Resize Starter 4.5
"Pidgin" = Pidgin
"Pixel Mine Launcher_is1" = Pixel Mine Launcher 1.00
"PowerISO" = PowerISO
"Precision" = EVGA Precision 1.7.1
"PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"Smart DVD Creator Pro_is1" = Smart DVD Creator Pro
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST6UNST #3" = Hero Editor V1.03
"Starsiege TRIBES" = Starsiege TRIBES 1.8
"Steam App 205" = Source Dedicated Server
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 70" = Half-Life
"SwiftKit" = SwiftKit
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"UltraISO_is1" = UltraISO Premium V8.63
"UnityWebPlayer" = Unity Web Player
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"VLC media player" = VLC media player 0.9.8a
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}" = Dynasty Warriors 4 Hyper
"090215de958f1060" = Curse Client
"BitTorrent DNA" = DNA
"DAoC Portal" = DAoC Portal
"GameRanger" = GameRanger
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"ijji.com" = ijji
"NCsoft-DungeonRunners" = Dungeon Runners
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2010 2:32:17 AM | Computer Name = VansComp | Source = Application Error | ID = 1000
Description = Faulting application left4dead2.exe, version 0.0.0.0, time stamp 0x4addfda3,
faulting module xfire_toucan_41783.dll, version 1.0.0.41783, time stamp 0x4b904b2b,
exception code 0xc0000005, fault offset 0x0003fe69, process id 0x52c0, application
start time 0x01cac32a49d180f0.

Error - 3/16/2010 3:43:00 AM | Computer Name = VansComp | Source = Application Error | ID = 1000
Description = Faulting application left4dead2.exe, version 0.0.0.0, time stamp 0x4addfda3,
faulting module xfire_toucan_41783.dll, version 1.0.0.41783, time stamp 0x4b904b2b,
exception code 0xc0000005, fault offset 0x0003fe69, process id 0x6224, application
start time 0x01cac4ce2b08bb20.

Error - 3/16/2010 5:13:51 AM | Computer Name = VansComp | Source = WinMgmt | ID = 10
Description =

Error - 3/16/2010 3:52:14 PM | Computer Name = VansComp | Source = Perflib | ID = 1010
Description =

Error - 3/16/2010 3:52:16 PM | Computer Name = VansComp | Source = Perflib | ID = 1008
Description =

Error - 3/17/2010 12:09:00 PM | Computer Name = VansComp | Source = WinMgmt | ID = 10
Description =

Error - 3/19/2010 2:45:15 PM | Computer Name = VansComp | Source = ZuneDriver | ID = 80837
Description =

Error - 3/19/2010 2:45:45 PM | Computer Name = VansComp | Source = ZuneDriver | ID = 80837
Description =

Error - 3/19/2010 2:46:48 PM | Computer Name = VansComp | Source = ZuneDriver | ID = 80837
Description =

Error - 3/19/2010 4:43:08 PM | Computer Name = VansComp | Source = ZuneDriver | ID = 80837
Description =

[ Media Center Events ]
Error - 7/6/2009 1:32:39 AM | Computer Name = VansComp | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/6/2009 3:30:20 AM | Computer Name = VansComp | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/13/2010 2:24:52 PM | Computer Name = VansComp | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/24/2010 9:24:07 PM | Computer Name = VansComp | Source = Service Control Manager | ID = 7000
Description =

Error - 3/24/2010 9:24:07 PM | Computer Name = VansComp | Source = Service Control Manager | ID = 7000
Description =

Error - 3/24/2010 9:24:32 PM | Computer Name = VansComp | Source = Service Control Manager | ID = 7022
Description =

Error - 3/24/2010 9:24:32 PM | Computer Name = VansComp | Source = Service Control Manager | ID = 7026
Description =

Error - 3/24/2010 9:30:17 PM | Computer Name = VansComp | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3/24/2010 9:30:28 PM | Computer Name = VansComp | Source = HTTP | ID = 15016
Description =

Error - 3/24/2010 9:32:05 PM | Computer Name = VansComp | Source = Service Control Manager | ID = 7000
Description =

Error - 3/24/2010 9:32:05 PM | Computer Name = VansComp | Source = Service Control Manager | ID = 7000
Description =

Error - 3/24/2010 9:32:24 PM | Computer Name = VansComp | Source = Service Control Manager | ID = 7022
Description =

Error - 3/24/2010 9:32:24 PM | Computer Name = VansComp | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Vanzandtt
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Vundo.Gen2 can't seem to get rid of it.

Post by Belahzur on Thu Mar 25, 2010 1:53 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {2358d94e-d9d8-4634-829a-cbecb3a8b488} - C:\Windows\SysWOW64\zelovumi.dll ()
    O20 - AppInit_DLLs: (honumopi.dll) - File not found
    [2010/03/24 16:48:56 | 000,203,776 | -HS- | C] () -- C:\Users\Van\AppData\Local\128822158.dll
    [2010/03/24 16:25:30 | 000,165,376 | ---- | C] () -- C:\Windows\Pnymia.exe
    [2010/03/24 16:25:20 | 000,010,346 | -HS- | C] () -- C:\Users\Van\AppData\Local\Mh3jm32txN
    [2010/03/24 16:25:20 | 000,010,346 | -HS- | C] () -- C:\ProgramData\Mh3jm32txN
    [2010/03/24 16:25:19 | 000,203,776 | -HS- | C] () -- C:\Users\Van\AppData\Local\ave.exe
    [2099/01/01 12:00:00 | 000,065,536 | -HS- | C] () -- C:\Windows\SysWow64\naruhoku.dll

    :files
    C:\Windows\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/Vundo.Gen2 can't seem to get rid of it.

Post by Vanzandtt on Thu Mar 25, 2010 2:00 am

Where'd the files get moved to? Shocking Whoa


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2358d94e-d9d8-4634-829a-cbecb3a8b488}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2358d94e-d9d8-4634-829a-cbecb3a8b488}\ deleted successfully.
C:\Windows\SysWOW64\zelovumi.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:honumopi.dll deleted successfully.
C:\Users\Van\AppData\Local\128822158.dll moved successfully.
C:\Windows\Pnymia.exe moved successfully.
C:\Users\Van\AppData\Local\Mh3jm32txN moved successfully.
C:\ProgramData\Mh3jm32txN moved successfully.
C:\Users\Van\AppData\Local\ave.exe moved successfully.
C:\Windows\SysWOW64\naruhoku.dll moved successfully.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.

OTL by OldTimer - Version 3.1.37.3 log created on 03242010_215734

Vanzandtt
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Vundo.Gen2 can't seem to get rid of it.

Post by Vanzandtt on Thu Mar 25, 2010 2:07 pm

Hey Belahzur, I hate to bother you again but I just ran AntiVir again and it still says the viruses are there. There's only two now. They keep popping up as registry entries as per Spybot Search & Destroy. I ran Spybot again just now and it still says they're there, even after trying to fix them..

Vanzandtt
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Vundo.Gen2 can't seem to get rid of it.

Post by Belahzur on Thu Mar 25, 2010 7:25 pm

Hello.

The files are moved to a quarantine folder, does Spybot say where it's detecting whatever it is in the registry? if you can get me the registry path, I'll see what it is Spybot is complaining of and we'll destory that.

Note: If Spybot warns of C:\_OTL\MovedFiles <=== quarantine folder, nothing to worry about.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/Vundo.Gen2 can't seem to get rid of it.

Post by Vanzandtt on Fri Mar 26, 2010 12:13 am

Well AntiVir says this:

tomavita.dll (C:\Windows\SysWOW64\tomavita.dll) is a TR/Vundo.Gen2 virus. Moved to quarantine.
pawajinu.dll (C:\Windows\SysWOW64\pawajinu.dll) is a TR/Vundo.Gen2 virus. Moved to quarantine.

Spybot says:

Virtumonde.dll 8 entries, TrojansC-02

all are files,

C:\Windows\System32\yohabinu.dll
C:\Windows\System32\leyafapa.dll
C:\Windows\System32\wehemeru.dll
C:\Windows\System32\pawajinu.dll
C:\Windows\System32\toyipivo.dll
C:\Windows\System32\tomavita.dll
C:\Windows\System32\polapoho.dll
C:\Windows\System32\sogenodi.dll

They keep coming back even after repairing with Spybot & AntiVir.
I tried looking in those folders too, can't find the files.

Vanzandtt
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Vundo.Gen2 can't seem to get rid of it.

Post by Belahzur on Fri Mar 26, 2010 1:24 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/Vundo.Gen2 can't seem to get rid of it.

Post by Vanzandtt on Fri Mar 26, 2010 1:49 am

[You must be registered and logged in to see this link.]


Getting that error after every time I try to install or run the file.

Vanzandtt
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Vundo.Gen2 can't seem to get rid of it.

Post by Belahzur on Fri Mar 26, 2010 7:32 pm

Download [You must be registered and logged in to see this link.]

  • Load SuperAntiSpyware and click the Check for updates button.
  • Once the update is finished click the Scan your computer button.
  • Check Perform Complete Scan and then next.
  • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum