also @ TechSpot: Apple's iOS 7 to be "black, white and flat all over"

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Google Redirects and unauthorized attempts to connect to Sites, Vista

Discussion in 'Virus and Malware Removal' started by Demianwulf, Oct 29, 2010.

Page 2 of 5

Broni Malware Annihilator Posts: 39,437 +177

....and Extras.txt....

Broni, Nov 1, 2010

#21
Demianwulf Newcomer, in training Posts: 74

OTL Extras logfile created on: 10/31/2010 4:34:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\WulfTop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 8.54 Gb Free Space | 7.64% Space Free | Partition Type: NTFS

Computer Name: WULFTOP | User Name: WulfTop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1846439569-3478701832-3505936554-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F80AFE-586F-405F-847B-4AA8CCDD5C1E}" = lport=137 | protocol=17 | dir=in | app=system |
"{010FF56D-0C93-41BE-A66F-224A5E014595}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{02494C12-0E10-4E39-80A6-FFF0CD07474D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{039F2FDE-FA97-456B-B69E-10C316C4954D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{03D09F67-73F2-4C68-A547-1B0BCF58001E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{0ADEC85A-CB10-47A8-A175-7C4E209C0630}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0F81FEF2-824A-416C-88D4-6C919EFCAAF3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0F9D434C-725F-4779-A851-32B5E1C70CBF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{10371269-3EEF-4658-A2E5-74A0348F2785}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{137810C3-2C8B-4879-8B95-57B55ABE4CAA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{141088AF-4D12-4983-9C75-CED914A2E4CF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{142F06D1-C9C9-40B7-B3C4-4E35B88F91F8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{15205484-FE1D-4478-B543-3693DDF395F8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{155AE22C-C48B-4B23-B7C1-346429B7CFC4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{155B55DE-886E-43EC-AC87-E11B39798539}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1565AD70-3923-4032-80CB-7B95B8E88C3C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{17B1621A-BB17-4BAF-8150-0496AA0F5746}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18300B7E-1F20-498F-BD68-FE98BD54B56F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1BB7C0BD-DB3D-4A55-B09D-010DE0EF1D47}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1BF1330F-74D5-4454-B9E4-A6BC2616AB0E}" = rport=445 | protocol=6 | dir=out | app=system |
"{1D64E61A-E1D7-430F-A281-F0AE285576E8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1DCD47F9-81DB-4C35-9EEE-25AB30A5C2ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{213D4CDE-03CE-41B5-99D2-2A213622977C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22D92ADB-B00A-49C1-914F-9301C3C7814E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{24716393-CC59-48A4-9387-A17FD565510F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{26EE2E80-E219-4F8A-97A9-FEE06B95B942}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{27172EDA-A0BD-4017-AB2A-93E8283F1E9D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{277ABE95-A167-44E7-8D1F-D5DF08618124}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{2A04E802-3474-4C3A-B160-95369BDA189E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C68C528-7E39-4AD4-8D7F-2668D43AB3FF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{2E6D829A-2AA3-4D84-B2D7-22576F676E24}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2EC41837-0472-49ED-8B29-9BF5A583E4D0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2FEA9BE3-AE7A-41F9-B7E3-5A16A5A53ED0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{30FDA66D-0A83-4F3A-BB19-927BA70154E9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{32708442-8F18-44EF-924F-F8241A600D16}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3392C83E-E042-43E1-8A84-C56A4807BA4D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{34D8D338-0D68-498D-8684-30AC52068051}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{35BA69C6-ABAB-44B4-BD25-C0ED75D90084}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{35DA5118-C305-458B-A765-5E5C58DAA1E0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3800480C-05C2-418D-BDDB-B21F0C713F8A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{38EC492A-22E7-4D24-9EE2-B647C44D3474}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3949223A-CBCC-4D73-8BF1-FCC67DBA8F0A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3A9CF58A-00E2-40D7-8539-DAA89A224257}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3B3FA717-6276-4DAD-A5BD-C67A4128F9B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C2E9391-B105-49CB-93BA-229F7D131177}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3C9220F4-3C57-4F1C-BFFB-A8CAA7ACE9AA}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CA40468-6431-432B-A567-AAC7BCB40E31}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3EC76907-B608-4C35-A983-D776E5B5215A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3FF0FD0E-430D-4152-A8F4-9A8D203611AB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{40A445BB-B02D-45A0-BFF2-F9C37BA4DFCB}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{40F1C466-9CE1-4A77-A3C3-A7E2BB9D1C2E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{42ACC1ED-1DE7-4030-8F12-777425E97E2F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4755DC46-DC33-4F36-9862-29CC48C85510}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{483E3372-58FF-4BF3-B284-5EA04D8CE97C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4861BC21-E9C1-4065-B9FD-87D03CB8F396}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4E886FF9-27CC-4587-8B87-C95E29DE1AB1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4F0F5160-2768-4C57-90A5-7B5A98E42628}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4F5345E2-ECDF-47B3-ABF3-A1C52C8AE956}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{51085C9F-DDC8-41E8-9363-4C85368ED5E1}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5268D1E5-8058-4E58-91BB-CC782DB7D426}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{52B3E42D-5FDE-4677-8736-7FB498900920}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{537340B0-C168-43F8-8A65-16B694716AD5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{53B5A8AC-CF2F-4C22-A7D1-DB238F9EFB6D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{56E8C710-079A-4DD7-9C77-B63EE2D4809B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{585672F1-AEF6-4D26-BBBC-8ECFFDFF23B7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5A0A058D-5798-49C1-B5C2-9EBAEE704A9B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5B3C8F0A-6048-4668-A000-7402832B9E8B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{5E774BAE-25D1-4B1A-8157-3521D89CF1AC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5F25950B-5722-4DB2-A8B6-04D36C901E32}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{60917961-D998-4F80-9DD4-DC4A9ADDD889}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{60BAEFAD-73F5-4DBD-813A-813B9889448E}" = rport=139 | protocol=6 | dir=out | app=system |
"{646FD581-1942-4C78-9F32-5566B8BABF13}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{65A629A0-4A44-4CAA-956D-8F03C6DFBC3F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{681CC7BE-8268-46B8-8649-E5DBC1779112}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6CD4FC27-CC60-4B29-86B6-EB9E94CABE2D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6E9D965C-8C85-4186-8FE4-7B33ADDA2C3E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{70A18C2E-B5CF-4ED1-92B9-9E7A0695941B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7130441B-E9B4-4DD0-B9E5-A2615C784224}" = rport=137 | protocol=17 | dir=out | app=system |
"{713B04DE-16FA-479B-9A39-FBB0C35690E5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{747391D3-46B7-44FE-87A0-C3A10F20B441}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{75E2A47C-BF81-41B6-BEDD-9CBDE7551C17}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{75FA01A9-1D14-40F7-B713-D964358123FA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76CE00F0-B64A-413A-A03C-2A1CF0037B39}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{76E91AE8-1014-4D3D-B81B-619984616CBE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7790D5CE-D67D-47DC-A2D2-6EEB67BE7355}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{77B428D0-B411-45A7-AF20-CB571C2F529F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7B13977C-3CD5-4F61-8B67-4506F645A9CD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7C617E88-05B6-4EEA-B11C-40ECFFE1E5EC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E549CEF-CE0E-46A3-9C0F-C1EFFA6AF2A2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8227591A-DF4B-404D-B215-0B223D18CB16}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{82AE5482-91A2-4C79-9DB9-BC85CBD9C957}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83049533-BAEE-4307-A42A-9221391286CB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{84A42A51-7D73-4109-9F5D-E3DDCF053D32}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{895D8A1C-DFED-4941-81AA-106F20E29B5F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8A1E05AE-A83D-4DB9-8D8A-EC979B086167}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8AA142CC-0C9B-4DD2-BEB2-C7505F6DD214}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8AFC0736-BB4A-4D4F-BBD3-8DA869CC7B20}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8CCB9618-8AC4-4CED-B2CD-F4C5E006AA5F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8DA3707B-E5C4-4D15-AB1E-4BF4EAE6789F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8E86998A-042B-4853-B892-3C0A5AE124B5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91E8B5C9-9F2E-4241-BBA8-7043C6BD3861}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{92EF53CF-BD03-47C1-97CB-5A47173F8AC3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{95958290-4BC7-49DC-9236-4C9E7084DBE4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9CB28E4D-5507-4263-A4DA-2FBFB285C017}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A19F576A-E1BB-4687-88B6-A2558C008D92}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A37BF5AE-4662-4CC0-8C57-8C7CE14CB347}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A40A1ADD-BA87-43C3-AA9B-35C801ED1EED}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A557F18C-D712-4873-BED7-08F22B21F6F1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{AACA3EBE-C518-4328-9020-BFD0FD3A0B77}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AD774923-F8CD-467D-A262-84FD4117E4BC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{ADD5D9CF-6FF1-442E-9245-0E227E70491E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{AE43E139-46A8-43C4-A6C4-578E82A8DA78}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AE48E564-790D-4526-9E58-0548A4F38EFD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AF1DAF5E-C138-4563-A0DA-9E94E094E806}" = lport=139 | protocol=6 | dir=in | app=system |
"{B00CC71E-CA4B-4F22-8FC0-B165D2CFB51C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B0C64DA9-A1FF-4A02-BFF5-5308338BDD1B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B27D1C9B-8A30-4EF1-8630-6CA705CA6DEA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B3CA32BA-7AC3-4448-9368-FA6D1F48E689}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B4A72791-1BAA-4642-B06C-ABE603BFC683}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B5D9AE15-210F-4F45-84A3-52DEEA1FF8C7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B5F28172-6C9B-40B5-AB73-460D8884D7B9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BC0909C7-850B-44AF-9A32-52A91BD74F12}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BC4FD368-FB1B-43E8-BE4B-B994D0DFD9CD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BC62128D-44EA-4BA2-94E1-CF4E36C27EEC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BD30CAA6-DF96-4C29-8D99-2F3EF0222EA1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0277129-E751-493B-AE6A-6C577EFD21F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C0C0B1E4-3278-413D-A456-6839144BF4A7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C218C3FD-74B1-4205-92EC-24CF4DF2A3A4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C2ABBBED-601E-44CC-8AA7-4D22B874AAC6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C384AAF1-6B4A-437B-9D5A-FECEA4174C82}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C9FBC920-ABF9-4996-90D1-B30A19F5B9A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAFE7EBD-61E4-4AFF-A1D1-9DD98CB400DE}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{CB3C2834-287D-42A0-8B8C-DE2679A62152}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CD3C3E14-171F-4BCE-997A-FA75F98ECA12}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CDBDB64B-DDBC-4F2C-884C-8118D052F268}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CEC13078-D50B-4105-B458-66155821F9C2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D49751F4-7AB3-41ED-A012-62CBC6E425D0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D53D73E0-32BF-4CFF-835B-4E85DDE24257}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D54905E9-BE39-4BCC-8465-F0B4EAC6E03D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D6D638E6-9797-4215-9FE8-0C4F69F292E4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D952AA86-FA86-4D8A-94CE-A77C51129BAE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DB33281B-6622-4D18-A954-68194DF65A22}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DC3B1832-0FC3-4124-92D4-78B00778CA12}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{DCACE458-05F6-447A-9692-619F0E99A4C1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DD010796-94B9-4753-8CC6-A0FD23196216}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DD2FB93A-CFD2-4F74-90B7-547DD7D1BFDE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2A914FF-BCC7-4BE7-A137-485D01B08CFF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E601CED7-F036-4DD2-840B-F1847A91202A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC44FED7-F302-40F7-BFA6-B5BE1426E3F1}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED31CF14-D32B-47F3-9065-DC09F48FB23D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{ED5D1728-2B4B-4B5A-AA1E-FC8B7A8A6298}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{ED76BA01-03AB-435E-909D-37ABD06EF687}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EDD73E2C-0239-495E-AE00-649C4B74C184}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EF67CC55-54ED-4736-8552-EC34EF0C4D98}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EFCEC70E-77B5-4CDF-B04A-A13954013BBC}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{EFEA2412-5843-4CB8-9391-59581AFD1989}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F4CB84C9-CB62-4F00-8E63-7631DD0989F2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F6A3C6B3-8934-4C99-B932-3C032C8B0794}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F6BC9C84-6B53-47E8-A8CA-27D0327D4BD3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F725F698-358B-4D45-BA54-1BA0DE0F9F26}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F7F35D45-81A2-4D5E-AB10-F2C03D6DA02B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F82F1857-A57F-4AEF-82BB-0CEB4AAF9A8E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{F8E55C3B-B70F-49B5-B23D-B57F55BB74BA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FA31C950-CA6A-4BCE-A1CB-C33E93EEFAB9}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{FADBBE4C-2D59-4B04-9607-9C073B3E969F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{FCD859DD-3984-4758-A161-15C404E0AC11}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{FECAA902-4191-49A6-97B6-A2270E0699DB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D5E9B-5DAD-4B3B-944B-221B70BBDD4A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{03382582-BFB1-47A1-8A16-D8AE1065818D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{03DCE02C-6901-43D1-9A67-9379502D5A55}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{03FB49E4-4D82-4ADD-8D0B-45F16A276814}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0407F2A4-CD73-47DE-8DF4-6E7770E441DF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{04932CD9-B95E-4E5F-881E-0D8A65ED193E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{05E38AC1-FD14-4606-AE13-002C710134AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0815D610-06FA-4872-B85C-FC9B588BFD51}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{09BBB080-BA29-445A-9DB5-927292E858B0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{09C8E478-AD55-4970-98BF-C8B602E691C7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{09E3CB00-8873-4253-B275-3A34C6CF7CEB}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{0BA89406-9351-4FB3-80D8-261C5B6990FE}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0E47C096-9542-4406-92F6-8D0C76D23A29}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0E5E8836-48F3-4AF5-ACEA-F27DFB1B2426}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0EF0EB4E-F8C1-4FD2-AF50-B3C041AA0696}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{102DCA7A-C677-4DB2-A4AC-4EDDC2A52395}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12786051-7FC0-493D-AD7C-BF8F5DB4F16A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{13BDCD66-5641-4D8D-9B40-8F73240CF494}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15214601-B732-4C9B-B1FD-EBB0A1FF9700}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15CA399E-420B-4944-9DBA-C2D375403B6C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1607D4B9-2601-4B25-A2E5-1293CE6FD91B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{175B143D-EB90-4274-BC14-A719DA1F03C2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{179A3E6C-47C6-424B-87CA-65597A54C326}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1979C026-AE04-4ABC-A0DA-C09B6B0C845B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A28CEBF-A430-415B-BD95-D1491DEFA0D2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1A426EAC-C244-4F75-8DBF-D179B6FEB0E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1AD4AEFD-4A6F-4528-B3E7-A0D2FD138690}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1B37F83E-75AB-419E-A0F4-96CEA1BAF90F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1B584392-1DF3-44A4-ABA5-18E8A31CDCD0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1D9207E2-FF18-4955-9F7F-6865AA5B4A55}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1E171D57-2568-4763-94B7-EC090FE45BB4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1EBF99BD-3F73-47D4-B67D-758A2D737C51}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1EEC2939-D3EF-4CAF-943E-C5B91521520D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F7DD8C0-D3BA-4EB2-9689-0E5636CCCCE2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20BCD520-DD98-41D5-B2BF-E914872996FB}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{20D2EFFC-4E01-4431-AC1B-876FEDAD6D36}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2294CDE8-6877-4F04-B608-0B1960B3F411}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22E30252-4009-4BAB-B4E8-F7A735101564}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2353297A-93FC-4C63-9F77-1567E7A38731}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{23943505-C1CF-4A48-A137-0F6A0E8E676D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{244FDF4C-18C2-4003-AF15-1802ABEDA6D4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{24D4DB1C-4D99-4B2E-AC8B-505A44420572}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{24FFB575-FCDB-40A2-A36E-F85C56EC81CF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{28E95F5E-E632-4E31-BCF5-82EF999C9035}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{2A3C10A5-644C-4501-A9F2-C2CD8876D334}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A3DF8E0-3BBC-454E-9E5D-9614769039D1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2DD4C8C0-4339-43BA-87B2-2F1533BAE42E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2F3DF510-3650-4032-A457-FD8ABE3DB1E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{302D41B3-7669-45A2-B62E-84F1A286A3B8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{30A63774-A019-4A4D-AA98-A41972EFC7E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{321C338F-A036-4C49-A1C9-677D7B9A68E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{334DE27A-AF20-43D9-9FEF-35511E1C7198}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{353418C2-10AD-42D3-BBDD-460E0BAD564E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{35B7EE5D-29AC-47B7-816C-93BE94F5A07D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{35D5C36F-2A18-481E-A820-34E1166916A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36EBEC9F-94C7-4EF4-A5DF-7D9963F4BF28}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{370F7AE7-2F9E-4855-96DA-ED56785C0EEC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{37AC8DA0-3AA8-4A02-97AD-A28CC5C54EBE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3B08F561-4324-4491-AD0D-14F99C25D97D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3B782631-2333-4801-9355-C415F899E77E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3BF5BB5A-21F3-4B75-A14A-C867A8F27086}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3C14A090-A41E-420B-84CD-5B2E0B7E810C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3C9BE420-823E-437A-AE8E-E111858EEC16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3CE3D007-738D-477E-B74A-00AA66D90501}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3F94AE19-EA1A-40FE-8F6D-FEDC7A13A69D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40DBFF9B-01A0-4FE2-B610-C9C25E3799DA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{43EDD6DE-7712-4427-BF4E-F1DEF8B33FEF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4454DBD2-0E51-415B-983E-4AC079B07917}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{459FBB82-1117-4338-9FDC-0D5732F271D3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{45AF1233-3435-4625-9012-19556F546D64}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{466B7CEF-FC61-420F-8E2A-F145A0538462}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{46DC4955-2EFA-430E-8EF0-B4D58D11C0BB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{484CB5B2-1DD1-4C24-A449-A63654D2CBE0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{48882EEB-1C60-4FCE-8D32-CA05A0A10418}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{48E6CB7B-D7D3-4C91-95C9-0F7334AECC7E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49138DEC-964E-48A0-834D-7B3E7AAD2BE4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4A39CC2C-F1C5-4FCF-AED4-51BD152A2216}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4ADC6FAB-FE60-4B36-BD6B-BE7B30471E79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B702E29-293F-4DCB-9FE9-D422EA0F9BDF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4DD68B3D-EF17-4C9D-9A4D-B047DF2426EB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4F3AA876-5D44-4B46-AC96-10134BAA7690}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{51F5327B-30A9-4F5B-B392-837D66D1DAEF}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{52375B17-76D6-4540-AF34-D8C590D0A0E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{527760D7-5FC6-419C-98A6-1F15B39FB0C5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5304DE6E-1D02-46D6-BA5B-2307F0BFBDD8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{54A52C3C-F1E4-476C-80FD-7FA44734695F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{582A6BC0-F326-42F9-B188-6A269FEFA8E2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{584188B7-5F99-4EB3-8801-D523BD5AFD2B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{588C65E7-229E-4BA0-9685-648BFA74EF76}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{59250988-DCFF-4B78-86B9-CED01BA86D64}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{59483677-1C4D-425E-B4D8-E3EEB4ACDA97}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{5A78EC14-15EE-4D69-96B0-C6510FFEB2DB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5CA21A77-D90F-4A4A-AFC2-B2FB746E27D4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5DCE4C6F-7A8C-4C27-867B-1C500F8EC3DE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5FFCF9BC-70B0-4F8D-9DB4-CCE38E2A0434}" = protocol=6 | dir=out | app=system |
"{6207E16D-E7BA-4B78-B01E-56D57515CA9A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{63925537-9E69-4778-88B0-65817485C186}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{63F04650-DED6-41D1-BAF5-661C8A81384E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{64D24DAF-7FC6-4CA8-BBF1-D5907F56D878}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{69815289-1019-4B43-AA7B-14498F4DE87A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6C7E804A-6375-41B6-9009-4438213F386A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{70507548-967C-481F-B568-11F8F27A2390}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{71F62C37-38D6-4714-9B7C-B0D6F9C1EF3D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{72F0100F-5374-49C3-B985-727F9756B3BF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{730DC661-00C7-4E22-AF55-87DCEB7A5EE6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{736FD27A-6166-441A-9B0B-359D990178D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73E496EC-F57B-40CF-A16B-B50ED8AA9C78}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{73F28391-8A44-43DA-BAB8-36767E64CC76}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{765F2C19-E392-40D8-BAC2-1854030A648D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7B746E5F-AC88-42B0-B7B8-7E9E8F6205C6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7C548850-FBC6-49AF-B146-01BEBCDD2634}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7D440C0E-D384-4B7E-9C66-78D77E846B82}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D7EE718-36D4-4CB0-8FF5-9E3F2271412E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7E084E45-B2C2-4F7E-B4AD-AF6E60DD63E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E97D678-00BD-4F40-A16E-BB2FFE165D59}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7EC7B46F-FC1D-46AC-BD46-5A8EF1BD1397}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7FEC6A15-D4AF-4F9C-87C7-CE5423E6662F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{81BDD156-A97A-4B54-9403-A4E3E8B6539B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{83A0885F-3974-457E-9147-0F29C555CE95}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{843F4A34-01D3-47D6-B543-429E0F004E58}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{84668F84-5E05-40E4-A4AC-8957D349C6EC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{84841F99-18BA-4713-9C5C-BCC9764FA3F4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8627A268-A1D7-4F8D-90DA-1F9B6B5B8616}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{87148B4D-26BA-435E-8DD6-505391B73FEE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8830A517-C784-44A5-B677-1EF45CEDD620}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{88674758-1487-4E5C-8FCA-5865CFBBABF2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{887AA9BF-7C57-49FB-81AF-6E2F87CCE519}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{89509C3F-B34C-4C67-B822-AC72AEB4078A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{89D3239A-E26B-43F7-926F-F94D4407F30B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8BF505F1-9C24-4613-9B23-34897D027906}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8C9AF6EC-9C4F-4F96-8DDD-46E422AE1840}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{8FACA785-846D-4BE3-847D-BF9233FF0CEB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{908D3D36-782D-496A-B0CA-56CF34794BE3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{913562CE-65C4-49A6-A308-4538DDCFF7E9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91583BDB-8045-4023-972E-6D0CC6432B62}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{926081A3-B54C-41C1-A0A4-E0CC76618017}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{93347FA8-46D8-4B23-8647-5D1469D2C675}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9587C2AE-48A9-4564-BF6A-0C53B51DF989}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{961C6FBE-5BA6-4E60-92B2-86A0864BB6AF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97E9862A-6B1B-41ED-8195-4107F3C9D5B6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{99C199AB-DDF9-4217-9C82-C8E9C606F3F4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{99FCE5AC-D625-48CE-9C6F-7D7E5DA7BB98}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9A9FC560-B706-48B1-ADDF-1060AE826C71}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9AEB6800-F81B-4254-9E06-2ACD397551C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BB22D9A-5407-40CE-9D6D-70F0B8B635E8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9CD8736F-CA0A-4F85-A155-91D426EC795E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9DE54B93-CA5C-4B57-AFA4-296B9697C02E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9E42A336-056E-4B73-A255-04AD982464EE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9EC1561C-229B-477C-87FD-245FFE1027F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FF9773B-8AC5-4A1D-8D37-6C1DD094A289}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A11EE0D1-C4E5-41D4-8FB7-BF9CE6317478}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A1D5B473-8F8E-4012-BCFC-777C996CD52E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A1EBE228-5F74-4B6E-8AD8-679BAA85E519}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A338C340-8301-4368-88B8-75A917A302B3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A428ED93-5DDA-4694-9BF1-172A6BF62C37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4F6C352-A021-4C1D-9C7E-D06C72A7097A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A50D251C-587B-4205-897B-EA1754E5F91E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A5D06B21-F12F-44FD-8BA6-0483FD0F417A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A60044CC-464E-43A7-8D80-5F6678B895EC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A69A10D1-D2EB-47F8-897B-38D04ED65FE2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A76C6D0E-ED0D-471E-B917-180DB5743214}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A84FE189-09C3-44E7-A83D-9E1DA832250E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A8C58CF9-11E5-45DE-BD25-9B9B50EB50CF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A8FB9339-92DE-4E27-8DEC-8F2943D9CF88}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AA8DB0DD-9F78-4369-AD65-BFA85907642A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC087716-ED3F-47A7-85AD-E8477783DA03}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC675AAA-1578-47E7-B809-B5CB1279D0CB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0ED7F60-1575-4C56-9955-9EEDDAE3E0E5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B1852A6E-360A-429A-A5EA-926790051A2F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

Demianwulf, Nov 1, 2010

#22
Demianwulf Newcomer, in training Posts: 74

"{B1B01344-7C80-47D6-8897-F157607CDD0C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B1C379DC-EC1C-4682-B115-33DC2FFE9714}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4B64DEE-BE58-4AB5-90ED-DC16ED9C86B8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B52136E4-F305-4883-9F6E-2252976E2499}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B669AD9C-6412-4164-9C12-C27113404885}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B68A9A69-C623-4F53-A7CA-C42DBC5F5A64}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B9ACAA4A-738E-4140-A753-B14D10401F51}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BB1B28A1-9274-454C-8D63-25C2F92F762A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BCB9DD07-86F3-4F85-A4E0-E733E2BF9B4A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BF6002EF-7FD2-46ED-B73F-0EB5B8136B4D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C334BBB1-4FF1-4B47-AAA0-477D9074CA60}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4ADA759-68C6-4FF9-AE24-94DBCE4D0599}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C53B4DD0-C6B1-44AB-BB37-8C5EC9C4DE64}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C7409413-FF95-4418-97D1-D8B39AEF4251}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C7E71C49-6DB8-4E4B-B68F-FA2A8E3176CB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C802B56D-BD03-43A9-BCAD-55A4875FC9E3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C8CF3DC5-0298-43FD-970D-A2BD325A51EB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9679763-E364-424A-AE72-8CDC7941812C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C96B4F98-C14D-4591-874A-9AFA7DAEF0E6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9A82F63-8653-41DA-B98C-3CAD69926BC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CBC28E51-8193-442F-A9F6-769B701BBF7D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CBE6B8E0-1769-49F6-ADBE-C79FEE84B2A9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC56C90E-D157-4092-8651-AA72A144133E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC9AC596-DFE7-4DBE-B478-49F4EFB2A358}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE144C62-B9CC-41CF-9279-A6CB3FFF4889}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CE43F32B-CB9B-4F2D-B40C-6A3BB57339CF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CF93C0FE-0243-4CEF-99A5-27BD9ECB778D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CFCC0967-7348-4746-B338-963F38913109}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D04EEDD6-E3BB-45ED-A298-355B29A894A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D08245E9-985D-4187-9C75-4B7BCF6662E1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D17A6B5D-67F0-49DA-ACB6-0B150440211B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D20AB5D5-3C29-4329-BDD0-A809CF3B5592}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D48598F9-F2CE-4A21-8B9B-7FE36B80BFA9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D4BFF057-4987-474A-8228-7B047DA84648}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D5DF0AA3-F71E-4C53-BD91-5E4B74E536B7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D79A7DF1-82C3-4AAC-8BF2-C59679D855EC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D7B28156-498E-4D9C-AD8E-DFA077024735}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D846CEB0-9843-4D75-B50B-BF6C52ED7F40}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DAC3271D-8A92-4BBE-9CBD-407E2558C735}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DC1588C1-CA2E-4C5B-948A-E92C656212BE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DC571B2F-E71B-4540-BD62-510821676061}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DCAB2084-5730-44C9-9643-05B1AEB943DC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DEA7058B-3F03-4AEC-A46E-9FEA014A5D32}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DF2DAF52-BDF2-457D-A9D7-7EB10CEF3F63}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DFA4CC72-F74F-4EFA-8779-61F223FCB41A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E23B0CCB-74CB-4316-B475-BFBAE80EBC71}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E4B11FC3-D9F7-44D5-8242-909DD010355B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E578520F-6B9D-41AF-A5F9-695A78D4185C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E5EB0661-675C-4531-AB8C-18F41AE76C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6218E52-BF7E-4BF0-AFB3-4AF86F12CC11}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E6E62312-6CDF-4C55-9368-13B9DC53DB0A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E731EED4-DCAE-4BDA-AB2C-BE56CD5766B9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E7ADD68E-C1AD-43C3-A43B-FE496751709E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E86CD880-11E9-4526-A40D-ABC129D4F127}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E8AA1D20-BC87-4BE3-A8A0-2F314B6BC12A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EB8E1083-2519-4C83-9945-AC633C439C9C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ED7A5B77-EA3D-4A41-A027-B868EB81EF9C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EE5F86B9-CF8D-4254-AD3A-06E47CD30190}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EE61E9CB-A652-474A-8D12-16394B3D887F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EE81C824-7DD0-4B4D-ABB2-53039E6CB818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EEA0B8E6-89EE-445A-9E04-DD0C9DDF9CE5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EF7DFFFD-E8CE-48E4-A605-5AEB6BCDB1BA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F0BCD61C-096E-4220-B163-59077E2DA764}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F156A059-7A26-47F1-97AA-F541E08EC54C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F1C0DF24-5E92-4527-A124-DE0BFA47F0AE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F2FF5AB5-B834-4030-AAEF-EA7A4DD880E4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F420141E-AA54-471E-88DC-2CF99143CD3B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F61FF66F-545F-4F77-81B9-18BC2E267030}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F70E3FD9-39B0-43FA-9215-1979B4C01E6F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FC4DB5CE-51BF-4C54-9C11-3D4BA0CDC139}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0494B836-5B27-40FA-8EC7-FA4318735FA3}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{29711B17-5743-4167-9C30-2B5BE47F315F}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{FB9F253F-C515-4B7C-83DF-D67C22AC7677}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{7AD94215-B797-4A9F-8FAB-83B3F6425FAF}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{958EA526-2A90-40A4-A69C-E9238DFDE89C}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{A8E00F96-7A89-4A42-8786-E8CCEE7364D1}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK RTL8187 Wireless LAN Driver
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3ACF7A26-1743-4A84-85F1-2450B35925E4}" = Classic Menu for Office
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}" = Farming Extreme Manager
"{54178A9B-7B4B-4B24-B863-7B44EBF28318}" = ODF Add-in for Microsoft Office
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.0.26
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB03D40-B79D-405C-A214-760EBCDB0EC3}" = PCDJ BLUE VRM
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9FD3A8DA-2E36-4649-AEF1-41A110BD3CB5}" = PCDJ RED VRM
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AABEF0A3-E6AE-4743-B02B-765D05F3F4B7}" = PCDJ FX VRM
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"abgx360" = abgx360 v1.0.2
"Absolute Poker" = Absolute Poker
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AutoGK" = Auto Gordian Knot 2.45
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast5" = avast! Free Antivirus
"Avidemux 2.4" = Avidemux 2.4
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.130
"COMODO Internet Security" = COMODO Internet Security
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Driver Magician_is1" = Driver Magician 3.49
"DVD Flick_is1" = DVD Flick
"DVD Identifier_is1" = DVD Identifier
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD-lab PRO 2.3_is1" = DVD-lab PRO 2.3
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FeedDemon_is1" = FeedDemon
"FeedStation_is1" = FeedStation
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FrostWire" = FrostWire 4.20.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MPEG Video Wizard" = MPEG Video Wizard 4.0.4.108 (03/2008)
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PCDJ BLUE VRM" = PCDJ BLUE VRM
"PCDJ FX VRM" = PCDJ FX VRM
"PCDJ RED VRM" = PCDJ RED VRM
"PCDJ VJ" = PCDJ VJ
"PCDJDex" = PCDJ DEX (remove only)
"PowerISO" = PowerISO
"PROR" = Microsoft Office Professional 2007 Trial
"ROM CHECK FAIL_is1" = ROM CHECK FAIL 1.0
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"TightVNC_is1" = TightVNC 1.3.9
"Tor" = Tor 0.2.0.32
"TurboTax 2009" = TurboTax 2009
"TVWiz" = Intel(R) TV Wizard
"Vidalia" = Vidalia 0.1.10
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.4.549
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VobSub" = VobSub v2.23 (Remove Only)
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.1 beta
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XviD4PSP5" = XviD4PSP 5.0
"Yahoo! Inquisitor" = Inquisitor for Internet Explorer
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8f3d5f316bf9c08f" = OffiSync
"Absolute Poker" = Absolute Poker
"dotoo" = dotoo
"Flash Video Downloader. Youtube Downloader" = Flash Video Downloader. Youtube Downloader
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"Sansa Updater" = Sansa Updater
"uTorrent" = µTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:32 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 12/12/2009 6:11:18 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 12/12/2009 6:49:12 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 12/12/2009 6:52:57 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 12/14/2009 10:02:42 AM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

Error - 12/17/2009 7:52:46 PM | Computer Name = WulfLapTop | Source = Application Error | ID = 1000
Description = Faulting application OUTLOOK.EXE, version 12.0.6504.5000, time stamp
0x49e7f47e, faulting module OUTLOOK.EXE, version 12.0.6504.5000, time stamp 0x49e7f47e,
exception code 0xc0000005, fault offset 0x005d1b2c, process id 0x26c, application
start time 0x01ca7f726aedf760.

Error - 12/17/2009 7:56:56 PM | Computer Name = WulfLapTop | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 12/23/2009 1:04:58 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

Error - 12/24/2009 9:14:23 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 12/24/2009 10:20:58 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

Error - 12/25/2009 2:05:09 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

[ Broadcom Wireless LAN Events ]
Error - 7/8/2010 10:19:55 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 10:19:54, Thu, Jul 08, 10 Error - Unable to gain access to user store

Error - 7/26/2010 9:42:43 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 09:42:42, Mon, Jul 26, 10 Error - Unable to gain access to user store

Error - 7/29/2010 9:11:44 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 09:11:44, Thu, Jul 29, 10 Error - Unable to gain access to user store

Error - 8/1/2010 1:24:53 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 01:24:52, Sun, Aug 01, 10 Error - Unable to gain access to user store

Error - 9/8/2010 12:20:58 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 12:20:57, Wed, Sep 08, 10 Error - Unable to gain access to user store

Error - 9/10/2010 11:35:21 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 11:35:20, Fri, Sep 10, 10 Error - Unable to gain access to user store

Error - 9/12/2010 3:42:35 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 15:42:33, Sun, Sep 12, 10 Error - Unable to gain access to user store

Error - 9/27/2010 10:26:47 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 22:26:46, Mon, Sep 27, 10 Error - Unable to gain access to user store

Error - 10/7/2010 10:41:54 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 22:41:54, Thu, Oct 07, 10 Error - Unable to gain access to user store

Error - 10/8/2010 9:37:18 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 09:37:18, Fri, Oct 08, 10 Error - Unable to gain access to user store

[ Media Center Events ]
Error - 2/25/2008 7:58:32 PM | Computer Name = WulfLapTop | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80080005

Error - 2/25/2008 7:58:36 PM | Computer Name = WulfLapTop | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 2/25/2008 7:58:37 PM | Computer Name = WulfLapTop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 2/26/2008 8:31:17 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package NetTV.

Error - 2/26/2008 8:34:21 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 2/26/2008 8:37:39 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsTemplate.

Error - 5/23/2008 6:58:11 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/28/2008 9:45:09 AM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 5/15/2009 12:32:25 PM | Computer Name = WulfLapTop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 123
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/17/2009 7:52:43 PM | Computer Name = WulfLapTop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 690
seconds with 240 seconds of active time. This session ended with a crash.

Error - 4/8/2010 5:19:23 AM | Computer Name = Wulftop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/30/2010 1:56:48 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
Description =

Error - 10/30/2010 2:12:10 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
Description =

Error - 10/30/2010 2:23:19 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/30/2010 2:23:19 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/30/2010 2:25:05 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7022
Description =

Error - 10/31/2010 3:42:16 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
Description =

Error - 10/31/2010 3:54:55 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
Description =

Error - 10/31/2010 4:03:21 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/31/2010 4:03:21 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/31/2010 4:05:04 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7022
Description =

< End of report >

Demianwulf, Nov 1, 2010

#23
Demianwulf Newcomer, in training Posts: 74

tough to get out a reply whenever I kill the scvhost.exe it reboots my computer about 30 secs or so later.

Demianwulf, Nov 1, 2010

#24
Demianwulf Newcomer, in training Posts: 74

ok i found the right scvhost.exe to kill and it doens't reboot so quickly...

Demianwulf, Nov 1, 2010

#25

Broni Malware Annihilator Posts: 39,437 +177

OK, we have DNS hijacker here and couple of other issues.

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

======================================================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
[2010/02/06 23:56:01 | 000,002,234 | ---- | M] () -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\ searchplugins\askcom.xml
O4 - Startup: C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D2D4B33E

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

Broni, Nov 1, 2010

#26

Demianwulf Newcomer, in training Posts: 74

OTL logfile created on: 11/1/2010 10:33:33 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 18.59 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: WULFTOP | User Name: WulfTop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
PRC - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/02/07 22:27:23 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/11/08 23:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe
PRC - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
MOD - [2010/04/05 11:04:25 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/01/18 23:35:16 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
MOD - [2006/11/02 08:34:30 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinput.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe -- (InquisitorService)
SRV - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 13:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.SYS -- (RTSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WulfTop\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/25 15:41:36 | 000,263,272 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/07 22:27:27 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/02/07 22:27:27 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect)
DRV - [2010/02/07 22:27:27 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/05/24 19:13:12 | 000,251,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/04/26 20:38:40 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/01/30 16:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/08 17:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)

IE - HKCU\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 00:55:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/01 22:28:42 | 000,000,000 | ---D | M]

[2010/11/01 00:55:47 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Extensions
[2010/11/01 22:29:09 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\2tn82s6a.default\extensions
[2010/11/01 18:32:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\2tn82s6a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/01 22:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/01 22:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/01 22:28:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/07/02 17:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/03/05 14:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

Demianwulf, Nov 1, 2010

#27
Demianwulf Newcomer, in training Posts: 74

O1 HOSTS File: ([2010/10/30 01:42:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! Inquisitor for IE) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra 'Tools' menuitem : Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/12/14 11:07:20 | 000,048,130 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
O32 - AutoRun File - [2008/01/09 16:32:44 | 000,599,080 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2008/01/09 16:32:44 | 000,504,872 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 22:31:01 | 000,641,473 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Windows\system32\config\systemprofile\Desktop\JavaRa.exe
[2010/11/01 22:30:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\WinRAR
[2010/11/01 18:50:56 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\Desktop\%APPDATA%
[2010/11/01 00:59:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Opera
[2010/11/01 00:59:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Opera
[2010/11/01 00:55:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla
[2010/11/01 00:55:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Mozilla
[2010/10/31 16:58:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Logitech
[2010/10/31 16:57:50 | 000,000,000 | ---D | C] -- C:\Microsoft
[2010/10/31 16:57:22 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Videos
[2010/10/31 16:57:22 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Pictures
[2010/10/31 16:57:22 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Music
[2010/10/31 16:57:22 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Downloads
[2010/10/31 16:57:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Identities
[2010/10/31 16:56:57 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Documents
[2010/10/31 16:56:44 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Favorites
[2010/10/31 16:56:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp
[2010/10/31 16:55:51 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Desktop
[2010/10/31 16:31:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2010/10/31 15:58:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/31 15:56:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/31 15:40:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/30 01:22:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 01:22:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 01:22:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/30 01:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/30 01:21:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/26 12:51:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Adobe
[2010/10/24 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia
[2010/10/24 15:38:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe
[2010/10/24 15:38:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Yahoo
[2010/10/23 12:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010/10/23 10:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2010/10/22 03:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver
[2010/10/20 11:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2010/10/19 21:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/10/12 11:17:06 | 000,263,272 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/10/12 10:59:22 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll
[2010/10/12 10:59:22 | 000,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XCEEDZIP.DLL
[2010/10/12 10:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Magician
[2010/10/12 10:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2010/10/12 09:12:54 | 000,000,000 | ---D | C] -- C:\dell
[2010/10/08 15:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
[2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System32\drivers\RTL85n86.sys
[2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System\RTL85n86.sys
[2010/10/08 14:33:18 | 000,025,896 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\RtlProt.sys
[2010/10/08 14:33:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\REALTEK RTL8185 Wireless LAN Driver and Utility
[2010/10/07 22:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2010/10/07 00:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

========== Files - Modified Within 30 Days ==========

[2010/11/01 22:07:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/01 22:04:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/01 18:52:31 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/11/01 18:18:36 | 000,383,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/01 17:28:32 | 249,584,333 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/31 16:47:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
[2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2010/10/31 16:10:10 | 000,655,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/31 16:10:10 | 000,124,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/31 16:02:48 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/10/30 01:42:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/28 18:21:27 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/25 23:22:52 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101025-232443.backup
[2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
[2010/10/19 23:48:05 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2010/10/14 17:59:40 | 000,351,259 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\JavaRa.def
[2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

========== Files Created - No Company Name ==========

[2010/11/01 22:31:01 | 000,351,259 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\JavaRa.def
[2010/11/01 22:31:01 | 000,003,127 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Nederlands.lng
[2010/11/01 22:31:01 | 000,003,027 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Français.lng
[2010/11/01 22:31:01 | 000,002,946 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Español.lng
[2010/11/01 22:31:01 | 000,002,920 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Italiano.lng
[2010/11/01 22:31:01 | 000,002,758 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Deutsch.lng
[2010/11/01 22:31:01 | 000,002,553 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Suomi.lng
[2010/10/30 01:22:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 01:22:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 01:22:40 | 000,084,992 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 01:22:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 01:22:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/26 15:37:57 | 249,584,333 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/24 16:50:40 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
[2010/10/12 11:17:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/10/12 10:59:22 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2010/09/27 23:03:16 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/08/15 14:11:22 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/07/02 13:04:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/02 16:45:33 | 000,691,592 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009/10/21 15:48:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/26 09:12:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/13 14:18:44 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\5EE0EC2705.dll
[2008/11/07 20:41:56 | 000,000,383 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/12/27 21:48:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/12/26 23:37:14 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2007/10/18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/18 10:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/07/25 09:24:28 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007/03/10 07:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/02 09:02:10 | 000,001,356 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

========== LOP Check ==========

[2010/10/31 15:59:27 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/31 16:47:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
[2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< [2010/02/06 23:56:01 | 000,002,234 | ---- | M] () -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\ searchplugins\askcom.xml >
Invalid Switch: 06 23:56:01 | 000,002,234 | ---- | M] () -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\ searchplugins\askcom.xml

< O4 - Startup: C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies) >

< O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.162.241,93.188.160.51 >

< O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51 >

< O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found >

< @Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP282699C >

< @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:66633281 >

< @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0888F409 >

< @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP2D4B33E >

< >

< :Services >

< >

< :Reg >

< >

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.

< >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyflash] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP282699C
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP2D4B33E

< End of report >

Demianwulf, Nov 1, 2010

#28
Demianwulf Newcomer, in training Posts: 74

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Nov 01 22:32:50 2010

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

------------------------------------

Finished reporting.

Demianwulf, Nov 1, 2010

#29
Demianwulf Newcomer, in training Posts: 74

There are the new OTL log and the javara log both ran successfully as near as I can tell.

Demianwulf, Nov 1, 2010

#30
Demianwulf Newcomer, in training Posts: 74

All processes killed
========== OTL ==========
File C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\ searchplugins\askcom.xml not found.
C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP282699C deleted successfully.
ADS C:\ProgramData\TEMP:66633281 deleted successfully.
ADS C:\ProgramData\TEMP:0888F409 deleted successfully.
ADS C:\ProgramData\TEMP2D4B33E deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Windows\system32\config\systemprofile\Desktop\cmd.bat deleted successfully.
C:\Windows\system32\config\systemprofile\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Journal

User: RegBack

User: systemprofile
->Temp folder emptied: 68290 bytes
->Temporary Internet Files folder emptied: 20854888 bytes
->FireFox cache emptied: 5248292 bytes
->Opera cache emptied: 223645 bytes
->Flash cache emptied: 10087 bytes

User: TxR

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68555 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 966656 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26.00 mb

[EMPTYFLASH]

User: Journal

User: RegBack

User: systemprofile
->Flash cache emptied: 0 bytes

User: TxR

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.1 log created on 11012010_224203

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

Demianwulf, Nov 1, 2010

#31
Demianwulf Newcomer, in training Posts: 74

sorry mixed up the OTL scan I reran the one you requested and it killed everything adn rebooted the computer here is the log above

Demianwulf, Nov 1, 2010

#32
Broni Malware Annihilator Posts: 39,437 +177

DNS hijacker is still there.

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

=============================================================

Re-run OTL "Quick scan" and post fresh log.

Broni, Nov 1, 2010

#33
Demianwulf Newcomer, in training Posts: 74

Could not flush dns function during execution
operation failed as no adapter is in the state permissable for this operation

couldn't run any of the cmd commands for these errors...
I'm going to reset the router right now and reboot then run the quick scan

Demianwulf, Nov 1, 2010

#34
Broni Malware Annihilator Posts: 39,437 +177

After you reset modem, try those commands again.

Broni, Nov 1, 2010

#35
Demianwulf Newcomer, in training Posts: 74

OTL logfile created on: 11/1/2010 11:15:25 PM - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 18.63 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

Computer Name: WULFTOP | User Name: WulfTop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
PRC - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/02/07 22:27:23 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/11/08 23:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe
PRC - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
MOD - [2010/04/05 11:04:25 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/01/18 23:35:16 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
MOD - [2006/11/02 08:34:30 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinput.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe -- (InquisitorService)
SRV - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 13:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.SYS -- (RTSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WulfTop\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/25 15:41:36 | 000,263,272 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/07 22:27:27 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/02/07 22:27:27 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect)
DRV - [2010/02/07 22:27:27 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/05/24 19:13:12 | 000,251,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/04/26 20:38:40 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/01/30 16:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/08 17:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)

IE - HKCU\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 00:55:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/01 22:28:42 | 000,000,000 | ---D | M]

[2010/11/01 00:55:47 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Extensions
[2010/11/01 22:29:09 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\2tn82s6a.default\extensions
[2010/11/01 18:32:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\2tn82s6a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/01 22:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/01 22:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/01 22:28:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/07/02 17:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/03/05 14:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/10/30 01:42:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! Inquisitor for IE) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra 'Tools' menuitem : Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/12/14 11:07:20 | 000,048,130 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
O32 - AutoRun File - [2008/01/09 16:32:44 | 000,599,080 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2008/01/09 16:32:44 | 000,504,872 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 22:42:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/01 22:31:01 | 000,641,473 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Windows\system32\config\systemprofile\Desktop\JavaRa.exe
[2010/11/01 22:30:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\WinRAR
[2010/11/01 18:50:56 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\Desktop\%APPDATA%
[2010/11/01 00:59:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Opera
[2010/11/01 00:59:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Opera
[2010/11/01 00:55:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla
[2010/11/01 00:55:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Mozilla
[2010/10/31 16:58:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Logitech
[2010/10/31 16:57:50 | 000,000,000 | ---D | C] -- C:\Microsoft
[2010/10/31 16:57:22 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Videos
[2010/10/31 16:57:22 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Pictures
[2010/10/31 16:57:22 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Music
[2010/10/31 16:57:22 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Downloads
[2010/10/31 16:57:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Identities
[2010/10/31 16:56:57 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Documents
[2010/10/31 16:56:44 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Favorites
[2010/10/31 16:56:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp
[2010/10/31 16:55:51 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Desktop
[2010/10/31 16:31:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2010/10/31 15:58:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/31 15:56:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/31 15:40:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/30 01:22:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 01:22:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 01:22:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/30 01:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/30 01:21:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/26 12:51:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Adobe
[2010/10/24 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia
[2010/10/24 15:38:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe
[2010/10/24 15:38:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Yahoo
[2010/10/23 12:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010/10/23 10:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2010/10/22 03:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver
[2010/10/20 11:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2010/10/19 21:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/10/12 11:17:06 | 000,263,272 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/10/12 10:59:22 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll
[2010/10/12 10:59:22 | 000,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XCEEDZIP.DLL
[2010/10/12 10:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Magician
[2010/10/12 10:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2010/10/12 09:12:54 | 000,000,000 | ---D | C] -- C:\dell
[2010/10/08 15:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
[2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System32\drivers\RTL85n86.sys
[2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System\RTL85n86.sys
[2010/10/08 14:33:18 | 000,025,896 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\RtlProt.sys
[2010/10/08 14:33:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\REALTEK RTL8185 Wireless LAN Driver and Utility
[2010/10/07 22:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2010/10/07 00:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

========== Files - Modified Within 30 Days ==========

[2010/11/01 23:12:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/01 23:10:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/01 18:52:31 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/11/01 18:18:36 | 000,383,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/01 17:28:32 | 249,584,333 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/31 16:47:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
[2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2010/10/31 16:10:10 | 000,655,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/31 16:10:10 | 000,124,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/31 16:02:48 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/10/30 01:42:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/28 18:21:27 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/25 23:22:52 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101025-232443.backup
[2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
[2010/10/19 23:48:05 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2010/10/14 17:59:40 | 000,351,259 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\JavaRa.def
[2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

========== Files Created - No Company Name ==========

[2010/11/01 22:31:01 | 000,351,259 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\JavaRa.def
[2010/11/01 22:31:01 | 000,003,127 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Nederlands.lng
[2010/11/01 22:31:01 | 000,003,027 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Français.lng
[2010/11/01 22:31:01 | 000,002,946 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Español.lng
[2010/11/01 22:31:01 | 000,002,920 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Italiano.lng
[2010/11/01 22:31:01 | 000,002,758 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Deutsch.lng
[2010/11/01 22:31:01 | 000,002,553 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Suomi.lng
[2010/10/30 01:22:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 01:22:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 01:22:40 | 000,084,992 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 01:22:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 01:22:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/26 15:37:57 | 249,584,333 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/24 16:50:40 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
[2010/10/12 11:17:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/10/12 10:59:22 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2010/09/27 23:03:16 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/08/15 14:11:22 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/07/02 13:04:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/02 16:45:33 | 000,691,592 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009/10/21 15:48:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/26 09:12:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/13 14:18:44 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\5EE0EC2705.dll
[2008/11/07 20:41:56 | 000,000,383 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/12/27 21:48:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/12/26 23:37:14 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2007/10/18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/18 10:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/07/25 09:24:28 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007/03/10 07:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/02 09:02:10 | 000,001,356 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

========== LOP Check ==========

[2010/10/31 15:59:27 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/31 16:47:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
[2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job

========== Purity Check ==========

< End of report >

Demianwulf, Nov 1, 2010

#36
Demianwulf Newcomer, in training Posts: 74

well same deal with the commands, but I'm not sure if the reset of the modem went as you wanted. Am I to reset the router to stock settings??? What I mean is to actually wipe all the settings I have setup already or just power it off then on?

Demianwulf, Nov 1, 2010

#37
Demianwulf Newcomer, in training Posts: 74

I did cut it off then on and press in the reset button for some time, but I don't think it actually wiped the router to stock but rather just cut it off and on...

Demianwulf, Nov 1, 2010

#38
Demianwulf Newcomer, in training Posts: 74

Nevermind scratch that it did reset the modem to stock, but still a no go with the cmd commands

Demianwulf, Nov 1, 2010

#39
Broni Malware Annihilator Posts: 39,437 +177

Well, at least DNS hijacker seems to be gone.

Do you have any current issues with your computer?

Go Start>Run ("Start search" in Vista), type in:
cmd
Click OK (hit Enter in Vista).

At Command Prompt, paste this:
ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
Hit Enter.

Copy and paste what you see in Notepad into a Reply here.

Broni, Nov 1, 2010

#40

Page 2 of 5

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.