Antispyware software alert

View previous topic View next topic Go down

Antispyware software alert

Post by icemen on Tue May 18, 2010 4:50 pm

Hello,

I'm running vista 64 bit. I got this virus, keep getting pop ups to purchase this antivirus software. My internet explorer has stopped working aswell. I can't open anything, keep getting a security warning " application cannot be execued. The file is infected do you want to activate your antivirus software now". I looks dodgy as the price is in dollars. I tried downloading malwarebytes, stopzilla & spyware doctor but I can't run the programs because this virus doesn't let me open anything. I can't even get into my restore point just doesn't open. The only thing that works is explorer in firefox mode. Can anyone help?

icemen
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-18
OS OS : vista 64 bit
Points Points : 24136
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware software alert

Post by Belahzur on Tue May 18, 2010 6:20 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware software alert

Post by icemen on Wed May 19, 2010 2:57 pm

It let me run malwarebytes in safe mode last night. It took about an hour to scan my machine, the pop ups have stoped. It removed about 11 trojans & stuff. However my internet explorer still isn't working? it fine if I use firefox but not explorer? can you help?

here are two files you asked for:
OTS.txt
[code]
OTS logfile created on: 19/05/2010 19:40:43 - Run 3
OTS by OldTimer - Version 3.1.31.0 Folder = C:\Users\Ans\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 186.38 Gb Free Space | 40.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ICEMAN
Current User Name: Ans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Ans\Desktop\OTS.exe -> [2010/05/18 22:03:32 | 000,640,000 | ---- | M] (OldTimer Tools)
pctsauxs.exe -> C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -> [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools)
pctstray.exe -> C:\Program Files (x86)\Spyware Doctor\pctsTray.exe -> [2010/03/09 08:40:26 | 001,286,608 | ---- | M] (PC Tools)
realsched.exe -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe -> [2010/03/06 22:15:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.)
ssscheduler.exe -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe -> [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.)
googlequicksearchbox.exe -> C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe -> [2009/12/11 21:45:19 | 000,122,880 | ---- | M] (Google Inc.)
firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2009/12/02 15:20:19 | 000,908,248 | ---- | M] (Mozilla Corporation)
mcagent.exe -> c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
msksrver.exe -> C:\Program Files (x86)\McAfee\MSK\msksrver.exe -> [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
ieuser.exe -> C:\Program Files (x86)\Internet Explorer\ieuser.exe -> [2009/04/11 07:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation)
googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008/08/20 23:42:21 | 000,039,408 | ---- | M] (Google Inc.)
tbpanel.exe -> C:\Program Files (x86)\VDOTool\TBPANEL.exe -> [2008/06/04 11:37:52 | 002,157,096 | ---- | M] (Palit Microsystems, Inc.)
affinegyservice.exe -> C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe -> [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.)
spuvolumewatcher.exe -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe -> [2007/11/27 19:13:44 | 000,385,024 | ---- | M] (Sony Corporation)
mvraidsvc.exe -> C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe -> [2007/06/12 19:54:12 | 000,061,440 | ---- | M] ()
apache.exe -> C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe -> [2007/05/23 01:17:02 | 000,020,539 | ---- | M] (Apache Software Foundation)
ctcmsgou.exe -> C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe -> [2006/11/09 10:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd)

[Modules - Safe List]
ots.exe -> C:\Users\Ans\Desktop\OTS.exe -> [2010/05/18 22:03:32 | 000,640,000 | ---- | M] (OldTimer Tools)
wininet.dll -> C:\Windows\SysWOW64\wininet.dll -> [2010/03/09 16:42:17 | 000,834,048 | ---- | M] (Microsoft Corporation)
sahook.dll -> c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll -> [2009/12/23 17:11:18 | 000,015,056 | ---- | M] (McAfee, Inc.)
comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/04/11 07:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2008/01/21 03:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation)
normaliz.dll -> C:\Windows\SysWOW64\normaliz.dll -> [2006/11/02 09:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
64bit-(FontCache) [On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009/09/25 02:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation)
64bit-(McODS) [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,696,848 | ---- | M] (McAfee, Inc.)
64bit-(McShield) [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:15:32 | 000,155,456 | ---- | M] (McAfee, Inc.)
64bit-(UmRdpService) [On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2009/04/11 08:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation)
64bit-(CscService) [Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2009/04/11 08:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation)
64bit-(BthServ) [Auto | Running] -> C:\Windows\SysNative\bthserv.dll -> [2009/04/11 08:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation)
64bit-(wbengine) [On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2009/04/11 08:11:04 | 001,149,440 | ---- | M] (Microsoft Corporation)
64bit-(AppMgmt) [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2008/01/21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation)
64bit-(Fax) [On_Demand | Stopped] -> C:\Windows\SysNative\fxssvc.exe -> [2008/01/21 03:47:07 | 000,689,152 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/21 03:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation)
(sdAuxService) PC Tools Auxiliary Service [Auto | Running] -> C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -> [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools)
(McComponentHostService) McAfee Security Scan Component Host Service [On_Demand | Stopped] -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -> [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/23 16:57:18 | 000,110,312 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
(fsssvc) Windows Live Family Safety Service [On_Demand | Stopped] -> C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -> [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation)
(mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
(MSK80Service) McAfee Anti-Spam Service [Auto | Running] -> C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -> [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
(ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -> [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/03/30 05:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation)
(AffinegyService) AffinegyService [Auto | Running] -> C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe -> [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.)
(Marvell RAID) Marvell RAID Event Agent [Auto | Running] -> C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe -> [2007/06/12 19:54:12 | 000,061,440 | ---- | M] ()
(MRUWebService) MRU Web Service [Auto | Running] -> C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe -> [2007/05/23 01:17:02 | 000,020,539 | ---- | M] (Apache Software Foundation)
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2006/11/02 14:34:14 | 000,000,000 | ---D | M]
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 07:35:15 | 000,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 07:35:15 | 000,055,846 | ---- | M] ()

[Driver Services - Safe List]
64bit-(PCTCore) PCTools KDS [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\PCTCore64.sys -> [2010/03/29 10:06:06 | 000,233,488 | ---- | M] (PC Tools)
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation)
64bit-(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mfehidk.sys -> [2009/09/16 10:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.)
64bit-(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfeavfk.sys -> [2009/09/16 10:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.)
64bit-(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfesmfk.sys -> [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.)
64bit-(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mferkdk.sys -> [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.)
64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\fssfltr.sys -> [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation)
64bit-(fvevol) BitLocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\fvevol.sys -> [2009/04/11 08:15:30 | 000,160,744 | ---- | M] (Microsoft Corporation)
64bit-(BTHPORT) Bluetooth Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\BTHport.sys -> [2009/04/11 06:40:06 | 000,694,272 | ---- | M] (Microsoft Corporation)
64bit-(RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\rfcomm.sys -> [2009/04/11 06:39:57 | 000,178,176 | ---- | M] (Microsoft Corporation)
64bit-(BthEnum) Bluetooth Enumerator Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\BthEnum.sys -> [2009/04/11 06:39:55 | 000,026,112 | ---- | M] (Microsoft Corporation)
64bit-(BTHUSB) Bluetooth Radio USB Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\BTHUSB.sys -> [2009/04/11 06:39:53 | 000,034,816 | ---- | M] (Microsoft Corporation)
64bit-(usbser) USB Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbser.sys -> [2009/04/11 06:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation)
64bit-(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\csc.sys -> [2009/04/11 05:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation)
64bit-(MPFP) MPFP [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\Mpfp.sys -> [2009/04/09 14:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.)
64bit-(UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -> [2009/02/09 08:38:44 | 000,008,192 | ---- | M] (Nokia)
64bit-(nmwcdx64) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ccdcmbx64.sys -> [2009/02/09 08:38:34 | 000,018,944 | ---- | M] (Nokia)
64bit-(upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -> [2009/02/09 08:38:34 | 000,008,192 | ---- | M] (Nokia)
64bit-(nmwcdcx64) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ccdcmbox64.sys -> [2009/02/09 08:38:32 | 000,025,088 | ---- | M] (Nokia)
64bit-(ENTECH64) ENTECH64 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\ENTECH64.sys -> [2008/09/17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan)
64bit-(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -> [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia)
64bit-(BthAvrcp) Bluetooth AVRCP Profile [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\BthAvrcp.sys -> [2008/07/10 19:20:16 | 000,021,504 | ---- | M] (CSR, plc)
64bit-(716xBDA) 716xBDA service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\716xBDA.sys -> [2008/03/11 18:57:34 | 001,226,112 | ---- | M] (DTV-DVB)
64bit-(BthPan) Bluetooth Device (Personal Area Network) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\bthpan.sys -> [2008/01/21 03:46:10 | 000,115,712 | ---- | M] (Microsoft Corporation)
64bit-(AtcL001) NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\l160x64.sys -> [2007/12/17 20:32:00 | 000,056,832 | ---- | M] (Atheros Communications, Inc.)
64bit-(P17) SB Live! 24-bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\P17.sys -> [2007/11/16 11:11:08 | 001,276,928 | ---- | M] (Creative Technology Ltd.)
64bit-(716xHID) 716xHID - PCIe HID Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\716xHID.sys -> [2007/08/10 17:11:54 | 000,021,504 | ---- | M] (DTV-DVB)
64bit-(mv61xx) mv61xx [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\mv61xx.sys -> [2007/06/15 08:52:26 | 000,163,736 | ---- | M] (Marvell Semiconductor, Inc.)
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/02 06:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
64bit-(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\ASACPI.sys -> [2006/11/01 08:23:42 | 000,015,680 | ---- | M] ()
(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\CSC -> [2008/08/20 21:15:31 | 000,000,000 | ---D | M]
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 22:36:40 | 000,003,066 | ---- | M] ()
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 22:35:23 | 000,001,088 | ---- | M] ()

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{7c5c0f58-e061-457d-9033-77307f5ed00c}" [HKLM] -> C:\Program Files (x86)\TorrentMan\tbTor1.dll [TorrentMan Toolbar] -> File not found
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
64bit-HKEY_CURRENT_USER\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/12/23 16:59:04 | 000,305,000 | ---- | M] (McAfee, Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/12/23 16:59:04 | 000,251,416 | ---- | M] (McAfee, Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{7c5c0f58-e061-457d-9033-77307f5ed00c}" [HKLM] -> C:\Program Files (x86)\TorrentMan\tbTor1.dll [TorrentMan Toolbar] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 1 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> ->
HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:5555 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Ans\AppData\Roaming\Mozilla\FireFox\Profiles\vm2xwwws.default\prefs.js ->
browser.search.defaultenginename -> "Live Search" ->
browser.search.defaulturl -> "http://search.live.com/results.aspx?FORM=IEFM1&q=" ->
browser.search.selectedEngine -> "Live Search" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://go.microsoft.com/fwlink/?LinkId=69157" ->
extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1 ->
extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 ->
extensions.enabledItems -> {7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.39.0 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 ->
keyword.URL -> "http://search.live.com/results.aspx?FORM=IEFM1&q=" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c} -> C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [C:\PROGRAMDATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C}] -> [2009/12/10 00:34:43 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files (x86)\McAfee\SiteAdvisor [C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR] -> [2010/04/21 19:33:14 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com -> C:\PROGRAM FILES (X86)\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [C:\PROGRAM FILES (X86)\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\] -> [2009/06/20 21:00:18 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\Program Files (x86)\Real\RealPlayer\browserrecord [C:\PROGRAM FILES (X86)\REAL\REALPLAYER\BROWSERRECORD] -> [2010/03/06 22:16:12 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/06 22:16:05 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/03/16 19:59:20 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Ans\AppData\Roaming\mozilla\Extensions -> [2009/02/16 22:51:09 | 000,000,000 | ---D | M]
-> C:\Users\Ans\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org -> [2009/02/16 22:51:09 | 000,000,000 | ---D | M]
-> C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions -> [2010/05/18 20:53:07 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/08/31 10:56:01 | 000,000,000 | ---D | M]
Google Toolbar for Firefox -> C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2010/05/18 20:53:07 | 000,000,000 | ---D | M]
WOT -> C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2009/12/29 20:40:56 | 000,000,000 | ---D | M]
DownloadHelper -> C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2009/12/29 20:41:57 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
bing.xml -> C:\Users\Ans\AppData\Roaming\Mozilla\FireFox\Profiles\vm2xwwws.default\searchplugins\bing.xml -> [2009/08/31 10:55:29 | 000,001,957 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/03/30 21:59:44 | 000,000,000 | ---D | M]
TorrentMan Toolbar -> C:\Program Files (x86)\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c} -> [2008/11/26 20:38:13 | 000,000,000 | ---D | M]
-> C:\Program Files (x86)\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com -> [2008/08/20 23:42:43 | 000,000,000 | ---D | M]
< HOSTS File > ([2006/09/18 22:37:24 | 000,000,761 | ---- | M] - 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll [McAfee Phishing Filter] -> [2009/07/08 14:48:48 | 000,337,424 | ---- | M] ()
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2009/08/05 23:24:16 | 000,132,448 | ---- | M] (Microsoft Corporation)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 10:15:38 | 000,060,224 | ---- | M] (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2010/03/06 21:20:14 | 000,373,872 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll [Google Toolbar Notifier BHO] -> [2010/03/06 21:22:14 | 000,319,984 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/12/23 16:59:04 | 000,305,000 | ---- | M] (McAfee, Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files (x86)\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2009/07/08 14:48:48 | 000,246,800 | ---- | M] ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2010/03/06 22:16:11 | 000,312,928 | ---- | M] (RealPlayer)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll [BitComet Helper] -> [2009/01/16 10:02:24 | 000,656,696 | ---- | M] (BitComet)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{7c5c0f58-e061-457d-9033-77307f5ed00c} [HKLM] -> C:\Program Files (x86)\TorrentMan\tbTor1.dll [TorrentMan Toolbar] -> File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 10:22:16 | 000,062,784 | ---- | M] (McAfee, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 16:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/03/06 21:20:09 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/03/06 21:22:14 | 000,812,528 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/12/23 16:59:04 | 000,251,416 | ---- | M] (McAfee, Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Dictionary Compression sdch] -> File not found
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/12/23 16:59:04 | 000,305,000 | ---- | M] (McAfee, Inc.)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/03/06 21:20:14 | 000,373,872 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/12/23 16:59:04 | 000,251,416 | ---- | M] (McAfee, Inc.)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/03/06 21:20:09 | 000,279,664 | ---- | M] (Google Inc.)
"{7c5c0f58-e061-457d-9033-77307f5ed00c}" [HKLM] -> C:\Program Files (x86)\TorrentMan\tbTor1.dll [TorrentMan Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/03/06 21:20:14 | 000,373,872 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/03/06 21:20:09 | 000,279,664 | ---- | M] (Google Inc.)
WebBrowser\\"{7C5C0F58-E061-457D-9033-77307F5ED00C}" [HKLM] -> C:\Program Files (x86)\TorrentMan\tbTor1.dll [TorrentMan Toolbar] -> File not found
WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008/05/03 04:16:00 | 015,845,920 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\Windows\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/05/03 04:16:00 | 000,082,464 | ---- | M] (NVIDIA Corporation)
"RtHDVCpl" -> C:\Windows\RAVCpl64.exe [RAVCpl64.exe] -> [2007/03/23 20:04:00 | 005,055,488 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Windows\SkyTel.exe [Skytel.exe] -> [2007/03/16 16:06:54 | 001,822,720 | ---- | M] (Realtek Semiconductor Corp.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/21 03:46:39 | 001,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Google Quick Search Box" -> C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe ["C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun] -> [2009/12/11 21:45:19 | 000,122,880 | ---- | M] (Google Inc.)
"GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation)
"ISTray" -> C:\Program Files (x86)\Spyware Doctor\pctsTray.exe ["C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"] -> [2010/03/09 08:40:26 | 001,286,608 | ---- | M] (PC Tools)
"mcagent_exe" -> C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe ["C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
"McENUI" -> C:\Program Files (x86)\McAfee\MHN\McENUI.exe [C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide] -> [2009/07/07 21:02:26 | 001,176,808 | ---- | M] (McAfee, Inc.)
"NWEReboot" -> [] -> File not found
"P17RunE" -> C:\Windows\SysWow64\P17RunE.dll [RunDll32 P17RunE.dll,RunDLLEntry] -> [2007/04/09 02:40:00 | 000,014,848 | ---- | M] (Creative Technology Ltd.)
"TkBellExe" -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2010/03/06 22:15:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.)
"VolPanel" -> C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe ["C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r] -> [2007/02/28 17:50:50 | 000,180,224 | ---- | M] (Creative Technology Ltd)
"Wireless Manager" -> C:\Program Files (x86)\Virgin Broadband Wireless\Wireless Manager.exe ["C:\Program Files (x86)\Virgin Broadband Wireless\Wireless Manager.exe" startup] -> [2008/05/26 16:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Creative MediaSource Go" -> C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe ["C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB] -> [2006/11/09 10:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd)
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2008/08/20 23:42:21 | 000,039,408 | ---- | M] (Google Inc.)
"TBPanel" -> C:\Program Files (x86)\VDOTool\TBPanel.exe [C:\Program Files (x86)\VDOTool\TBPanel.exe /A] -> [2008/06/04 11:37:52 | 002,157,096 | ---- | M] (Palit Microsystems, Inc.)
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Shockwave Updater" -> C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 ( [C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Creative AutoUpdate v1.10.10)" -"http://www.lapoo.nl/search.php?keyword=bmw1&action=search"] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&D&ownload &with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] ([You must be registered and logged in to see this link.]
&D&ownload all video with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] ([You must be registered and logged in to see this link.]
&D&ownload all with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] ([You must be registered and logged in to see this link.]
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/03/06 21:20:47 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&D&ownload &with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] ([You must be registered and logged in to see this link.]
&D&ownload all video with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] ([You must be registered and logged in to see this link.]
&D&ownload all with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] ([You must be registered and logged in to see this link.]
Add to Windows &Live Favorites -> [http://favorites.live.com/quickadd.aspx] -> File not found
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/03/06 21:20:47 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}:res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 [HKLM] -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll [Button: BitComet] -> [2009/01/16 10:02:24 | 000,656,696 | ---- | M] (BitComet)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> [You must be registered and logged in to see this link.] ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Marvell [:Range = 127.0.0.1] -> http = Local intranet | ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [You must be registered and logged in to see this link.] [Java Plug-in 1.6.0_19] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> [You must be registered and logged in to see this link.] [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [HKLM] -> [You must be registered and logged in to see this link.] [Java Plug-in 1.6.0_19] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [You must be registered and logged in to see this link.] [Java Plug-in 1.6.0_19] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> [You must be registered and logged in to see this link.] [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{EDAF1010-7661-48C3-B844-F5D52837E327}\\DhcpNameServer -> 192.168.1.1 (Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications ->
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{0361C16E-3A26-467F-80FD-48698CDA19C2} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{08A09183-2EA4-4E2D-9CC0-53F8C57F189E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{0B875F51-B6E3-4E1B-BD7D-F73E5717F6F9} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{109F5C97-32F3-4C35-A8DB-90B71871D7AD} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{13951E4F-9405-4E3A-A229-4FC16C20069A} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{139A4B86-AF0B-4B58-81F8-F1F53F433C2E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{13BE065B-F99C-4CEE-AC08-711FC6E48448} -> lport=11202 | profile=public | protocol=17 | dir=in | action=allow | name=bitcomet 11202 udp |
{17C3B956-0F9A-4C1D-84CF-E5DF2318470F} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{18A738AB-D2EC-432B-9E6A-84DBE6862450} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{1B108FD4-BD98-4B25-B52E-2189D9B140A1} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{1C59E11C-F86F-4727-9048-F6C35F9F901E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{1FBACBAC-657B-4FE4-BA06-9D9D754ACEA5} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{1FBDAE0F-1592-4EB3-823E-001F215024ED} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{221E648C-3BDC-4A30-B8FF-C7B3D855D88A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{23EE8926-97F7-4A67-815C-118CE0E226B4} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{262C56A7-9159-4674-9583-C47C45886A12} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{2742733A-9202-4084-A88F-AEAC8FB0AA5F} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{276278D4-7BEA-4580-B3C7-66F233D1863C} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{2BFA98E4-3F04-4D80-83CC-FDC714BD994B} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{2D611F5B-99CF-464E-B99D-8CFCAA99AEEC} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{2E3E3337-1CCD-4175-8881-CE1F67A92AE0} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{2E5DEEF3-53EB-4E75-820B-C602BCB39ED7} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{2EB2531F-55EB-4FE3-8914-C814735D31B0} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3146FCF4-6A3D-4B2A-9501-8420A36B4A6D} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{31880F7E-F7FB-4457-8AE3-BD53E7FD590C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3664139F-E0C8-40A2-B9E7-3EC122FF2C5E} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3666C74C-6F2C-4661-85E9-596C49B9C6B5} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3869E370-3FF7-45C7-8872-7F954A70BCFC} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3A8FEFF6-CDF6-468A-B9C5-4C748C7A6120} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{3AA6FC7A-5B94-4098-9189-963E76254DC1} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{3B66B6ED-0AFC-4ED8-A10A-3F0AAF3BCBB1} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{3D12B99D-B7BA-4C64-9830-B56773528431} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3D5C5A57-2199-4D07-BBDF-99A2B0FF3106} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{40084DB7-39C4-4F79-8453-094B27FE28AF} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{44E332B6-D42D-4E06-A749-C7C5FC6A1805} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{450E74E9-2BE0-4244-B088-C2497B854078} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{4EA8FA0F-8349-498F-AC99-88F1DEBE7DC0} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{52283CB8-9FEF-4252-8626-BAE12A71EC62} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{53C04F66-AE2A-473A-B099-DFE761D156E0} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{54B47797-7AEA-4850-81F0-FFC8DE86BAAD} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{58BF44EC-5651-439D-9BB4-59F74525257D} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{58DB0AB4-93A3-43AE-B730-CABEF5D40873} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{5DF48A1C-669A-4885-856C-4CF790C1E41C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{5FDE8010-F8B5-4467-8A74-9AD6C814B8CF} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{607C7B8B-CB55-43FD-A5A8-E8FA4575F1E0} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{60CC49CE-86EC-4808-86E0-C8DC729FFBDC} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{627511BE-6705-4DF1-8AA9-42AA455A92D5} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{6317C82D-E909-4D7C-B643-BBB4A3E6D22A} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{645FC600-4586-4195-AC27-DE37BA36471D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{6723B40A-E309-4123-A7FF-B1CFE897C31B} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{67C2017D-449D-4890-A63F-BF80E2ED68D6} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{68F00C20-8DA6-4D15-A87D-01ECD8978FB3} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{6A8CBB28-CF63-4D3D-A6E7-8A72E1D84EA6} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{6D52F856-D503-4EF1-AD95-1516555051FA} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{73F9FEC4-FA95-4D91-ADA2-165958B03D29} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{7753EFED-3408-49F2-B68F-1777153BB8EA} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{7AC17FD0-6B9C-4981-9874-C3EC7E8C66AD} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{7C514123-A7C1-4798-92C2-41FB79E55449} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{7E3C5259-117F-4978-BEC4-8530737E55DF} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{7EA99E76-DD94-40D9-ABA8-48B8D06D9B5C} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{80B69CCC-E6D9-42E5-BCAD-D121C1B7F4B5} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{828E5FF1-4DB7-48CD-B067-B74306D0FA11} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{85C34359-F3AA-439F-9B5E-6EB66DCA17C6} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{881B5ABB-D1F4-4B06-8353-87C5BE3AA0FB} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{89265673-2C7D-4DD7-BEDB-FBEEFAAB74D0} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{8A789DA3-0D8E-482B-B0F7-1F514150715A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{8BEACD69-F967-48EB-98FA-5A62F6014091} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{8C1EFED1-DE86-409B-AABF-FA1AD716D6E0} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{8F5BDE5A-6CD0-4F24-94AF-E25327BDB0F8} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{903BFC6A-B256-4DB1-B713-5460E4B78804} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{91345576-1E4F-4CF7-9116-45E7957DE2E5} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{94B3F2EC-F3F9-40EA-864C-2C5C31B20014} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{95EB06F7-B61F-40AC-B871-6F784FA6909D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{973DF149-560F-465E-BD2A-CC60F66565E2} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{979AE334-CFFD-4786-AFE1-A64A501FA582} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{9EB4B064-9085-41BB-9738-9C2D316C8E6A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{9EC1798C-532D-4487-8AD5-A573E5ECA32C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{A0FE45FB-C213-4555-92E2-50A757A7DB8A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{A13A31F2-30E2-4A6F-B8A6-DA63C471DA5D} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{A595AB48-96B2-4C8F-A480-E7F2B3B2280B} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{AD350750-480A-47E3-BA58-97967C5F904A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{AD7AE0AA-EDB6-4DBE-9746-61319F61C780} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{B3A8D968-89F9-4423-BD0B-8A29AFC19E75} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{B539DF17-7921-4C3A-9FBF-D9C723B5B154} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{B7F48F0A-AD17-406B-9B97-2EE0573DC2D0} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{BF66DB24-191A-4A7F-991F-EFCF2910B9DE} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{BFFF53D9-0085-41B7-9EA4-276187F48E6E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{C1F2F53F-1B7C-4A62-9722-50B491392626} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{C519E3BB-D355-43E3-91EB-B561E9E7E272} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |

icemen
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-18
OS OS : vista 64 bit
Points Points : 24136
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware software alert

Post by icemen on Wed May 19, 2010 2:57 pm

{C799F33F-FBDD-4AAD-99C1-B5AAF5B21EB9} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{CB1F68A3-A623-4DBA-B1EC-1999DCDF9A06} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{CB227DEB-0C15-48B6-BB9C-2DDC6779CC84} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{CBBEC6DB-D0E8-407D-BF69-13A5FD650F82} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{CE395B04-0406-4A1D-A5F7-74399348364C} -> lport=11202 | profile=public | protocol=6 | dir=in | action=allow | name=bitcomet 11202 tcp |
{D03651A2-9C87-4762-A016-684373A79DCC} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D0E98139-5BFB-4AFC-9E0A-D6DAB04F2A9E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D2A54817-D8F1-44E2-988D-A04B86228370} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D2C5FE38-36A1-401D-AFA3-7EDB1F51CD58} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D449CB25-A251-410C-8E59-3F4720A16278} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D44F7DEA-D8DF-413B-89DA-B49F23044F73} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D5AAA37C-DA11-45FA-824A-015C76F4FB13} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D61D6F4C-6C1D-4783-92AB-9B80B3A60548} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{D67DBFE0-D6F0-44E3-A6EB-F4E064092284} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D995E89F-0586-4411-B298-A6900B607BA7} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{D9C25FC2-0114-4747-A90D-2263D4A248F9} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{DE77A7F9-2C42-46CA-AA2F-5EB0DCD1D90B} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{E0976DC7-C4EB-47B1-A76C-ABF86AD316BC} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{E35074C5-77DB-4DDA-B881-55BC910A42C5} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{F284022E-AD77-45AC-87E7-4EB276086D9E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{F53F9CC9-3519-466B-A57A-CFF34CDBDF13} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{F57433B8-7979-443C-A369-25CFE8284EDE} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{F8524436-24D6-461D-9029-51C979855649} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{F8CE6310-05C0-4FD5-9794-E5E37713D31D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{FBDAD423-548A-4CDC-B6A6-DB1A79E9F514} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{FC0297A6-8C1E-48C3-AEE3-05DBB3453128} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{00935464-CC85-41ED-B8A8-0D97A032BE61} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{02D48B76-62B1-4CE5-B777-E59C31B5A52C} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{02DA050C-FDEC-4FEE-944F-DC62F68B1AD8} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{042C40C3-691B-4665-A4C4-6A7BF8A4F748} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{04AB1A8B-9CA7-419D-926B-68824743A41C} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{059650F5-18CE-475A-88DE-85FABF34457D} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{06796629-AAEC-4B64-9ED4-87540238F6A4} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{074AFF0F-066B-4B89-BFBA-BC53F6FC9F01} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{0BDFB63B-45AA-420D-94A4-344A920353A2} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{0BE3DA04-5B70-46B8-A9F1-5E32FF1969D6} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{0E20664D-0F0C-4C8C-B8E1-72EAA3A26ABA} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{120ED917-1E23-4B26-BB85-C430C934F13F} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{13F1C943-031E-4971-A0F5-2AB7C8A95C1D} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{15690EC4-91A9-474F-B7FD-430518CD34AA} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{165F2780-54B5-4D83-9809-19652930A9EF} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{19074BFF-30A2-4274-874B-4ADE648F64AD} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{190C2024-04BD-4C03-8B96-DCE349CA0B53} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{191FDE98-BF52-4A62-87B9-E2BEFC94769E} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{1ED79B9C-A7F5-4DB2-BC61-6EAAFCCBD1DF} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{204082AF-6A44-4C53-A3C2-7284EA494DA0} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{213B7DFD-52BF-49A1-98C4-BEFAFC76DC81} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{230D04F1-F095-4DED-9164-5907614765F4} -> profile=private | protocol=6 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
{233181EE-0198-48A1-A901-6FEBAB6A0A6C} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{2734063C-DF47-4F54-B9E2-D70D7307487B} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{2AC32713-8A7B-4640-9B05-A39CD9C7981C} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{2C036C61-574E-4D54-9C28-FADABE610BB0} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{2DC42473-7102-490E-A5C5-856AFF70340C} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{2E8159EB-CC7A-40C5-965D-44B0033EC53F} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{30E09B40-3E76-4DFA-B353-0C70E5181DC9} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{324F439F-012B-4B23-893E-B6D0B7243D09} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{33E99D7F-F8D4-4D9F-838B-5023492A59DA} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{34A3A752-991C-4F64-B0BF-E9A838DF065D} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{354BD128-06A1-4B24-8F84-163CE1234DF7} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{3733A1DA-D518-4209-99BD-BEEE2F18B031} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
{37871CD5-7872-45C3-8388-E513550256B0} -> profile=domain | protocol=6 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
{37E99696-4471-4D92-8846-A059B9A6B2E2} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{3A09EF43-25CA-4AA0-8D7E-DB622FD857F5} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{3BAAB933-34C4-4D64-BB0D-CE5608467FDA} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{3CF4B04B-D1FD-42D0-B1A4-9D8ADF4AB957} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{3D5AADAF-8370-4B3C-B65A-83BAD1DC0309} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{3EACF80B-0276-482E-8D28-CA7B2FA5E9BE} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{41D8B957-DE6C-492F-A976-F49EBAA31945} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{45D76E44-21FE-4DDB-AB0A-E7072FE29EF4} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{478A9CCE-EC25-4AD0-AFA6-FA6471847065} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{506A18AD-B5A2-494A-8A42-29C87E058DEA} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{50999627-83D1-4406-9CD7-284C0999B350} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{538A3A90-2027-490C-93BD-121554364540} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{573C78D6-7183-459F-AA0A-014F2F8D9C5E} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{59083E02-A72A-43DB-AED2-C59F760E8538} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5A2D4085-0488-434D-9C18-3E4FAFFFC468} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5AB43B7C-150A-47F4-ABE0-62B355A7DC1F} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5D611A98-4DAE-4FDD-A6F1-40C6465D0324} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5E325EF8-336D-496B-B640-C614BD26EBA4} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{5E50ED77-FF29-439C-A787-5CC7F4A10A41} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5EE4AF61-5F65-49C8-81B6-8CBE8D11335D} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5F4B1057-3582-4801-BAF9-6ABCFB259FA5} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{648865BD-C006-4D0F-97E2-881805771752} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{64D0C009-60E3-40E7-8E1B-1EDF6B966A3F} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{6787A5EE-ED9A-4E65-9D7D-B2AF8DF08047} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{69E4B5E6-28F0-4FEA-BB46-20C309C0DB5D} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{6A44C262-0011-4EEF-B410-55F5AE839C18} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{6C233F39-3E5C-4FD5-8B7A-B4308F1B93A0} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{6C7013BE-6F8B-4BF1-BD56-3327461B8B60} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{70287535-9F4F-4AF4-923C-2EAA496B83D6} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{70AD91C2-7EFB-4B6B-8009-05675579EC21} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{73039C32-97AB-4F02-9AC7-831F05C50B7F} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{737AABB6-8D5B-4717-ACD8-239027D6AACA} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{75BCABFE-04A2-431D-B74C-589D988F5327} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{76159027-0B1F-45C7-9CAE-BAD252301D27} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{775D4BD4-F674-4C47-90C2-9F6CD1FA7115} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{77D40C22-77AD-41BE-9B00-25D9CFE64EA5} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{79134C7B-7FAE-4D82-8B04-2D6FC8C38554} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{7982DF1D-652B-47AE-B3B4-AB85B15CACB8} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{7D095CCC-5EC8-42AA-94BE-8C24DC2F8269} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{7DC62AD9-4F36-4F4D-BB1C-089DA05FD1B7} -> profile=domain | protocol=17 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
{7E515211-13DE-4DA7-B2B9-C4A1D6EB4278} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{83539781-CACE-4AC1-9EC2-A132006A820E} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{851EDBF7-AED4-4C15-B121-BAB10E45452F} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{85201872-6659-40DD-BAD0-42C2CA2C778B} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{896323A1-122F-4CC4-AAAB-9413E9FCAE22} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{8B2BB861-1B7F-4ACC-99BD-6ACE84F039C3} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{8D6B59A0-9681-4678-B7E7-08BC7DF08042} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{8F837A3E-DAE9-4E6E-8663-BF11CC1DB39D} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{901D40D0-0E86-4265-8449-22F2ABFAAAE3} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{9BE003D7-CFD6-4F31-88B9-3A7CD1A7FD83} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{A58B9F22-B0A6-49A7-B853-EE6AD046CE8E} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{A6379EF5-59CD-418C-86C7-1F473E1A2AAF} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{A6382A61-F13D-4E44-AD1D-87D4B4568D33} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{A81EDA25-639B-4180-8F42-CC1D6B3B448F} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{A92BC841-F0E7-401B-8B5B-6640704030B0} -> profile=domain | dir=in | action=allow | name=mcafee network agent | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
{ABE1E35E-0E70-4FC6-B71F-04D081DB03D3} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{B180C1EE-64F3-4FF5-A3DF-C66BE06894AA} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{B4E602E6-54B8-4822-929C-158F611FE5B9} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{B71D866B-6B04-45EC-A0D4-C2A68E614160} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{B8C2739D-1CF8-43D6-B027-1C21AB516A56} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{BC398307-DE3D-47F5-8767-C06433B6DE52} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{BE3F839D-717C-41C6-83A6-6F8ADF895F5C} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{C0222B88-94DE-46B4-A370-C6A036B42093} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{C08A3DF9-DE1B-4ABD-9BF4-F491EFBA3768} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{C4AF8342-DB45-4826-9909-AB1D87039255} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{C65FEC9D-6860-4E97-99DB-EF9DF63B550A} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{C6E29172-0623-4F46-ADF5-9C8EC55D8CF6} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{C75FF31B-C57C-4732-9C02-902E64AA0459} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{CAB21DA7-89C3-4452-B052-0D6420339C0A} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{CAD0F65B-CC9D-4730-A050-D820E06B5843} -> profile=public | protocol=6 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
{CB82DCD5-9992-465F-A38B-7C1127C5FF5D} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{CCDC06D7-8A66-44AC-8635-B42FACD10503} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{CE16AD5E-4620-4C03-95B9-43B2B5D2FA37} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{DD0F4EDA-2707-431A-820A-945C676B4100} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{DE07286B-D65A-4BF7-8291-DBFB7EF7D075} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{DE6DF3DA-CCFB-4086-99B3-9F47C26D45F7} -> profile=public | protocol=17 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
{DFFF724E-E08B-4013-A47A-F540D0150DC8} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{E25C2975-B43A-483A-88F8-311C06517FEB} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{E2E16AD7-0600-4A35-952F-233F68F57E2F} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{E882C34F-670C-4DB0-9078-0B85D142B7EA} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{EADC2336-BBA4-4F7A-B841-43C5D38BC323} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{EC890BE3-A452-4BF0-8302-5F58C3DB53BB} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{F0897AE8-C851-4AE0-B513-4698FD73DE77} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{F517D5CE-79B8-4237-8CA3-B0D4683B9A10} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{F6D0411A-DB65-4F83-BAE0-82659B49C310} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{FB900E2C-79A6-4AD4-9563-1EC67333757C} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{FC12152F-7064-4694-A9B0-1128A140808B} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{FF5DC479-0D19-4E10-A436-A003E5AD58F8} -> profile=private | protocol=17 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
TCP Query User{03AD3CC6-C73F-40A0-9175-0C62BA748198}C:\program files (x86)\common files\ahead\nero web\setupx.exe -> profile=private | protocol=6 | dir=in | action=block | name=msi starter | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe |
TCP Query User{3878306E-09C5-4CA0-870B-56B33F2853CC}C:\program files (x86)\frostwire\frostwire.exe -> profile=private | protocol=6 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe |
TCP Query User{421C479D-A279-41F5-9528-2A26D71FA2D4}C:\program files (x86)\bitcomet\bitcomet.exe -> profile=private | protocol=6 | dir=in | action=allow | name=bitcomet - a bittorrent client | app=c:\program files (x86)\bitcomet\bitcomet.exe |
TCP Query User{46EF92E2-B348-4EAF-B7F8-79EFD821C8BE}C:\program files (x86)\limewire\limewire.exe -> profile=private | protocol=6 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
TCP Query User{4A855B5C-08E4-415B-A318-79D14DF41B00}C:\users\ans\appdata\local\temp\nero web\setupxu.exe -> profile=private | protocol=6 | dir=in | action=allow | name=setupxu.exe | app=c:\users\ans\appdata\local\temp\nero web\setupxu.exe |
TCP Query User{5015070E-09C2-488B-AFBB-271A8DAC7E8D}C:\program files (x86)\limewire\limewire.exe -> profile=public | protocol=6 | dir=in | action=block | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
TCP Query User{80DDDB99-E1BF-4E81-AD60-881C2F4AFE77}C:\program files (x86)\bitlord\bitlord.exe -> profile=private | protocol=6 | dir=in | action=allow | name=bitlord | app=c:\program files (x86)\bitlord\bitlord.exe |
TCP Query User{831A862B-385A-41AE-9377-94AE57343F26}C:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe -> profile=public | protocol=6 | dir=in | action=block | name=nero mediahome | app=c:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe |
TCP Query User{A5B38501-59D6-458F-9613-F81CD6574D08}C:\program files (x86)\bitcomet\bitcomet.exe -> profile=public | protocol=6 | dir=in | action=block | name=bitcomet - a bittorrent client | app=c:\program files (x86)\bitcomet\bitcomet.exe |
TCP Query User{A8C59A48-0B0A-418A-8161-93CBF642316C}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=6 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
TCP Query User{A9F6BDFD-A593-4EFC-8343-01663CA849E7}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe -> profile=public | protocol=6 | dir=in | action=allow | name=nokia service layer host process | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
TCP Query User{B3FBC116-5381-4811-A74D-C2B04DEC8655}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe -> profile=public | protocol=6 | dir=in | action=allow | name=nokia software updater | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
TCP Query User{C19A0DEF-DAE2-4A84-AACB-C3B9CDFEF22F}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
TCP Query User{CD34458D-CC9A-4161-9463-CF7145196972}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe -> profile=private | protocol=6 | dir=in | action=allow | name=nero home | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
TCP Query User{E3921F37-F1DE-4F3A-9CA8-8D0D1C57129B}C:\program files (x86)\marvell\61xx\apache2\bin\apache.exe -> profile=public | protocol=6 | dir=in | action=allow | name=apache http server | app=c:\program files (x86)\marvell\61xx\apache2\bin\apache.exe |
UDP Query User{1FA3594E-FD3B-48FE-848D-7697795A9732}C:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe -> profile=public | protocol=17 | dir=in | action=block | name=nero mediahome | app=c:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe |
UDP Query User{283039E8-F267-4697-8F0F-F453CF6E75C2}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe -> profile=private | protocol=17 | dir=in | action=allow | name=nero home | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
UDP Query User{38C51128-501B-4DF4-B859-BE865D31BA19}C:\program files (x86)\frostwire\frostwire.exe -> profile=private | protocol=17 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe |
UDP Query User{57038DA1-AEAD-4E91-B6E2-D358394325FF}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=17 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
UDP Query User{6DCF702D-79F4-42B7-8E45-EAA5E6FBF258}C:\program files (x86)\bitcomet\bitcomet.exe -> profile=public | protocol=17 | dir=in | action=block | name=bitcomet - a bittorrent client | app=c:\program files (x86)\bitcomet\bitcomet.exe |
UDP Query User{7025C8C1-30B7-47ED-8ED6-2579193CD64E}C:\program files (x86)\bitcomet\bitcomet.exe -> profile=private | protocol=17 | dir=in | action=allow | name=bitcomet - a bittorrent client | app=c:\program files (x86)\bitcomet\bitcomet.exe |
UDP Query User{7D6751CF-E96C-4E45-A3A9-120A72CBD51A}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
UDP Query User{8748EF7F-2530-4C5B-A28B-D174F60DCC6C}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe -> profile=public | protocol=17 | dir=in | action=allow | name=nokia software updater | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
UDP Query User{9723DB15-E61F-43E6-8B3E-DD4A42AB2831}C:\program files (x86)\marvell\61xx\apache2\bin\apache.exe -> profile=public | protocol=17 | dir=in | action=allow | name=apache http server | app=c:\program files (x86)\marvell\61xx\apache2\bin\apache.exe |
UDP Query User{C98D2A28-4688-4B9F-8209-3C1B4732695B}C:\program files (x86)\bitlord\bitlord.exe -> profile=private | protocol=17 | dir=in | action=allow | name=bitlord | app=c:\program files (x86)\bitlord\bitlord.exe |
UDP Query User{CB13B60D-CBDF-4695-B585-083F8D30988D}C:\users\ans\appdata\local\temp\nero web\setupxu.exe -> profile=private | protocol=17 | dir=in | action=allow | name=setupxu.exe | app=c:\users\ans\appdata\local\temp\nero web\setupxu.exe |
UDP Query User{E0B74478-E67A-45BA-BDEB-F4F6A6D35CB3}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe -> profile=public | protocol=17 | dir=in | action=allow | name=nokia service layer host process | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
UDP Query User{EF728F4D-9E3A-481B-96DF-A64E28ED4231}C:\program files (x86)\common files\ahead\nero web\setupx.exe -> profile=private | protocol=17 | dir=in | action=block | name=msi starter | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe |
UDP Query User{FD60AF72-48C6-444A-8021-62450FD3BA4E}C:\program files (x86)\limewire\limewire.exe -> profile=private | protocol=17 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
UDP Query User{FEF76B4C-833B-4EC9-A73D-6B34706BEEB0}C:\program files (x86)\limewire\limewire.exe -> profile=public | protocol=17 | dir=in | action=block | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/04/11 06:34:39 | 000,079,872 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{7262a896-0071-11df-920d-a394d49931db}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7262a896-0071-11df-920d-a394d49931db}\shell\AutoRun\command
\{7262a896-0071-11df-920d-a394d49931db}\shell\AutoRun\command\\"" -> F:\installer.exe [F:\installer.exe] -> File not found
\{7262a896-0071-11df-920d-a394d49931db}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7262a896-0071-11df-920d-a394d49931db}\shell\verb\command
\{7262a896-0071-11df-920d-a394d49931db}\shell\verb\command\\"" -> F:\installer.exe [F:\installer.exe] -> File not found
\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\shell
\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\shell\AutoRun\command
\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\shell\AutoRun\command\\"" -> D:\.\Bin\Assetup.exe [D:\.\Bin\Assetup.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
ComboFix.exe -> C:\Users\Ans\Desktop\ComboFix.exe -> File not found
OTS.exe -> C:\Users\Ans\Desktop\OTS.exe -> [2010/05/18 22:03:31 | 000,640,000 | ---- | C] (OldTimer Tools)
32788R22FWJFW -> C:\32788R22FWJFW -> [2010/05/18 21:59:21 | 000,000,000 | ---D | C]
pctgntdi64.sys -> C:\Windows\SysNative\drivers\pctgntdi64.sys -> [2010/05/18 21:02:26 | 000,306,648 | ---- | C] (PC Tools)
pctwfpfilter64.sys -> C:\Windows\SysNative\drivers\pctwfpfilter64.sys -> [2010/05/18 21:02:26 | 000,133,072 | ---- | C] (PC Tools)
PCTCore64.sys -> C:\Windows\SysNative\drivers\PCTCore64.sys -> [2010/05/18 21:02:24 | 000,233,488 | ---- | C] (PC Tools)
pctplsg64.sys -> C:\Windows\SysNative\drivers\pctplsg64.sys -> [2010/05/18 21:02:22 | 000,092,896 | ---- | C] (PC Tools)
Spyware Doctor -> C:\Program Files (x86)\Spyware Doctor -> [2010/05/18 21:02:19 | 000,000,000 | ---D | C]
PC Tools -> C:\Users\Ans\AppData\Roaming\PC Tools -> [2010/05/18 21:02:19 | 000,000,000 | ---D | C]
PC Tools -> C:\ProgramData\PC Tools -> [2010/05/18 21:02:19 | 000,000,000 | ---D | C]
PC Tools -> C:\Program Files (x86)\Common Files\PC Tools -> [2010/05/18 21:02:19 | 000,000,000 | ---D | C]
TEMP -> C:\ProgramData\TEMP -> [2010/05/18 21:01:58 | 000,000,000 | ---D | C]
sdasetup.exe -> C:\Users\Ans\Desktop\sdasetup.exe -> [2010/05/18 21:00:06 | 036,592,752 | ---- | C] (PC Tools )
STOPzilla_Setup.exe -> C:\Users\Ans\Desktop\STOPzilla_Setup.exe -> [2010/05/18 20:56:50 | 000,390,656 | ---- | C] (iS3, Inc.)
Malwarebytes -> C:\Users\Ans\AppData\Roaming\Malwarebytes -> [2010/05/18 20:47:28 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/05/18 20:47:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/05/18 20:47:20 | 000,024,664 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/05/18 20:47:20 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/05/18 20:47:20 | 000,000,000 | ---D | C]
mbam-setup-1.46.exe -> C:\Users\Ans\Desktop\mbam-setup-1.46.exe -> [2010/05/18 20:46:15 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
twutmhtys -> C:\Users\Ans\AppData\Local\twutmhtys -> [2010/05/18 20:06:18 | 000,000,000 | ---D | C]
YouTube Downloader -> C:\Program Files (x86)\YouTube Downloader -> [2010/05/01 18:30:40 | 000,000,000 | ---D | C]
1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp ->
1 C:\Users\Ans\AppData\Roaming\*.tmp files -> C:\Users\Ans\AppData\Roaming\*.tmp ->

[Files/Folders - Modified Within 30 Days]
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/05/19 19:41:59 | 011,329,652 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/05/19 19:41:58 | 005,571,970 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/05/19 19:41:56 | 000,004,888 | ---- | M] ()
NTUSER.DAT -> C:\Users\Ans\NTUSER.DAT -> [2010/05/19 19:40:44 | 005,242,880 | -HS- | M] ()
Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2010/05/19 19:38:18 | 000,000,880 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/05/19 19:37:32 | 000,000,896 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/05/19 19:37:01 | 000,000,892 | ---- | M] ()
Config.MPF -> C:\Windows\SysNative\Config.MPF -> [2010/05/19 19:36:46 | 000,012,581 | ---- | M] ()
61xx.xml -> C:\Windows\SysWow64\61xx.xml -> [2010/05/19 19:35:59 | 000,000,294 | ---- | M] ()
mvraidver.dat -> C:\Windows\mvraidver.dat -> [2010/05/19 19:35:56 | 000,000,009 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/19 19:35:53 | 000,003,760 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/19 19:35:53 | 000,003,760 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/05/19 19:35:48 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/05/19 19:35:47 | 000,067,584 | --S- | M] ()
GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000UA.job -> [2010/05/19 19:20:59 | 000,000,898 | ---- | M] ()
NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Ans\NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/19 18:26:46 | 000,524,288 | -HS- | M] ()
NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TM.blf -> C:\Users\Ans\NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TM.blf -> [2010/05/19 18:26:46 | 000,065,536 | -HS- | M] ()
bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2010/05/18 23:37:35 | 000,004,268 | ---- | M] ()
IconCache.db -> C:\Users\Ans\AppData\Local\IconCache.db -> [2010/05/18 23:37:27 | 002,772,129 | -H-- | M] ()
OTS.exe -> C:\Users\Ans\Desktop\OTS.exe -> [2010/05/18 22:03:32 | 000,640,000 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000Core.job -> [2010/05/18 21:21:00 | 000,000,846 | ---- | M] ()
Spyware Doctor.lnk -> C:\Users\Public\Desktop\Spyware Doctor.lnk -> [2010/05/18 21:02:23 | 000,001,813 | ---- | M] ()
sdasetup.exe -> C:\Users\Ans\Desktop\sdasetup.exe -> [2010/05/18 21:01:08 | 036,592,752 | ---- | M] (PC Tools )
STOPzilla_Setup.exe -> C:\Users\Ans\Desktop\STOPzilla_Setup.exe -> [2010/05/18 20:56:51 | 000,390,656 | ---- | M] (iS3, Inc.)
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/05/18 20:47:23 | 000,000,848 | ---- | M] ()
mbam-setup-1.46.exe -> C:\Users\Ans\Desktop\mbam-setup-1.46.exe -> [2010/05/18 20:46:17 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
syssvc.exe -> C:\Users\Ans\AppData\Local\syssvc.exe -> [2010/05/18 20:22:27 | 000,059,648 | ---- | M] ()
YouTube- Bismillah Sher Part 2.mp4 -> C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 2.mp4 -> [2010/05/12 21:28:30 | 020,609,470 | ---- | M] ()
YouTube- Bismillah Sher Part 1.mp4 -> C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 1.mp4 -> [2010/05/12 21:26:51 | 018,926,115 | ---- | M] ()
YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4 -> C:\Users\Ans\Documents\YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4 -> [2010/05/08 20:29:49 | 012,679,402 | ---- | M] ()
YouTube- 2pac-Tupac Heartz Of Men.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Tupac Heartz Of Men.mp4 -> [2010/05/03 14:40:14 | 007,519,060 | ---- | M] ()
YouTube- 2Pac - Until The End Of Time.mp4 -> C:\Users\Ans\Documents\YouTube- 2Pac - Until The End Of Time.mp4 -> [2010/05/03 14:35:04 | 013,845,607 | ---- | M] ()
YouTube- 2pac-Tupac Only God Can Judge Me.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Tupac Only God Can Judge Me.mp4 -> [2010/05/03 14:31:00 | 007,928,213 | ---- | M] ()
YouTube- 2pac-Only Fear Of Death.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Only Fear Of Death.mp4 -> [2010/05/03 14:21:52 | 023,604,917 | ---- | M] ()
YouTube- IMRAN KHAN BEWAFA.mp4 -> C:\Users\Ans\Documents\YouTube- IMRAN KHAN BEWAFA.mp4 -> [2010/05/01 18:54:17 | 060,631,356 | ---- | M] ()
YouTube- tere liye atif aslam song of (prince ).mp4 -> C:\Users\Ans\Documents\YouTube- tere liye atif aslam song of (prince ).mp4 -> [2010/05/01 18:48:10 | 005,416,651 | ---- | M] ()
YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4 -> C:\Users\Ans\Documents\YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4 -> [2010/05/01 18:43:44 | 007,855,114 | ---- | M] ()
YouTube- The Game, 50 Cent - Hate It Or Love It.mp4 -> C:\Users\Ans\Documents\YouTube- The Game, 50 Cent - Hate It Or Love It.mp4 -> [2010/05/01 18:34:56 | 016,050,451 | ---- | M] ()
YouTube Downloader.lnk -> C:\Users\Ans\Desktop\YouTube Downloader.lnk -> [2010/05/01 18:30:40 | 000,000,961 | ---- | M] ()
Google Chrome.lnk -> C:\Users\Ans\Desktop\Google Chrome.lnk -> [2010/04/30 20:21:32 | 000,002,032 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/04/29 17:35:45 | 000,381,848 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation)
diagwrn.xml -> C:\Windows\diagwrn.xml -> [2010/04/28 21:04:57 | 000,001,908 | ---- | M] ()
diagerr.xml -> C:\Windows\diagerr.xml -> [2010/04/28 21:04:57 | 000,001,908 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Ans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/04/20 21:11:16 | 000,065,024 | ---- | M] ()
14 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp ->
1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp ->
1 C:\Users\Ans\AppData\Roaming\*.tmp files -> C:\Users\Ans\AppData\Roaming\*.tmp ->

[Files - No Company Name]
pctgntdi64.cat -> C:\Windows\SysNative\drivers\pctgntdi64.cat -> [2010/05/18 21:02:26 | 000,007,357 | ---- | C] ()
pctcore64.cat -> C:\Windows\SysNative\drivers\pctcore64.cat -> [2010/05/18 21:02:24 | 000,007,353 | ---- | C] ()
Spyware Doctor.lnk -> C:\Users\Public\Desktop\Spyware Doctor.lnk -> [2010/05/18 21:02:23 | 000,001,813 | ---- | C] ()
pctplsg64.cat -> C:\Windows\SysNative\drivers\pctplsg64.cat -> [2010/05/18 21:02:22 | 000,007,353 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/05/18 20:47:23 | 000,000,848 | ---- | C] ()
syssvc.exe -> C:\Users\Ans\AppData\Local\syssvc.exe -> [2010/05/18 20:22:27 | 000,059,648 | ---- | C] ()
YouTube- Bismillah Sher Part 2.mp4 -> C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 2.mp4 -> [2010/05/12 21:28:30 | 020,609,470 | ---- | C] ()
YouTube- Bismillah Sher Part 1.mp4 -> C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 1.mp4 -> [2010/05/12 21:26:50 | 018,926,115 | ---- | C] ()
YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4 -> C:\Users\Ans\Documents\YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4 -> [2010/05/08 20:29:49 | 012,679,402 | ---- | C] ()
YouTube- 2pac-Tupac Heartz Of Men.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Tupac Heartz Of Men.mp4 -> [2010/05/03 14:40:14 | 007,519,060 | ---- | C] ()
YouTube- 2Pac - Until The End Of Time.mp4 -> C:\Users\Ans\Documents\YouTube- 2Pac - Until The End Of Time.mp4 -> [2010/05/03 14:35:03 | 013,845,607 | ---- | C] ()
YouTube- 2pac-Tupac Only God Can Judge Me.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Tupac Only God Can Judge Me.mp4 -> [2010/05/03 14:30:59 | 007,928,213 | ---- | C] ()
YouTube- 2pac-Only Fear Of Death.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Only Fear Of Death.mp4 -> [2010/05/03 14:21:51 | 023,604,917 | ---- | C] ()
YouTube- IMRAN KHAN BEWAFA.mp4 -> C:\Users\Ans\Documents\YouTube- IMRAN KHAN BEWAFA.mp4 -> [2010/05/01 18:54:16 | 060,631,356 | ---- | C] ()
YouTube- tere liye atif aslam song of (prince ).mp4 -> C:\Users\Ans\Documents\YouTube- tere liye atif aslam song of (prince ).mp4 -> [2010/05/01 18:48:10 | 005,416,651 | ---- | C] ()
YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4 -> C:\Users\Ans\Documents\YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4 -> [2010/05/01 18:43:44 | 007,855,114 | ---- | C] ()
YouTube- The Game, 50 Cent - Hate It Or Love It.mp4 -> C:\Users\Ans\Documents\YouTube- The Game, 50 Cent - Hate It Or Love It.mp4 -> [2010/05/01 18:34:55 | 016,050,451 | ---- | C] ()
YouTube Downloader.lnk -> C:\Users\Ans\Desktop\YouTube Downloader.lnk -> [2010/05/01 18:30:40 | 000,000,961 | ---- | C] ()
diagwrn.xml -> C:\Windows\diagwrn.xml -> [2010/04/28 20:57:46 | 000,001,908 | ---- | C] ()
diagerr.xml -> C:\Windows\diagerr.xml -> [2010/04/28 20:57:46 | 000,001,908 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\SysWow64\EhStorAuthn.dll -> [2009/09/24 18:18:33 | 000,117,248 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/09/24 18:16:56 | 000,368,640 | ---- | C] ()
Days5.ini -> C:\Windows\SysWow64\Days5.ini -> [2009/03/05 23:06:46 | 000,000,031 | ---- | C] ()
AudioDrv.ini -> C:\Windows\SysWow64\AudioDrv.ini -> [2008/08/21 01:03:33 | 000,003,118 | ---- | C] ()
OemSpiE.dll -> C:\Windows\SysWow64\OemSpiE.dll -> [2008/08/21 01:02:37 | 000,148,480 | ---- | C] ()
ludap17.ini -> C:\Windows\SysWow64\ludap17.ini -> [2008/08/21 01:02:34 | 000,003,348 | R--- | C] ()
ctzapxx.ini -> C:\Windows\SysWow64\ctzapxx.ini -> [2008/08/21 01:02:34 | 000,000,078 | R--- | C] ()
APOMngr.DLL -> C:\Windows\SysWow64\APOMngr.DLL -> [2008/08/21 01:02:30 | 000,108,544 | ---- | C] ()
CmdRtr.DLL -> C:\Windows\SysWow64\CmdRtr.DLL -> [2008/08/21 01:02:30 | 000,069,120 | ---- | C] ()
Ascd_log.ini -> C:\Windows\Ascd_log.ini -> [2008/08/20 22:38:20 | 000,015,231 | ---- | C] ()
Ascd_tmp.ini -> C:\Windows\Ascd_tmp.ini -> [2008/08/20 22:37:54 | 000,014,915 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/21 03:49:10 | 000,060,124 | ---- | C] ()
P17EP.ini -> C:\Windows\P17EP.ini -> [2007/07/02 09:58:14 | 000,001,970 | ---- | C] ()
php.ini -> C:\Windows\php.ini -> [2007/05/23 01:17:30 | 000,047,395 | ---- | C] ()
zraidtray.ini -> C:\Windows\zraidtray.ini -> [2007/04/26 02:21:36 | 000,000,236 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 16:06:34 | 000,037,665 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 16:06:34 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 16:06:34 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 16:06:34 | 000,026,040 | ---- | C] ()
ASUSHWIO.SYS -> C:\Windows\SysWow64\drivers\ASUSHWIO.SYS -> [2006/10/11 12:33:58 | 000,010,288 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
[/code]

icemen
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-18
OS OS : vista 64 bit
Points Points : 24136
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware software alert

Post by icemen on Wed May 19, 2010 2:59 pm

It didn't create a Extras.txt. on my desktop only a OTS.txt same as the one above?

icemen
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-18
OS OS : vista 64 bit
Points Points : 24136
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware software alert

Post by Belahzur on Wed May 19, 2010 6:39 pm

Hello.
That is OTS you ran, not OTL.

Please read my instructions carefully.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware software alert

Post by icemen on Thu May 20, 2010 2:10 pm

Sorry dude

I have got my internet working aswell now, all seem fine but can just still check the below correct OTL files.
Oh yea & let me know where to post feedback as you guyz are relly good, keep it up.

OTL.txt

OTL logfile created on: 20/05/2010 18:54:50 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Ans\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 185.94 Gb Free Space | 39.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ICEMAN
Current User Name: Ans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/20 18:54:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Ans\Desktop\OTL.exe
PRC - [2010/03/06 22:15:56 | 000,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2010/03/06 22:15:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/11 21:45:19 | 000,122,880 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/12/02 15:20:19 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/08/20 23:42:21 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/04 11:37:52 | 002,157,096 | ---- | M] (Palit Microsystems, Inc.) -- C:\Program Files (x86)\VDOTool\TBPANEL.exe
PRC - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2007/11/27 19:13:44 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2007/10/26 16:28:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\PC-TV\WinManager\WinManager.exe
PRC - [2007/06/12 19:54:12 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe
PRC - [2007/05/23 01:17:02 | 000,020,539 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe
PRC - [2006/11/09 10:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe


========== Modules (SafeList) ==========

MOD - [2010/05/20 18:54:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Ans\Desktop\OTL.exe
MOD - [2009/12/23 17:11:18 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 07:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/21 03:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/25 02:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/09/16 11:23:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/09/16 10:15:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/04/11 08:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/04/11 08:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/04/11 08:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2009/04/11 08:11:04 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2008/01/21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/21 03:47:07 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2008/01/21 03:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 16:57:18 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 05:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2007/06/12 19:54:12 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2007/05/23 01:17:02 | 000,020,539 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe -- (MRUWebService)
SRV - [2006/11/02 14:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 07:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 07:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 10:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/09/16 10:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/04/11 08:15:30 | 000,160,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/04/11 06:40:06 | 000,694,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2009/04/11 06:39:57 | 000,178,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/04/11 06:39:55 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2009/04/11 06:39:53 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2009/04/11 06:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/04/11 05:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/04/09 14:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/02/09 08:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/02/09 08:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/02/09 08:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/02/09 08:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/09/17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/10 19:20:16 | 000,021,504 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2008/03/11 18:57:34 | 001,226,112 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\716xBDA.sys -- (716xBDA)
DRV:64bit: - [2008/01/21 03:46:10 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2007/12/17 20:32:00 | 000,056,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\l160x64.sys -- (AtcL001)
DRV:64bit: - [2007/11/16 11:11:08 | 001,276,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2007/08/10 17:11:54 | 000,021,504 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\716xHID.sys -- (716xHID)
DRV:64bit: - [2007/06/15 08:52:26 | 000,163,736 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2006/11/02 06:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/11/01 08:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2008/08/20 21:15:31 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2006/09/18 22:36:40 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 22:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.39.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/10 00:34:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/04/21 19:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/06/20 21:00:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord [2010/03/06 22:16:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/06 22:16:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/16 19:59:20 | 000,000,000 | ---D | M]

[2009/02/16 22:51:09 | 000,000,000 | ---D | M] -- C:\Users\Ans\AppData\Roaming\mozilla\Extensions
[2009/02/16 22:51:09 | 000,000,000 | ---D | M] -- C:\Users\Ans\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/05/19 20:48:48 | 000,000,000 | ---D | M] -- C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions
[2009/08/31 10:56:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 20:53:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/29 20:40:56 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/29 20:41:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/31 10:55:29 | 000,001,957 | ---- | M] () -- C:\Users\Ans\AppData\Roaming\Mozilla\FireFox\Profiles\vm2xwwws.default\searchplugins\bing.xml
[2010/03/30 21:59:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/11/26 20:38:13 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2008/08/20 23:42:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/12/02 09:11:44 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/02 09:11:44 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/02 09:11:44 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/02 09:11:44 | 000,000,831 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files (x86)\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files (x86)\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [Creative MediaSource Go] C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\VDOTool\TBPanel.exe (Palit Microsystems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\Ans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Marvell ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ans\Pictures\Merc SLR.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ans\Pictures\Merc SLR.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7262a896-0071-11df-920d-a394d49931db}\Shell\AutoRun\command - "" = F:\installer.exe -- File not found
O33 - MountPoints2\{7262a896-0071-11df-920d-a394d49931db}\Shell\verb\command - "" = F:\installer.exe -- File not found
O33 - MountPoints2\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/20 18:54:21 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Ans\Desktop\OTL.exe
[2010/05/18 21:59:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/18 21:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/05/18 20:47:28 | 000,000,000 | ---D | C] -- C:\Users\Ans\AppData\Roaming\Malwarebytes
[2010/05/18 20:47:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/18 20:47:20 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/18 20:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/18 20:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/18 20:06:18 | 000,000,000 | ---D | C] -- C:\Users\Ans\AppData\Local\twutmhtys
[2010/05/01 18:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Ans\AppData\Roaming\*.tmp files -> C:\Users\Ans\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 18:58:13 | 005,242,880 | -HS- | M] () -- C:\Users\Ans\NTUSER.DAT
[2010/05/20 18:55:23 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/20 18:54:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Ans\Desktop\OTL.exe
[2010/05/20 18:49:36 | 011,366,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/20 18:49:36 | 005,590,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/20 18:49:35 | 000,004,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/20 18:46:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/20 18:45:02 | 000,013,079 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/05/20 18:44:18 | 000,000,294 | ---- | M] () -- C:\Windows\SysWow64\61xx.xml
[2010/05/20 18:44:16 | 000,000,009 | ---- | M] () -- C:\Windows\mvraidver.dat
[2010/05/20 18:44:01 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/20 18:44:01 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/20 18:43:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/20 18:43:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/19 22:42:10 | 000,524,288 | -HS- | M] () -- C:\Users\Ans\NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TMContainer00000000000000000001.regtrans-ms
[2010/05/19 22:42:10 | 000,065,536 | -HS- | M] () -- C:\Users\Ans\NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TM.blf
[2010/05/19 22:42:00 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/19 22:41:55 | 002,872,399 | -H-- | M] () -- C:\Users\Ans\AppData\Local\IconCache.db
[2010/05/19 22:37:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/19 22:21:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000UA.job
[2010/05/19 21:21:00 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000Core.job
[2010/05/19 21:19:00 | 000,002,651 | ---- | M] () -- C:\Users\Ans\Desktop\Microsoft Office Word 2007.lnk
[2010/05/18 20:47:23 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 20:22:27 | 000,059,648 | ---- | M] () -- C:\Users\Ans\AppData\Local\syssvc.exe
[2010/05/12 21:28:30 | 020,609,470 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 2.mp4
[2010/05/12 21:26:51 | 018,926,115 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 1.mp4
[2010/05/08 20:29:49 | 012,679,402 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4
[2010/05/03 14:40:14 | 007,519,060 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- 2pac-Tupac Heartz Of Men.mp4
[2010/05/03 14:35:04 | 013,845,607 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- 2Pac - Until The End Of Time.mp4
[2010/05/03 14:31:00 | 007,928,213 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- 2pac-Tupac Only God Can Judge Me.mp4
[2010/05/03 14:21:52 | 023,604,917 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- 2pac-Only Fear Of Death.mp4
[2010/05/01 18:54:17 | 060,631,356 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- IMRAN KHAN BEWAFA.mp4
[2010/05/01 18:48:10 | 005,416,651 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- tere liye atif aslam song of (prince ).mp4
[2010/05/01 18:43:44 | 007,855,114 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4
[2010/05/01 18:34:56 | 016,050,451 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- The Game, 50 Cent - Hate It Or Love It.mp4
[2010/05/01 18:30:40 | 000,000,961 | ---- | M] () -- C:\Users\Ans\Desktop\YouTube Downloader.lnk
[2010/04/30 20:21:32 | 000,002,032 | ---- | M] () -- C:\Users\Ans\Desktop\Google Chrome.lnk
[2010/04/29 17:35:45 | 000,381,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/28 21:04:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/04/28 21:04:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/04/20 21:11:16 | 000,065,024 | ---- | M] () -- C:\Users\Ans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Ans\AppData\Roaming\*.tmp files -> C:\Users\Ans\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/19 20:34:54 | 000,010,610 | ---- | C] () -- C:\Users\Ans\AppData\Local\dd_vcredistUI34B0.txt
[2010/05/19 20:34:53 | 000,437,780 | ---- | C] () -- C:\Users\Ans\AppData\Local\dd_vcredistMSI34AD.txt
[2010/05/19 20:34:53 | 000,012,534 | ---- | C] () -- C:\Users\Ans\AppData\Local\dd_vcredistUI34AD.txt
[2010/05/18 20:47:23 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 20:22:27 | 000,059,648 | ---- | C] () -- C:\Users\Ans\AppData\Local\syssvc.exe
[2010/05/12 21:28:30 | 020,609,470 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 2.mp4
[2010/05/12 21:26:50 | 018,926,115 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 1.mp4
[2010/05/08 20:29:49 | 012,679,402 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4
[2010/05/03 14:40:14 | 007,519,060 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- 2pac-Tupac Heartz Of Men.mp4
[2010/05/03 14:35:03 | 013,845,607 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- 2Pac - Until The End Of Time.mp4
[2010/05/03 14:30:59 | 007,928,213 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- 2pac-Tupac Only God Can Judge Me.mp4
[2010/05/03 14:21:51 | 023,604,917 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- 2pac-Only Fear Of Death.mp4
[2010/05/01 18:54:16 | 060,631,356 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- IMRAN KHAN BEWAFA.mp4
[2010/05/01 18:48:10 | 005,416,651 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- tere liye atif aslam song of (prince ).mp4
[2010/05/01 18:43:44 | 007,855,114 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4
[2010/05/01 18:34:55 | 016,050,451 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- The Game, 50 Cent - Hate It Or Love It.mp4
[2010/05/01 18:30:40 | 000,000,961 | ---- | C] () -- C:\Users\Ans\Desktop\YouTube Downloader.lnk
[2010/04/28 20:57:46 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/04/28 20:57:46 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/09/24 18:18:33 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/24 18:16:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/05 23:06:46 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\Days5.ini
[2008/08/21 01:03:33 | 000,003,118 | ---- | C] () -- C:\Windows\SysWow64\AudioDrv.ini
[2008/08/21 01:02:37 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2008/08/21 01:02:34 | 000,003,348 | R--- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2008/08/21 01:02:34 | 000,000,078 | R--- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/08/21 01:02:30 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/08/21 01:02:30 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/08/20 22:38:20 | 000,015,231 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/08/20 22:37:54 | 000,014,915 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/01/21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/02 09:58:14 | 000,001,970 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/05/23 01:17:30 | 000,047,395 | ---- | C] () -- C:\Windows\php.ini
[2007/04/26 02:21:36 | 000,000,236 | ---- | C] () -- C:\Windows\zraidtray.ini
[2006/10/11 12:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

icemen
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-18
OS OS : vista 64 bit
Points Points : 24136
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware software alert

Post by icemen on Thu May 20, 2010 2:11 pm

extras.txt

OTL Extras logfile created on: 20/05/2010 18:54:50 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Ans\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 185.94 Gb Free Space | 39.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ICEMAN
Current User Name: Ans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- C:\Users\Ans\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = F9 D6 8E F7 10 3E CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0361C16E-3A26-467F-80FD-48698CDA19C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08A09183-2EA4-4E2D-9CC0-53F8C57F189E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0B875F51-B6E3-4E1B-BD7D-F73E5717F6F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{109F5C97-32F3-4C35-A8DB-90B71871D7AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{13951E4F-9405-4E3A-A229-4FC16C20069A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{139A4B86-AF0B-4B58-81F8-F1F53F433C2E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{13BE065B-F99C-4CEE-AC08-711FC6E48448}" = lport=11202 | protocol=17 | dir=in | name=bitcomet 11202 udp |
"{17C3B956-0F9A-4C1D-84CF-E5DF2318470F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{18A738AB-D2EC-432B-9E6A-84DBE6862450}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B108FD4-BD98-4B25-B52E-2189D9B140A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1C59E11C-F86F-4727-9048-F6C35F9F901E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FBACBAC-657B-4FE4-BA06-9D9D754ACEA5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FBDAE0F-1592-4EB3-823E-001F215024ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{221E648C-3BDC-4A30-B8FF-C7B3D855D88A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{23EE8926-97F7-4A67-815C-118CE0E226B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{262C56A7-9159-4674-9583-C47C45886A12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2742733A-9202-4084-A88F-AEAC8FB0AA5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{276278D4-7BEA-4580-B3C7-66F233D1863C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BFA98E4-3F04-4D80-83CC-FDC714BD994B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D611F5B-99CF-464E-B99D-8CFCAA99AEEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2E3E3337-1CCD-4175-8881-CE1F67A92AE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2E5DEEF3-53EB-4E75-820B-C602BCB39ED7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2EB2531F-55EB-4FE3-8914-C814735D31B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3146FCF4-6A3D-4B2A-9501-8420A36B4A6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{31880F7E-F7FB-4457-8AE3-BD53E7FD590C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3664139F-E0C8-40A2-B9E7-3EC122FF2C5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3666C74C-6F2C-4661-85E9-596C49B9C6B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3869E370-3FF7-45C7-8872-7F954A70BCFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3A8FEFF6-CDF6-468A-B9C5-4C748C7A6120}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3AA6FC7A-5B94-4098-9189-963E76254DC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B66B6ED-0AFC-4ED8-A10A-3F0AAF3BCBB1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D12B99D-B7BA-4C64-9830-B56773528431}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D5C5A57-2199-4D07-BBDF-99A2B0FF3106}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{40084DB7-39C4-4F79-8453-094B27FE28AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{44E332B6-D42D-4E06-A749-C7C5FC6A1805}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{450E74E9-2BE0-4244-B088-C2497B854078}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4EA8FA0F-8349-498F-AC99-88F1DEBE7DC0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{52283CB8-9FEF-4252-8626-BAE12A71EC62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53C04F66-AE2A-473A-B099-DFE761D156E0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54B47797-7AEA-4850-81F0-FFC8DE86BAAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{58BF44EC-5651-439D-9BB4-59F74525257D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{58DB0AB4-93A3-43AE-B730-CABEF5D40873}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5DF48A1C-669A-4885-856C-4CF790C1E41C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5FDE8010-F8B5-4467-8A74-9AD6C814B8CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{607C7B8B-CB55-43FD-A5A8-E8FA4575F1E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{60CC49CE-86EC-4808-86E0-C8DC729FFBDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{627511BE-6705-4DF1-8AA9-42AA455A92D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6317C82D-E909-4D7C-B643-BBB4A3E6D22A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{645FC600-4586-4195-AC27-DE37BA36471D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6723B40A-E309-4123-A7FF-B1CFE897C31B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{67C2017D-449D-4890-A63F-BF80E2ED68D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{68F00C20-8DA6-4D15-A87D-01ECD8978FB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6A8CBB28-CF63-4D3D-A6E7-8A72E1D84EA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6D52F856-D503-4EF1-AD95-1516555051FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{73F9FEC4-FA95-4D91-ADA2-165958B03D29}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7753EFED-3408-49F2-B68F-1777153BB8EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7AC17FD0-6B9C-4981-9874-C3EC7E8C66AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C514123-A7C1-4798-92C2-41FB79E55449}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7E3C5259-117F-4978-BEC4-8530737E55DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7EA99E76-DD94-40D9-ABA8-48B8D06D9B5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80B69CCC-E6D9-42E5-BCAD-D121C1B7F4B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{828E5FF1-4DB7-48CD-B067-B74306D0FA11}" = lport=2869 | protocol=6 | dir=in | app=system |
"{85C34359-F3AA-439F-9B5E-6EB66DCA17C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{881B5ABB-D1F4-4B06-8353-87C5BE3AA0FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{89265673-2C7D-4DD7-BEDB-FBEEFAAB74D0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A789DA3-0D8E-482B-B0F7-1F514150715A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8BEACD69-F967-48EB-98FA-5A62F6014091}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8C1EFED1-DE86-409B-AABF-FA1AD716D6E0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8F5BDE5A-6CD0-4F24-94AF-E25327BDB0F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{903BFC6A-B256-4DB1-B713-5460E4B78804}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{91345576-1E4F-4CF7-9116-45E7957DE2E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94B3F2EC-F3F9-40EA-864C-2C5C31B20014}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{95EB06F7-B61F-40AC-B871-6F784FA6909D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{973DF149-560F-465E-BD2A-CC60F66565E2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{979AE334-CFFD-4786-AFE1-A64A501FA582}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9EB4B064-9085-41BB-9738-9C2D316C8E6A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9EC1798C-532D-4487-8AD5-A573E5ECA32C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A0FE45FB-C213-4555-92E2-50A757A7DB8A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A13A31F2-30E2-4A6F-B8A6-DA63C471DA5D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A595AB48-96B2-4C8F-A480-E7F2B3B2280B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD350750-480A-47E3-BA58-97967C5F904A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD7AE0AA-EDB6-4DBE-9746-61319F61C780}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B3A8D968-89F9-4423-BD0B-8A29AFC19E75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B539DF17-7921-4C3A-9FBF-D9C723B5B154}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B7F48F0A-AD17-406B-9B97-2EE0573DC2D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BF66DB24-191A-4A7F-991F-EFCF2910B9DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BFFF53D9-0085-41B7-9EA4-276187F48E6E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C1F2F53F-1B7C-4A62-9722-50B491392626}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C519E3BB-D355-43E3-91EB-B561E9E7E272}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C799F33F-FBDD-4AAD-99C1-B5AAF5B21EB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB1F68A3-A623-4DBA-B1EC-1999DCDF9A06}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB227DEB-0C15-48B6-BB9C-2DDC6779CC84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CBBEC6DB-D0E8-407D-BF69-13A5FD650F82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CE395B04-0406-4A1D-A5F7-74399348364C}" = lport=11202 | protocol=6 | dir=in | name=bitcomet 11202 tcp |
"{D03651A2-9C87-4762-A016-684373A79DCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0E98139-5BFB-4AFC-9E0A-D6DAB04F2A9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2A54817-D8F1-44E2-988D-A04B86228370}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2C5FE38-36A1-401D-AFA3-7EDB1F51CD58}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D449CB25-A251-410C-8E59-3F4720A16278}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D44F7DEA-D8DF-413B-89DA-B49F23044F73}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5AAA37C-DA11-45FA-824A-015C76F4FB13}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D61D6F4C-6C1D-4783-92AB-9B80B3A60548}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D67DBFE0-D6F0-44E3-A6EB-F4E064092284}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D995E89F-0586-4411-B298-A6900B607BA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D9C25FC2-0114-4747-A90D-2263D4A248F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DE77A7F9-2C42-46CA-AA2F-5EB0DCD1D90B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0976DC7-C4EB-47B1-A76C-ABF86AD316BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E35074C5-77DB-4DDA-B881-55BC910A42C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F284022E-AD77-45AC-87E7-4EB276086D9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F53F9CC9-3519-466B-A57A-CFF34CDBDF13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F57433B8-7979-443C-A369-25CFE8284EDE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F8524436-24D6-461D-9029-51C979855649}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F8CE6310-05C0-4FD5-9794-E5E37713D31D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBDAD423-548A-4CDC-B6A6-DB1A79E9F514}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FC0297A6-8C1E-48C3-AEE3-05DBB3453128}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00935464-CC85-41ED-B8A8-0D97A032BE61}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{02D48B76-62B1-4CE5-B777-E59C31B5A52C}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{02DA050C-FDEC-4FEE-944F-DC62F68B1AD8}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{042C40C3-691B-4665-A4C4-6A7BF8A4F748}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{04AB1A8B-9CA7-419D-926B-68824743A41C}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{059650F5-18CE-475A-88DE-85FABF34457D}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{06796629-AAEC-4B64-9ED4-87540238F6A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{074AFF0F-066B-4B89-BFBA-BC53F6FC9F01}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{0BDFB63B-45AA-420D-94A4-344A920353A2}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{0BE3DA04-5B70-46B8-A9F1-5E32FF1969D6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0E20664D-0F0C-4C8C-B8E1-72EAA3A26ABA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{120ED917-1E23-4B26-BB85-C430C934F13F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{13F1C943-031E-4971-A0F5-2AB7C8A95C1D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{15690EC4-91A9-474F-B7FD-430518CD34AA}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{165F2780-54B5-4D83-9809-19652930A9EF}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{19074BFF-30A2-4274-874B-4ADE648F64AD}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{190C2024-04BD-4C03-8B96-DCE349CA0B53}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{191FDE98-BF52-4A62-87B9-E2BEFC94769E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1ED79B9C-A7F5-4DB2-BC61-6EAAFCCBD1DF}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{204082AF-6A44-4C53-A3C2-7284EA494DA0}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{213B7DFD-52BF-49A1-98C4-BEFAFC76DC81}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{230D04F1-F095-4DED-9164-5907614765F4}" = protocol=6 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"{233181EE-0198-48A1-A901-6FEBAB6A0A6C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2734063C-DF47-4F54-B9E2-D70D7307487B}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{2AC32713-8A7B-4640-9B05-A39CD9C7981C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2C036C61-574E-4D54-9C28-FADABE610BB0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2DC42473-7102-490E-A5C5-856AFF70340C}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{2E8159EB-CC7A-40C5-965D-44B0033EC53F}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{30E09B40-3E76-4DFA-B353-0C70E5181DC9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{324F439F-012B-4B23-893E-B6D0B7243D09}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{33E99D7F-F8D4-4D9F-838B-5023492A59DA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{34A3A752-991C-4F64-B0BF-E9A838DF065D}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{354BD128-06A1-4B24-8F84-163CE1234DF7}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{3733A1DA-D518-4209-99BD-BEEE2F18B031}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{37871CD5-7872-45C3-8388-E513550256B0}" = protocol=6 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"{37E99696-4471-4D92-8846-A059B9A6B2E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3A09EF43-25CA-4AA0-8D7E-DB622FD857F5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3BAAB933-34C4-4D64-BB0D-CE5608467FDA}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{3CF4B04B-D1FD-42D0-B1A4-9D8ADF4AB957}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3D5AADAF-8370-4B3C-B65A-83BAD1DC0309}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{3EACF80B-0276-482E-8D28-CA7B2FA5E9BE}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{41D8B957-DE6C-492F-A976-F49EBAA31945}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{45D76E44-21FE-4DDB-AB0A-E7072FE29EF4}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{478A9CCE-EC25-4AD0-AFA6-FA6471847065}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{506A18AD-B5A2-494A-8A42-29C87E058DEA}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{50999627-83D1-4406-9CD7-284C0999B350}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{538A3A90-2027-490C-93BD-121554364540}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{573C78D6-7183-459F-AA0A-014F2F8D9C5E}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{59083E02-A72A-43DB-AED2-C59F760E8538}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5A2D4085-0488-434D-9C18-3E4FAFFFC468}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5AB43B7C-150A-47F4-ABE0-62B355A7DC1F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5D611A98-4DAE-4FDD-A6F1-40C6465D0324}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5E325EF8-336D-496B-B640-C614BD26EBA4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5E50ED77-FF29-439C-A787-5CC7F4A10A41}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5EE4AF61-5F65-49C8-81B6-8CBE8D11335D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5F4B1057-3582-4801-BAF9-6ABCFB259FA5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{648865BD-C006-4D0F-97E2-881805771752}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{64D0C009-60E3-40E7-8E1B-1EDF6B966A3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{6787A5EE-ED9A-4E65-9D7D-B2AF8DF08047}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{69E4B5E6-28F0-4FEA-BB46-20C309C0DB5D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6A44C262-0011-4EEF-B410-55F5AE839C18}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{6C233F39-3E5C-4FD5-8B7A-B4308F1B93A0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6C7013BE-6F8B-4BF1-BD56-3327461B8B60}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{70287535-9F4F-4AF4-923C-2EAA496B83D6}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{70AD91C2-7EFB-4B6B-8009-05675579EC21}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{73039C32-97AB-4F02-9AC7-831F05C50B7F}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{737AABB6-8D5B-4717-ACD8-239027D6AACA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{75BCABFE-04A2-431D-B74C-589D988F5327}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{76159027-0B1F-45C7-9CAE-BAD252301D27}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{775D4BD4-F674-4C47-90C2-9F6CD1FA7115}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{77D40C22-77AD-41BE-9B00-25D9CFE64EA5}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{79134C7B-7FAE-4D82-8B04-2D6FC8C38554}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7982DF1D-652B-47AE-B3B4-AB85B15CACB8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7D095CCC-5EC8-42AA-94BE-8C24DC2F8269}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{7DC62AD9-4F36-4F4D-BB1C-089DA05FD1B7}" = protocol=17 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"{7E515211-13DE-4DA7-B2B9-C4A1D6EB4278}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{83539781-CACE-4AC1-9EC2-A132006A820E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{851EDBF7-AED4-4C15-B121-BAB10E45452F}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{85201872-6659-40DD-BAD0-42C2CA2C778B}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{896323A1-122F-4CC4-AAAB-9413E9FCAE22}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8B2BB861-1B7F-4ACC-99BD-6ACE84F039C3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8D6B59A0-9681-4678-B7E7-08BC7DF08042}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8F837A3E-DAE9-4E6E-8663-BF11CC1DB39D}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{901D40D0-0E86-4265-8449-22F2ABFAAAE3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9BE003D7-CFD6-4F31-88B9-3A7CD1A7FD83}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A58B9F22-B0A6-49A7-B853-EE6AD046CE8E}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{A6379EF5-59CD-418C-86C7-1F473E1A2AAF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A6382A61-F13D-4E44-AD1D-87D4B4568D33}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{A81EDA25-639B-4180-8F42-CC1D6B3B448F}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{A92BC841-F0E7-401B-8B5B-6640704030B0}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{ABE1E35E-0E70-4FC6-B71F-04D081DB03D3}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{B180C1EE-64F3-4FF5-A3DF-C66BE06894AA}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{B4E602E6-54B8-4822-929C-158F611FE5B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{B71D866B-6B04-45EC-A0D4-C2A68E614160}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{B8C2739D-1CF8-43D6-B027-1C21AB516A56}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{BC398307-DE3D-47F5-8767-C06433B6DE52}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{BE3F839D-717C-41C6-83A6-6F8ADF895F5C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C0222B88-94DE-46B4-A370-C6A036B42093}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{C08A3DF9-DE1B-4ABD-9BF4-F491EFBA3768}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{C4AF8342-DB45-4826-9909-AB1D87039255}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C65FEC9D-6860-4E97-99DB-EF9DF63B550A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C6E29172-0623-4F46-ADF5-9C8EC55D8CF6}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{C75FF31B-C57C-4732-9C02-902E64AA0459}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CAB21DA7-89C3-4452-B052-0D6420339C0A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CAD0F65B-CC9D-4730-A050-D820E06B5843}" = protocol=6 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"{CB82DCD5-9992-465F-A38B-7C1127C5FF5D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CCDC06D7-8A66-44AC-8635-B42FACD10503}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{CE16AD5E-4620-4C03-95B9-43B2B5D2FA37}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{DD0F4EDA-2707-431A-820A-945C676B4100}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DE07286B-D65A-4BF7-8291-DBFB7EF7D075}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DE6DF3DA-CCFB-4086-99B3-9F47C26D45F7}" = protocol=17 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"{DFFF724E-E08B-4013-A47A-F540D0150DC8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E25C2975-B43A-483A-88F8-311C06517FEB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E2E16AD7-0600-4A35-952F-233F68F57E2F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E882C34F-670C-4DB0-9078-0B85D142B7EA}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{EADC2336-BBA4-4F7A-B841-43C5D38BC323}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EC890BE3-A452-4BF0-8302-5F58C3DB53BB}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{F0897AE8-C851-4AE0-B513-4698FD73DE77}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F517D5CE-79B8-4237-8CA3-B0D4683B9A10}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F6D0411A-DB65-4F83-BAE0-82659B49C310}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FB900E2C-79A6-4AD4-9563-1EC67333757C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FC12152F-7064-4694-A9B0-1128A140808B}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{FF5DC479-0D19-4E10-A436-A003E5AD58F8}" = protocol=17 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"TCP Query User{03AD3CC6-C73F-40A0-9175-0C62BA748198}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe |
"TCP Query User{3878306E-09C5-4CA0-870B-56B33F2853CC}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{421C479D-A279-41F5-9528-2A26D71FA2D4}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"TCP Query User{46EF92E2-B348-4EAF-B7F8-79EFD821C8BE}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{4A855B5C-08E4-415B-A318-79D14DF41B00}C:\users\ans\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\ans\appdata\local\temp\nero web\setupxu.exe |
"TCP Query User{5015070E-09C2-488B-AFBB-271A8DAC7E8D}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{80DDDB99-E1BF-4E81-AD60-881C2F4AFE77}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"TCP Query User{831A862B-385A-41AE-9377-94AE57343F26}C:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe |
"TCP Query User{A5B38501-59D6-458F-9613-F81CD6574D08}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"TCP Query User{A8C59A48-0B0A-418A-8161-93CBF642316C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{A9F6BDFD-A593-4EFC-8343-01663CA849E7}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{B3FBC116-5381-4811-A74D-C2B04DEC8655}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{C19A0DEF-DAE2-4A84-AACB-C3B9CDFEF22F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{CD34458D-CC9A-4161-9463-CF7145196972}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{E3921F37-F1DE-4F3A-9CA8-8D0D1C57129B}C:\program files (x86)\marvell\61xx\apache2\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files (x86)\marvell\61xx\apache2\bin\apache.exe |
"UDP Query User{1FA3594E-FD3B-48FE-848D-7697795A9732}C:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe |
"UDP Query User{283039E8-F267-4697-8F0F-F453CF6E75C2}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{38C51128-501B-4DF4-B859-BE865D31BA19}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{57038DA1-AEAD-4E91-B6E2-D358394325FF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{6DCF702D-79F4-42B7-8E45-EAA5E6FBF258}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"UDP Query User{7025C8C1-30B7-47ED-8ED6-2579193CD64E}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"UDP Query User{7D6751CF-E96C-4E45-A3A9-120A72CBD51A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{8748EF7F-2530-4C5B-A28B-D174F60DCC6C}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{9723DB15-E61F-43E6-8B3E-DD4A42AB2831}C:\program files (x86)\marvell\61xx\apache2\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files (x86)\marvell\61xx\apache2\bin\apache.exe |
"UDP Query User{C98D2A28-4688-4B9F-8209-3C1B4732695B}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{CB13B60D-CBDF-4695-B585-083F8D30988D}C:\users\ans\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\ans\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{E0B74478-E67A-45BA-BDEB-F4F6A6D35CB3}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{EF728F4D-9E3A-481B-96DF-A64E28ED4231}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe |
"UDP Query User{FD60AF72-48C6-444A-8021-62450FD3BA4E}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{FEF76B4C-833B-4EC9-A73D-6B34706BEEB0}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0CE473E5-4187-4D59-8CC0-0983395B37DC}" = GoGear SA19xx Device Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}" = Sound Blaster X-Fi Xtreme Audio
"{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}" = Nokia PC Suite
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{847CAE64-4CD2-4B2D-AF00-978FF5431033}" = Nero 7 Ultra Edition
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE90CE58-41DE-4708-9291-A9D1D49B1033}" = SecurDisc Viewer
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C19DBE5E-712E-4F02-8380-ECEDD951B374}" = DigitalTV
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AudioCS" = Creative Audio Console
"BitComet" = BitComet 1.09
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"Image Merger .EXE_is1" = Image Merger .EXE 1.0.0.19
"LimeWire" = LimeWire PRO 5.0.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSC" = McAfee SecurityCenter
"mv61xxDriver" = marvell 61xx
"mv61xxMRU" = Marvell MRU
"Nokia PC Suite" = Nokia PC Suite
"RealPlayer 6.0" = RealPlayer
"SystemRequirementsLab" = System Requirements Lab
"VDOTool_is1" = VDOTool 6.4
"VLC media player" = VLC media player 0.9.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/12/2009 07:16:03 | Computer Name = Iceman | Source = LoadPerf | ID = 3012
Description =

Error - 27/12/2009 07:16:03 | Computer Name = Iceman | Source = LoadPerf | ID = 3011
Description =

Error - 28/12/2009 07:30:12 | Computer Name = Iceman | Source = LoadPerf | ID = 3012
Description =

Error - 28/12/2009 07:30:12 | Computer Name = Iceman | Source = LoadPerf | ID = 3011
Description =

Error - 28/12/2009 16:21:51 | Computer Name = Iceman | Source = LoadPerf | ID = 3012
Description =

Error - 28/12/2009 16:21:51 | Computer Name = Iceman | Source = LoadPerf | ID = 3011
Description =

Error - 29/12/2009 07:27:11 | Computer Name = Iceman | Source = LoadPerf | ID = 3012
Description =

Error - 29/12/2009 07:27:11 | Computer Name = Iceman | Source = LoadPerf | ID = 3011
Description =

Error - 29/12/2009 15:00:01 | Computer Name = Iceman | Source = LoadPerf | ID = 3012
Description =

Error - 29/12/2009 15:00:01 | Computer Name = Iceman | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 22/07/2009 10:28:34 | Computer Name = Iceman | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 07/22/2009 15:28:33. You may need to reschedule your recordings.

[ System Events ]
Error - 18/05/2010 18:22:44 | Computer Name = Iceman | Source = Service Control Manager | ID = 7000
Description =

Error - 19/05/2010 13:24:58 | Computer Name = Iceman | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001FC6D851B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/05/2010 13:25:26 | Computer Name = Iceman | Source = Service Control Manager | ID = 7000
Description =

Error - 19/05/2010 14:35:47 | Computer Name = Iceman | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:27:48 on 19/05/2010 was unexpected.

Error - 19/05/2010 14:35:48 | Computer Name = ICEMAN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001FC6D851B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/05/2010 14:36:00 | Computer Name = Iceman | Source = Service Control Manager | ID = 7000
Description =

Error - 19/05/2010 17:03:08 | Computer Name = Iceman | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001FC6D851B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/05/2010 17:03:51 | Computer Name = Iceman | Source = Service Control Manager | ID = 7000
Description =

Error - 20/05/2010 13:43:56 | Computer Name = Iceman | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001FC6D851B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 20/05/2010 13:45:24 | Computer Name = Iceman | Source = Service Control Manager | ID = 7000
Description =


< End of report >

icemen
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-18
OS OS : vista 64 bit
Points Points : 24136
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware software alert

Post by Belahzur on Thu May 20, 2010 6:44 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found
    [2010/05/18 20:06:18 | 000,000,000 | ---D | C] -- C:\Users\Ans\AppData\Local\twutmhtys
    [2010/05/18 20:22:27 | 000,059,648 | ---- | M] () -- C:\Users\Ans\AppData\Local\syssvc.exe



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware software alert

Post by icemen on Fri May 21, 2010 3:04 pm

Here is the fix log from notepad below.
I have also noticed a $RECYCLE.BIN folder has appeared when I deleted it tells me important system files are in there e.g desktop.ini. I still delete but when I go into C drive again its there again? Also a few folder apear like holagram or ghost folders which I never used to have in the C drive this virus? folders names are Boot, Doc & settings, MSOCache, Program Data, System Volume Info, a couple of the folders don't let me into them even though in logged in as administrator. I don't what to do?

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c5c0f58-e061-457d-9033-77307f5ed00c}\ deleted successfully.
C:\Users\Ans\AppData\Local\twutmhtys folder moved successfully.
C:\Users\Ans\AppData\Local\syssvc.exe moved successfully.

OTL by OldTimer - Version 3.2.5.0 log created on 05212010_195634

icemen
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-18
OS OS : vista 64 bit
Points Points : 24136
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware software alert

Post by Belahzur on Fri May 21, 2010 6:05 pm

Hello.

I see that you are running BitComet.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    BitComet 1.09
    Java(TM) 6 Update 7
    Java(TM) 6 Update 19

  • Click on the Uninstall/Change button at the top.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware software alert

Post by icemen on Sat May 22, 2010 3:17 pm

Hi

This in the log text

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

These where the threats found.

C:\Program Files (x86)\Nero_Burning_Rom_9_0_9_4c.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Users\Ans\AppData\Local\Temp\afa7b113.exe Win32/Olmarik.SC trojan cleaned by deleting - quarantined
C:\Users\Guest\Music\Immortal Technique - Dance with the Devil.wma probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05212010_195634\C_Users\Ans\AppData\Local\syssvc.exe Win32/SpamTool.Agent.NEG trojan cleaned by deleting - quarantined

Is my computer clean now?

I use bitcommet to download stuf, what is best one you suggest?

thankz

icemen
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-18
OS OS : vista 64 bit
Points Points : 24136
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware software alert

Post by Belahzur on Sat May 22, 2010 7:26 pm

Hello.
Sorry, can't help you with all, all forms of P2P have their risks.

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware software alert

Post by icemen on Wed May 26, 2010 4:30 pm

Hi

Thanks for all your help, couldn't have done it without you. I think computer is working fine now.
you guyz are the best!!!

icemen
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-18
OS OS : vista 64 bit
Points Points : 24136
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum