Author Topic: Yoog and Addestination, An Addestination program somehow got on my com (Read 3218 times)

smallsbig · « **on:** May 09, 2009, 05:01:46 PM »

Yoog and Addestination, An Addestination program somehow got on my computer

I get numerouse pop ups and odd ... what can only be described as audio commercials playing in the background

spybot and spyware doctor do not find or remove the problem ... ESET anti virus also finds nothing but it is there as the pop up windows say something like RON addestination on the title bar

heres my info

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:36 PM, on 5/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files (x86)\DriveBooster\XSrvSetup.exe
C:\Program Files (x86)\DriveBooster\DriveBoosterSetup.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Curse\CurseClient.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\pig pig\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\infoaxe\updater.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Vuze\Azureus.exe
C:\Program Files (x86)\Mozilla Thunderbird 3 Beta 2\thunderbird.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\NetWorx\networx.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Safer Networking\RunAlyzer\RunAlyzer.exe
C:\Users\PIGPIG~1\AppData\Local\Temp\Rar$EX00.688\RootAlyzer.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reader.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: addestination browser enhancer - {28F50F0C-A4F3-392A-B83D-3619D148B0D9} - C:\Windows\SysWow64\prhhyoszquxwojoxc.dll
O2 - BHO: infoaxe.com Toolbar - {2F8D500E-4546-45b7-9236-D4FD9850CF1C} - C:\Program Files (x86)\infoaxe\ietb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

any help you could give me at all would be so much appreciated
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: infoaxe.com Toolbar - {717EDDE0-444F-4ff0-B9C9-F60EC423E690} - C:\Program Files (x86)\infoaxe\ietb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files (x86)\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DelReg] "C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
O4 - HKLM\..\Run: [LiveMonitor] "C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exe"
O4 - HKLM\..\Run: [czsbiuuwuap] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\prhhyoszquxwojoxc.dll"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Program Files (x86)\InstallShield Installation Information\{2E52FB79-7F60-4AD7-B946-5ED18B4F274E}\setup.exe" -reboot"C:\Program Files (x86)\InstallShield Installation Information\{2E52FB79-7F60-4AD7-B946-5ED18B4F274E}\reboot.ini"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [CurseClient] C:\Program Files (x86)\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Users\pig pig\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [InfoaxeUpdater] C:\Program Files (x86)\infoaxe\updater.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: eBay Countdown.url
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASKService - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: DriveBooster - Unknown owner - C:\Program Files (x86)\DriveBooster\XSrvSetup.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP2\RpcAgentSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 20238 bytes

guestolo · « **Reply #1 on:** May 09, 2009, 06:41:40 PM »

Did you just recently install both Spybot And SpywareDoctor to help cure the problems?
Or did you have them installed previous to the infection?

Can you also do the following
Download [color=\"#FF0000\"]OTListIt2[/color][/url] by OldTimer to your Desktop.

Close all windows and Right click on OTListIt2.exe and choose to "Run as Administrator"
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

smallsbig · « **Reply #2 on:** May 09, 2009, 09:48:40 PM »

OTListIt logfile created on: 5/9/2009 10:27:15 PM - Run 2OTListIt2 by OldTimer - Version 2.0.15.5 Folder = C:\Users\pig pig\DesktopWindows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18762)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 58.72% Memory free4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 1397.26 Gb Total Space | 623.57 Gb Free Space | 44.63% Space Free | Partition Type: NTFSD: Drive not present or media not loadedDrive E: | 3.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: PIGPIG-PCCurrent User Name: pig pigLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userOutput = StandardFile Age = 30 DaysCompany Name Whitelist: On ========== Processes (SafeList) ========== PRC - [2008/08/01 12:59:26 | 00,125,424 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exePRC - [2008/12/09 18:40:16 | 00,464,264 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exePRC - [2008/12/09 18:40:16 | 00,234,888 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exePRC - [2008/09/09 05:20:38 | 00,069,632 | R--- | M] () -- C:\Program Files (x86)\DriveBooster\XSrvSetup.exePRC - [2008/10/06 23:37:18 | 11,003,904 | R--- | M] () -- C:\Program Files (x86)\DriveBooster\DriveBoosterSetup.exePRC - [2009/02/06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exePRC - [2008/06/09 11:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exePRC - [2008/06/08 10:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exePRC - [2006/12/19 11:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exePRC - [2009/04/16 13:36:36 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exePRC - [2009/04/27 14:21:09 | 01,836,032 | ---- | M] () -- C:\Program Files (x86)\Curse\CurseClient.exePRC - [2009/01/26 16:31:16 | 02,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exePRC - [2008/06/09 11:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exePRC - [2006/09/10 22:56:24 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exePRC - [2008/06/24 17:06:06 | 01,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exePRC - [2009/02/07 19:38:48 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Users\pig pig\AppData\Local\Google\Update\GoogleUpdate.exePRC - [2008/12/29 06:40:30 | 00,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exePRC - [2009/02/10 21:26:16 | 00,023,040 | ---- | M] () -- C:\Program Files (x86)\infoaxe\updater.exePRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exePRC - [2009/04/11 23:20:36 | 00,053,248 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\PlayOn.exePRC - [2008/04/24 14:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exePRC - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exePRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exePRC - [2009/05/04 18:28:20 | 00,872,448 | ---- | M] () -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exePRC - [2008/04/24 14:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exePRC - [2008/08/10 04:05:54 | 00,080,368 | ---- | M] () -- C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exePRC - [2008/05/02 00:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exePRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exePRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exePRC - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exePRC - [2008/12/22 14:59:20 | 00,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exePRC - [2009/02/24 14:28:58 | 00,498,688 | ---- | M] () -- C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exePRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exePRC - [2008/06/24 17:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exePRC - [2009/02/04 17:57:42 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exePRC - [2009/01/29 15:01:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exePRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exePRC - [2006/11/02 05:45:02 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DllHost.exePRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exePRC - [2009/04/29 17:19:18 | 03,145,552 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exePRC - [2009/02/05 21:03:25 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exePRC - [2009/02/24 23:46:41 | 11,003,384 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird 3 Beta 2\thunderbird.exePRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exePRC - [2009/05/05 11:58:32 | 01,277,440 | ---- | M] (SoftPerfect Research) -- C:\Program Files (x86)\NetWorx\networx.exePRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exePRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exePRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exePRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exePRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exePRC - [2009/04/15 15:05:04 | 03,065,008 | ---- | M] (Safer Networking Limited) -- C:\Users\pig pig\AppData\Local\Temp\Rar$EX00.688\RootAlyzer.exePRC - [2006/11/02 05:45:35 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exePRC - [2009/04/22 21:41:20 | 02,639,872 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exePRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exePRC - [2009/05/09 22:27:13 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\pig pig\Desktop\OTListIt2.exe ========== Win32 Services (SafeList) ========== SRV - [2008/08/01 12:59:26 | 00,125,424 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 [Auto | Running])SRV - [2009/03/16 16:27:20 | 00,211,968 | ---- | M] () -- C:\Windows\sysnative\atiesrxx.exe -- (AMD External Events Utility [Auto | Running])SRV - [2008/12/09 18:40:16 | 00,464,264 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])SRV - [2008/12/09 18:40:16 | 00,234,888 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Running])SRV - [2006/11/02 07:16:35 | 00,051,200 | ---- | M] () -- C:\Windows\sysnative\bthserv.dll -- (BthServ [Auto | Running])SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2008/07/27 14:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])SRV - [2008/01/19 04:01:11 | 00,598,016 | ---- | M] () -- C:\Windows\sysnative\cscsvc.dll -- (CscService [Auto | Running])SRV - [2008/09/09 05:20:38 | 00,069,632 | R--- | M] () -- C:\Program Files (x86)\DriveBooster\XSrvSetup.exe -- (DriveBooster [Auto | Running])SRV - [2008/01/19 04:00:14 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])SRV - [2008/01/19 04:00:14 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Running])SRV - [2006/11/02 11:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])SRV - [2009/02/06 14:27:10 | 00,023,296 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])SRV - [2009/02/06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn [Auto | Running])SRV - [2008/01/19 04:00:17 | 00,689,152 | ---- | M] () -- C:\Windows\sysnative\fxssvc.exe -- (Fax [On_Demand | Stopped])SRV - [2009/02/24 12:42:52 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])SRV - [2009/02/24 12:43:07 | 01,038,088 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64 [On_Demand | Stopped])SRV - [2008/06/19 21:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])SRV - [2008/06/19 21:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])SRV - [2008/06/09 11:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])SRV - [2009/04/22 21:41:20 | 02,639,872 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server [Auto | Running])SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])SRV - [2008/06/08 10:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])SRV - [2008/06/19 21:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])SRV - [2008/06/24 17:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])SRV - [2008/01/19 03:33:19 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\perfhost.exe -- (PerfHost [On_Demand | Stopped])SRV - [2006/12/19 11:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])SRV - [2008/08/14 01:25:20 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11 [On_Demand | Stopped])SRV - [2008/08/14 01:25:24 | 00,367,088 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11 [Auto | Stopped])SRV - [2008/08/14 01:24:06 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11 [Auto | Stopped])SRV - [2009/01/09 09:46:25 | 01,122,304 | R--- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11 [On_Demand | Stopped])SRV - [2008/08/14 01:24:02 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11 [Auto | Stopped])SRV - [2008/12/11 15:53:38 | 00,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv [On_Demand | Stopped])SRV - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])SRV - [2009/01/07 14:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])SRV - [2009/01/21 15:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])SRV - [2008/04/24 14:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2 [Auto | Running])SRV - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])SRV - [2009/05/04 18:28:20 | 00,872,448 | ---- | M] () -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer [Auto | Running])SRV - [2008/01/19 04:04:21 | 00,252,928 | ---- | M] () -- C:\Windows\sysnative\umrdp.dll -- (UmRdpService [On_Demand | Running])SRV - [2008/01/19 04:00:43 | 01,147,904 | ---- | M] () -- C:\Windows\sysnative\wbengine.exe -- (wbengine [On_Demand | Stopped])SRV - [2008/01/19 04:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2008/01/19 02:34:06 | 00,058,496 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])DRV - [2008/08/14 08:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\drivers\adfs.sys -- (adfs [Auto | Running])DRV - [2009/02/20 01:18:02 | 00,110,096 | ---- | M] () -- C:\Windows\sysnative\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])DRV - [2009/03/16 17:34:24 | 05,203,968 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])DRV - [2009/02/13 21:57:25 | 00,312,480 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])DRV - [2008/01/19 02:34:08 | 00,048,768 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])DRV - [2009/02/05 20:53:09 | 00,023,040 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\BthEnum.sys -- (BthEnum [On_Demand | Stopped])DRV - [2008/01/19 02:34:19 | 00,115,712 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\bthpan.sys -- (BthPan [On_Demand | Stopped])DRV - [2009/02/05 20:53:09 | 00,276,480 | ---- | M] () -- C:\Windows\sysnative\Drivers\BTHport.sys -- (BTHPORT [On_Demand | Stopped])DRV - [2009/02/05 20:53:09 | 00,034,304 | ---- | M] () -- C:\Windows\sysnative\Drivers\BTHUSB.sys -- (BTHUSB [On_Demand | Stopped])DRV - [2008/01/19 01:55:40 | 00,460,800 | ---- | M] () -- C:\Windows\sysnative\drivers\csc.sys -- (CSC [System | Running])DRV - [2009/02/06 14:19:56 | 00,141,728 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\eamon.sys -- (eamon [Auto | Running])DRV - [2009/02/06 14:23:20 | 00,132,464 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])DRV - [2008/09/17 16:14:00 | 00,012,744 | R--- | M] () -- C:\Windows\sysnative\DRIVERS\ENTECH64.sys -- (ENTECH64 [On_Demand | Stopped])DRV - [2009/02/06 14:24:50 | 00,120,128 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\epfwwfpr.sys -- (epfwwfpr [Auto | Running])DRV - [2008/01/19 04:10:43 | 00,161,848 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\fvevol.sys -- (fvevol [Boot | Running])DRV - [2006/11/02 01:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\sysnative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])DRV - [2009/02/13 21:57:24 | 00,043,168 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])DRV - [2008/01/19 02:34:04 | 00,061,568 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])DRV - [2007/08/31 19:58:18 | 00,020,392 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])DRV - [2008/06/10 16:04:27 | 00,036,424 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\point64k.sys -- (Point64 [On_Demand | Running])DRV - [2002/09/16 18:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Stopped])DRV - [2008/06/16 04:00:00 | 00,055,024 | ---- | M] () -- C:\Windows\sysnative\Drivers\PxHlpa64.sys -- (PxHlpa64 [Boot | Running])DRV - [2008/01/19 02:34:13 | 00,062,976 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])DRV - [2006/11/02 21:56:40 | 00,243,712 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\rt2500usb.sys -- (RT2500USB [On_Demand | Stopped])DRV - [2007/03/12 11:17:00 | 00,308,224 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\WUSB54Gv4x64.sys -- (rt70x64 [On_Demand | Stopped])DRV - [2009/03/06 09:06:18 | 00,197,120 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])DRV - [2008/08/11 11:53:16 | 00,065,520 | ---- | M] (Sonic Solutions) -- C:\Windows\system32\DRIVERS\RxFilter.sys -- (RxFilter [System | Stopped])DRV - [2008/08/01 02:00:00 | 00,026,608 | ---- | M] () -- C:\Windows\sysnative\Drivers\Sahdad64.sys -- (Sahdad64 [Boot | Running])DRV - [2008/08/01 02:00:00 | 00,019,952 | ---- | M] () -- C:\Windows\sysnative\Drivers\Saibad64.sys -- (Saibad64 [Boot | Running])DRV - [2008/08/01 02:00:00 | 00,027,632 | ---- | M] () -- C:\Windows\sysnative\Drivers\SaibVdAd64.sys -- (SaibVdAd64 [System | Running])DRV - [2008/11/25 23:57:04 | 00,022,944 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP2\WNt500x64\Sandra.sys -- (SANDRA [On_Demand | Stopped])DRV - [2009/02/26 23:56:14 | 00,868,848 | ---- | M] () -- C:\Windows\sysnative\Drivers\sptd.sys -- (sptd [Boot | Running])DRV - [2008/01/19 02:34:15 | 00,009,728 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\umpass.sys -- (UMPass [On_Demand | Stopped])DRV - [2008/01/19 02:33:58 | 00,098,816 | ---- | M] () -- C:\Windows\sysnative\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])DRV - [2009/04/08 14:28:46 | 00,068,992 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\xusb21.sys -- (xusb21 [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.reader.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: anycolor.pavlos256Email Removed:0.2.6FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.84FF - prefs.js..extensions.enabledItems: [email protected]:1.10FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.8FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.1.2FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.20FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.18.1FF - prefs.js..extensions.enabledItems: [email protected]:0.6FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.1FF - prefs.js..extensions.enabledItems: [email protected]:1.7FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.0.3FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29FF - prefs.js..extensions.enabledItems: [email protected]:1.6FF - prefs.js..extensions.enabledItems: [email protected]:3.1.0FF - prefs.js..extensions.enabledItems: [email protected]:1.7FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5b4FF - prefs.js..keyword.enabled: false FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/19 19:58:56 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2009/04/29 19:40:22 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2009/04/29 19:40:22 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5b4\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 3.5 BETA 4\COMPONENTS [2009/05/04 13:44:44 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5b4\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 3.5 BETA 4\PLUGINS [2009/05/04 13:44:42 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/19 14:55:42 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\PLUGINSFF - HKLM\software\mozilla\Mozilla Thunderbird 3.0b2\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD 3 BETA 2\COMPONENTS [2009/04/01 13:26:26 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0b2\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD 3 BETA 2\PLUGINSFF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2009/04/01 13:26:45 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Extensions[2009/04/01 13:26:45 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}[2009/02/05 19:49:20 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2009/02/05 22:23:53 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Extensions\[email protected][2009/05/09 15:38:09 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions[2009/03/13 02:19:11 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}[2009/04/01 13:04:37 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}[2009/05/01 23:41:10 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}[2009/02/19 17:45:02 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}[2009/04/24 14:17:01 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}[2009/04/26 12:22:54 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}[2009/02/19 17:45:02 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}[2009/04/29 19:40:37 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}[2009/04/13 15:47:42 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}[2009/02/06 02:00:40 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}[2009/02/19 17:45:03 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}[2009/04/24 14:17:54 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}[2009/03/20 01:04:22 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5}[2009/02/19 17:45:02 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}[2009/04/17 11:18:32 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}[2009/05/04 13:33:23 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}[2009/02/19 17:45:03 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}[2009/02/19 17:45:03 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{dc572301-7619-498c-a57d-39143191b318}[2009/02/19 17:17:06 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}[2009/02/19 17:45:03 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}[2009/05/09 15:28:13 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}[2009/04/13 15:47:37 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\anycolor.pavlos256Email Removed[2009/02/19 17:45:02 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\filtersetg@updater[2009/03/20 01:04:22 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/04/24 14:17:59 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/05/04 13:50:57 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/02/19 17:16:12 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/05/02 17:05:00 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/02/23 18:06:43 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\morningCoffee@shaneliesegang[2009/04/22 16:46:35 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/04/13 15:48:32 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/04/01 17:04:39 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/04/21 22:05:56 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/04/21 22:05:56 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/02/19 17:16:37 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/02/19 17:45:02 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\TFToolbarX@torrent-finder[2009/04/24 14:17:59 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected][2009/04/24 14:17:59 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected]\chrome[2009/04/24 14:17:59 | 00,000,000 | ---D | M] -- C:\Users\pig pig\AppData\Roaming\mozilla\Firefox\Profiles\dh3websj.default\extensions\[email protected]\defaults[2009/05/04 13:33:41 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions[2009/04/29 19:40:22 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2009/02/05 20:25:46 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}[2009/02/25 15:07:16 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}[2009/03/26 01:00:22 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}[2009/04/29 19:40:20 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll[2009/04/29 19:40:20 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml[2007/07/26 12:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (297313 bytes) - C:\Windows\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO1 - Hosts: 127.0.0.1 www.007guard.comO1 - Hosts: 127.0.0.1 007guard.comO1 - Hosts: 127.0.0.1 008i.comO1 - Hosts: 127.0.0.1 www.008k.comO1 - Hosts: 127.0.0.1 008k.comO1 - Hosts: 127.0.0.1 www.00hq.comO1 - Hosts: 127.0.0.1 00hq.comO1 - Hosts: 127.0.0.1 010402.comO1 - Hosts: 127.0.0.1 www.032439.comO1 - Hosts: 127.0.0.1 032439.comO1 - Hosts: 127.0.0.1 www.0scan.comO1 - Hosts: 127.0.0.1 0scan.comO1 - Hosts: 127.0.0.1 www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1000gratisproben.comO1 - Hosts: 127.0.0.1 www.1001namen.comO1 - Hosts: 127.0.0.1 1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.comO1 - Hosts: 127.0.0.1 www.100888290cs.comO1 - Hosts: 127.0.0.1 100sexlinks.comO1 - Hosts: 127.0.0.1 www.100sexlinks.comO1 - Hosts: 127.0.0.1 10sek.comO1 - Hosts: 127.0.0.1 www.10sek.comO1 - Hosts: 127.0.0.1 www.1-2005-search.comO1 - Hosts: 10270 more lines...O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)O2 - BHO: (addestination browser enhancer) - {28F50F0C-A4F3-392A-B83D-3619D148B0D9} - C:\Windows\SysWow64\prhhyoszquxwojoxc.dll ()O2 - BHO: (infoaxe.com Toolbar) - {2F8D500E-4546-45b7-9236-D4FD9850CF1C} - C:\Program Files (x86)\infoaxe\ietb.dll (VONeS.NET)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not foundO2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - Reg Error: Key error. File not foundO2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)O3 - HKLM\..\Toolbar: (infoaxe.com Toolbar) - {717EDDE0-444F-4ff0-B9C9-F60EC423E690} - C:\Program Files (x86)\infoaxe\ietb.dll (VONeS.NET)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not foundO3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)O4 - HKLM..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" (Advanced Micro Devices, Inc.)O4 - HKLM..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe" ()O4 - HKLM..\Run: [czsbiuuwuap] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\prhhyoszquxwojoxc.dll" (Microsoft Corporation)O4 - HKLM..\Run: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 (SupportSoft, Inc.)O4 - HKLM..\Run: [DelReg] "C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe" ()O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)O4 - HKLM..\Run: [LiveMonitor] "C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exe" ()O4 - HKLM..\Run: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r ( )O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)O4 - HKLM..\Run: [NetWorx] "C:\Program Files (x86)\NetWorx\networx.exe" /auto (SoftPerfect Research)O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" (Sonic Solutions)O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" ()O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun (Microsoft Corporation)O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)O4 - HKCU..\Run: [CurseClient] C:\Program Files (x86)\Curse\CurseClient.exe -silent ()O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)O4 - HKCU..\Run: [Google Update] "C:\Users\pig pig\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Google Inc.)O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)O4 - HKCU..\Run: [InfoaxeUpdater] C:\Program Files (x86)\infoaxe\updater.exe ()O4 - HKCU..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)O4 - HKCU..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)O4 - HKCU..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" (BitTorrent, Inc.)O4 - HKCU..\Run: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun (Microsoft Corporation)O4 - HKCU..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)O4 - HKLM..\RunOnce: [InstallShieldSetup] "C:\Program Files (x86)\InstallShield Installation Information\{2E52FB79-7F60-4AD7-B946-5ED18B4F274E}\setup.exe" -reboot"C:\Program Files (x86)\InstallShield Installation Information\{2E52FB79-7F60-4AD7-B946-5ED18B4F274E}\reboot.ini" File not foundO4 - Startup: C:\Users\pig pig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\eBay Countdown.url ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm File not foundO9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe File not foundO9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not foundO9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)O13 - gopher Prefix: missingO15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not foundO18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\url

guestolo · « **Reply #3 on:** May 09, 2009, 10:17:44 PM »

On your desktop, should be a notepad file called Extras.txt or Extras
Can you post the contents of that file please

smallsbig · « **Reply #4 on:** May 10, 2009, 12:28:08 AM »

[quote name=\'guestolo\' post=\'462301\' date=\'May 9 2009, 10:17 PM\']On your desktop, should be a notepad file called Extras.txt or Extras
Can you post the contents of that file please[/quote]

here ya go i had to enable that in the software as it was not auto enabled bt default

OTListIt Extras logfile created on: 5/10/2009 1:16:59 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.5 Folder = C:\Users\pig pig\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18762)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 51.50% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.26 Gb Total Space | 621.71 Gb Free Space | 44.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PIGPIG-PC
Current User Name: pig pig
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=\"orange\"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=\"orange\"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

[color=\"orange\"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

[color=\"orange\"]========== Vista Active Open Ports Exception List ==========[/color]

{047693A8-F6CE-4417-891B-8F1FA2E54F6D} = RPORT=1900 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-30757 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{0AAB3449-B9EF-4387-8655-29E45E4DDE5C} = LPORT=68 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-145 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SHAREDACCESS |
{0CA3F8BF-0A56-4696-93AD-35BD5CAF2F35} = RPORT=10244 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-30789 | APP=SYSTEM |
{0D5514C0-C4B8-450C-9C81-2BFC6F19AFF6} = LPORT=10243 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31285 | APP=SYSTEM |
{1B620E5B-FFFC-4D19-AD20-3DB16CE2108E} = LPORT=53 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-143 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SHAREDACCESS |
{1DE81F4E-EC0F-464C-B0FC-0238E0A86981} = LPORT=547 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-142 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SHAREDACCESS |
{245D5077-DE43-483C-8BBF-FE428AAF8E23} = LPORT=554 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-30761 | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{252620B9-5DAC-492C-90E1-9D3BB5ED507D} = LPORT=2869 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-146 | APP=SYSTEM |
{26E6D460-3EDF-428C-9D0C-19A7A5EF9972} = LPORT=138 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28527 | APP=SYSTEM |
{2C77F7EE-88F4-4E0B-9D6C-521484B15CFA} = LPORT=1900 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-30753 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{3EBEC09E-68A4-4BE8-A5D9-F87BBF28EC4B} = LPORT=7777 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-30801 | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{3F6B595B-35EE-4828-9138-02DC06EE8C24} = RPORT=10244 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-30789 | APP=SYSTEM |
{415EA60A-30A6-4375-A173-D8602EE3CEE8} = RPORT=2177 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31265 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{47178295-F543-410A-958F-55880F8997E5} = LPORT=RPC | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SISOFTWARE SANDRA AGENT SERVICE (TCP-IN) | APP=C:\PROGRAM FILES\SISOFTWARE\SISOFTWARE SANDRA PROFESSIONAL HOME 2009.SP2\WNT500X64\RPCSANDRASRV.EXE |
{48E677B3-FE2C-43B2-AE25-07F4E8262204} = LPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31269 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{49CF4F4C-BE93-49D9-A27D-CCA52A6B85DF} = LPORT=2177 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-30769 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{541B0A67-3A59-4479-9DA2-821864F50767} = LPORT=5353 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ADOBE CSI CS4 |
{6557FAE6-E758-4AF2-80A8-C6FC1BD80106} = LPORT=3390 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-30793 | APP=SYSTEM |
{66A5C207-3CFB-4DF9-A489-1EE36FC18244} = RPORT=2177 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31257 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{6780CEB8-AFEC-4943-AB6F-D7664CBC37F2} = LPORT=2177 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31253 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{6BCD797D-929A-4B06-9DE0-D41403562F30} = RPORT=139 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28507 | APP=SYSTEM |
{7299B6E8-724F-4EF0-830E-A471D6BC182B} = LPORT=2177 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-30777 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{73250654-AF35-40E9-B82C-52FB01275B5C} = LPORT=RPC | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SISOFTWARE SANDRA AGENT SERVICE (TCP-IN) | APP=C:\PROGRAM FILES\SISOFTWARE\SISOFTWARE SANDRA PROFESSIONAL HOME 2009.SP2\WNT500X64\RPCSANDRASRV.EXE |
{78E61193-69BB-43BB-99DD-9BFE44FFAAD7} = RPORT=445 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28515 | APP=SYSTEM |
{7CA0B1B0-65CA-42BA-BDF8-C095E8BDA6EC} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28535 | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{80F001FB-2B70-483E-AD6F-63391C93A9CD} = RPORT=2869 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-152 | APP=SYSTEM |
{893EFE52-BD85-4A8C-977D-BB808C3C1880} = RPORT=137 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28523 | APP=SYSTEM |
{8B5FACF6-31F3-442F-9633-50841DEE320A} = LPORT=445 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28511 | APP=SYSTEM |
{8C2537B5-BA2E-4CB1-8842-EA474025571F} = LPORT=7777 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-30801 | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{8D19B5F9-BBBA-45E4-B186-D37EB0589BF3} = LPORT=6004 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE OUTLOOK | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE |
{8F54EDFE-3C46-490A-B15B-D7265D81DC14} = LPORT=67 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-144 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SHAREDACCESS |
{8F6C17CE-EFA7-4E60-9356-F87B1D7816B3} = LPORT=10244 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-30785 | APP=SYSTEM |
{95DAF97F-25B2-4F2A-9384-B6B966BFAFAB} = RPORT=2177 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-30781 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{9DAE189F-E2ED-4C28-B32F-4301F812291B} = LPORT=139 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28503 | APP=SYSTEM |
{9ED659F0-EC32-4E81-B990-DBD1E3C8DAC3} = LPORT=RPC-EPMAP | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28539 | SVC=RPCSS |
{A4B21171-167F-4E1E-AE4A-1619EF58C153} = LPORT=3390 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-30793 | APP=SYSTEM |
{A796D93C-ED4E-4F00-A2F5-3EAAB9591E60} = LPORT=554 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-30761 | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{A8CF0ED4-7153-49DA-A8F4-E28B812E04DC} = LPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-147 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{AD2BF4AD-725E-4F4E-B349-EE6D524E63C4} = LPORT=137 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28519 | APP=SYSTEM |
{B0A8DD29-EE12-440F-A164-972719172145} = LPORT=RPC | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SISOFTWARE SANDRA AGENT SERVICE (TCP-IN) | APP=C:\PROGRAM FILES\SISOFTWARE\SISOFTWARE SANDRA PROFESSIONAL HOME 2009.SP2\WNT500X64\RPCSANDRASRV.EXE |
{BC1291D9-69FE-4BB3-8A65-273810B12D9A} = RPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31273 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{BF0FD184-BF6D-4457-BF1E-0A60E5C46CA4} = RPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-150 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{BF330993-0840-4441-942D-08CBBF06619B} = RPORT=2177 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-30781 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{CEB54BA5-2712-45A4-8C4D-143BB7C8F4C2} = RPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-30757 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{D4572BD9-6161-4EEE-98D1-1597D4C377FC} = RPORT=138 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28531 | APP=SYSTEM |
{D6136AB3-86E0-4EE4-815F-F2FFC0FA3D4F} = LPORT=RPC | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SISOFTWARE DEPLOYMENT AGENT SERVICE (TCP-IN) | APP=C:\PROGRAM FILES\SISOFTWARE\SISOFTWARE SANDRA PROFESSIONAL HOME 2009.SP2\RPCAGENTSRV.EXE |
{D89C699F-0863-4FCF-9056-C0EE67025C85} = LPORT=2869 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31277 | APP=SYSTEM |
{E0C56E38-C24B-4C78-9B51-7E61FEFE96D8} = RPORT=2177 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-30773 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{E326BEA3-D3AB-4448-B226-EC0106513A7B} = LPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-30753 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{E67779D5-D998-4BA6-B201-2C33051B50E6} = RPORT=10243 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31289 | APP=SYSTEM |
{E7CAEE36-D03C-4BA9-B1C3-64E2637E4EA4} = LPORT=2177 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-30769 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{E90E8F4C-B53F-4BF3-B3FD-81036D9778CD} = RPORT=2177 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-30773 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{EDC7DB18-C476-4AA9-B3F4-3024D68BF505} = LPORT=2177 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-30777 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{FD091390-C9C9-4052-AC88-0E147334599A} = LPORT=2177 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31261 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{FD932D27-7709-496C-B248-17C5A8BAE813} = LPORT=10244 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-30785 | APP=SYSTEM |

[color=\"orange\"]========== Vista Active Application Exception List ==========[/color]

{0044C442-96CC-475C-945D-1C3EC72B8320} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31024 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{00BEA0DB-D297-42EA-8E0E-1F11E8B8A1AB} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=TVERSITY MEDIA SERVER | APP=C:\PROGRAM FILES (X86)\TVERSITY\MEDIA SERVER\MEDIASERVER.EXE |
{01304F85-8E6A-47E5-8891-BFF80089B518} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{032E6D08-F166-4B75-8C9E-6B43F758DBAA} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MIRROR'S EDGEâ„¢ | APP=C:\PROGRAM FILES (X86)\EA GAMES\MIRROR'S EDGE\BINARIES\MIRRORSEDGE.EXE |
{04D9F299-5F46-452C-AA54-62DA92CA151E} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{06640604-4A2D-4831-8FA9-614676C14834} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{06907A6D-C900-400A-862F-4C49F64DF398} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31293 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{07C6C07E-C0D3-4B1C-A803-39FB28CA30EF} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31003 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{08ADED72-3A0A-4944-B42A-9E7421C347BD} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{0BE1D5BC-57F6-435B-BACC-15E276A9C101} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LOST VIA DOMUS GAME | APP=C:\PROGRAM FILES (X86)\UBISOFT\LOST VIA DOMUS\YETI_FINAL_WIN32.EXE |
{0D7F05F9-3307-44EA-9B86-56AA8D5D5C7A} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=TOM CLANCY'S ENDWAR | APP=C:\PROGRAM FILES (X86)\UBISOFT\TOM CLANCY'S ENDWAR\BINARIES\ENDWAR.EXE |
{0DA28512-BA9D-4770-98FE-EDF9DED7DCBE} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=GHOST RECON ADVANCED WARFIGHTERÂ® 2 | APP=C:\PROGRAM FILES (X86)\UBISOFT\GHOST RECON ADVANCED WARFIGHTER 2\GRAW2.EXE |
{118282D0-90AD-4C39-8D1A-3828B73691D0} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WORLD IN CONFLICT - ONLINE ONLY | APP=C:\PROGRAM FILES (X86)\SIERRA ENTERTAINMENT\WORLD IN CONFLICT\WIC_ONLINE.EXE |
{129A08EE-23E5-4843-8143-6BCCA870FED1} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ADOBE CSI CS4 | APP=C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\CS4SERVICEMANAGER\CS4SERVICEMANAGER.EXE |
{170FD5AE-EB3F-4CEC-A17C-BB349EEFB5DC} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31011 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{19D6750D-8A31-49DA-990C-E087AA5632E0} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{19E074BF-C678-4E61-8FFC-CABF78548B1D} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CCCINSTALL | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\BRANDING\CCCINSTALL.EXE |
{1BFCA256-20C9-43D3-AD9E-C4457DBF1301} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{1C66A81B-EEC6-45AF-BD3D-D35C42937E80} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{1D53949D-B5DD-4577-981F-1E27E2602B59} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CLI | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\BRANDING\CLI.EXE |
{1E07D354-6794-4B42-8A31-D9CA45A0501E} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{1FBB6A19-9EE2-48AD-AA53-AB13C7E736D1} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=FROSTWIRE | APP=C:\PROGRAM FILES (X86)\FROSTWIRE\FROSTWIRE.EXE |
{2065CB70-32BE-4330-844C-D292C84F6F98} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{20F26F92-7B8B-4D97-8B93-AF415769DBAE} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=GHOST RECON ADVANCED WARFIGHTERÂ® 2 DEDICATED SERVER | APP=C:\PROGRAM FILES (X86)\UBISOFT\GHOST RECON ADVANCED WARFIGHTER 2\GRAW2_DEDICATED.EXE |
{20F8AF5D-EC9E-430F-90B9-FAC4E9076346} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{21ECF98E-345D-4BB3-AD74-420FB2B9CBD4} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{242CFCA5-CEE4-4A1C-9484-5BAD91EDC4BA} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SACRED 2 | APP=C:\PROGRAM FILES (X86)\DEEP SILVER\SACRED 2 - FALLEN ANGEL\SYSTEM\SACRED2.EXE |
{264A71E1-6FB6-4B64-8F97-9F0EB3543370} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-30810 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=MCX2SVC |
{2683828D-D27A-4F01-B9BE-26D2C868C95E} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{2691648D-8B46-408D-9977-F0AC2840E88F} = PROTOCOL=1 | DIR=IN | ACTION=ALLOW | NAME=SISOFTWARE SANDRA AGENT SERVICE (ICMP-IN) |
{269D716F-05C7-4127-BEA7-114F796F2B61} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=PNKBSTRA | APP=C:\WINDOWS\SYSWOW64\PNKBSTRA.EXE |
{279A2B0D-0D77-48D9-9685-DA5049D5F5E0} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=PNKBSTRA | APP=C:\WINDOWS\SYSWOW64\PNKBSTRA.EXE |
{27B77A93-1939-46A1-9190-FAFF2CD7D44D} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{27BBD854-A31F-4B3C-8A00-BEE33A9654CD} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{297A8A70-E93D-4C0D-96B5-433E68DB5EED} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{2B3D207C-6997-41DC-9F5B-96272073C3F7} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{2C15CED9-2F60-481D-A5EB-4538431B6CEF} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{2DEFEACE-3B51-43DF-91B4-CAB73F1773DB} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WORLD IN CONFLICT - DEDICATED SERVER | APP=C:\PROGRAM FILES (X86)\SIERRA ENTERTAINMENT\WORLD IN CONFLICT\WIC_DS.EXE |
{2E71A31D-28C5-4F60-8315-A41CB5287755} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{2F0A0AC2-DBDF-4649-B0E4-7F7C2236772F} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WORLD IN CONFLICT | APP=C:\PROGRAM FILES (X86)\SIERRA ENTERTAINMENT\WORLD IN CONFLICT\WIC.EXE |
{3149A0B5-E574-42AD-9D66-FDC81B7B854C} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WORLD IN CONFLICT | APP=C:\PROGRAM FILES (X86)\SIERRA ENTERTAINMENT\WORLD IN CONFLICT\WIC.EXE |
{31601AA4-1B7C-4654-8AD5-00ED8CB62F9F} = PROFILE=PUBLIC | PROTOCOL=1 | DIR=OUT | ACTION=ALLOW | [email protected],-28544 |
{338FADAC-05B5-4498-BCB6-2DBE9B93F315} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LOST VIA DOMUS UPDATER | APP=C:\PROGRAM FILES (X86)\UBISOFT\LOST VIA DOMUS\GU.EXE |
{33C17F1A-1CBD-40AC-A64A-D660D6B02663} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=CLISTART | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE |
{34349000-EF91-4147-8ADF-C0925B3491B7} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=CLI | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\BRANDING\CLI.EXE |
{358ED000-05B0-4EBB-A243-E877057D4C24} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{358FC6E7-DAC0-4AAF-AA6C-E81DFCE72AE3} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31317 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{363DBDD6-25AF-4076-8F09-E1CD9F91DE2E} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{366CA4AF-0C9A-4B74-9A0E-C10B62A6E36E} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{37AEF82A-0AF7-4028-9B8B-A3E6FBD354D2} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=YAHOO! MESSENGER | APP=C:\PROGRAM FILES (X86)\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
{39A155BE-890E-4933-935E-16FC524D6483} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{3A8E7D4F-30BC-40DC-A12A-1AF5A7DB05E1} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE |
{3C557EA5-AD8A-4D89-9A40-A0C8BAF04F31} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{3CB9F2E4-8248-4E94-99C6-B6BEABD7DC67} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ÎœTORRENT (UDP-IN) | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
{3DA975A0-3FEB-4463-8A73-B1379457A1FD} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=GHOST RECON ADVANCED WARFIGHTERÂ® 2 DEDICATED SERVER | APP=C:\PROGRAM FILES (X86)\UBISOFT\GHOST RECON ADVANCED WARFIGHTER 2\GRAW2_DEDICATED.EXE |
{3EA22F45-4F8C-43A0-BBB2-ADB4A5509F32} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MOM | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\BRANDING\MOM.EXE |
{3EBAE2FB-69C0-4169-9F11-87C51CF61EA0} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LOST VIA DOMUS REQUIREMENTS TOOL | APP=C:\PROGRAM FILES (X86)\UBISOFT\LOST VIA DOMUS\DETECTION\LAUNCHER.EXE |
{46542C97-D2A5-4AD0-A033-D487ECEBBD7F} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{466DAEB3-C822-4F67-9273-14D03101FC54} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31007 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{47E20033-C047-4266-852C-CCA4A6611CC4} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=TVERSITY MEDIA SERVER | APP=C:\PROGRAM FILES (X86)\TVERSITY\MEDIA SERVER\MEDIASERVER.EXE |
{47FD0130-E36B-48A7-ACAD-64DCB260979C} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MOM.INSTALLPROXY | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\MOM-INSTALLPROXY\MOM.INSTALLPROXY.EXE |
{4926B216-CC7F-4F88-AABB-5CE2BD3D2F65} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MOM | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE |
{4A2A2354-AF97-4CE3-B089-C9FD9DFAF0D7} = PROTOCOL=1 | DIR=IN | ACTION=ALLOW | NAME=SISOFTWARE DEPLOYMENT AGENT SERVICE (ICMP-IN) |
{4C18C6A6-4E7F-42B4-8452-53484B000314} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31305 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{4C3869FA-0DB6-4B27-A450-AC20D9839AA7} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ADOBE CSI CS4 | APP=C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\CS4SERVICEMANAGER\CS4SERVICEMANAGER.EXE |
{4E933806-FEC0-4C77-8154-4A8F9D9198BD} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MOM | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE |
{50AC4CA3-16F6-4769-94B1-2C9811BEC246} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{511C518E-B3E3-4C90-8315-A67D552F6E46} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{5124B75C-5C4E-4B5B-9421-7D772AB40242} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{535FD1A1-EEE1-4143-BEC9-63EFFA36248D} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MEDIAMALL SERVER | APP=C:\PROGRAM FILES (X86)\MEDIAMALL\MEDIAMALLSERVER.EXE |
{53A67FDB-5AC3-4879-AF8D-4DC4AB7EB2E0} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WORLD IN CONFLICT - DEDICATED SERVER | APP=C:\PROGRAM FILES (X86)\SIERRA ENTERTAINMENT\WORLD IN CONFLICT\WIC_DS.EXE |
{56AD8ADD-B040-4DBA-8FE1-1C2110DED85B} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{5A9D0C03-46F2-47E4-AA21-E1AB51F1D0BB} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=TOM CLANCY'S ENDWAR LAUNCHER | APP=C:\PROGRAM FILES (X86)\UBISOFT\TOM CLANCY'S ENDWAR\TOM CLANCY'S ENDWAR LAUNCHER.EXE |
{5B4EAA72-BD50-40D5-B422-BEB902C18FE2} = PROTOCOL=1 | DIR=IN | ACTION=ALLOW | NAME=SISOFTWARE SANDRA AGENT SERVICE (ICMP-IN) |
{5DF449A7-994D-435B-98FE-BE2AA9D68178} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=PNKBSTRB | APP=C:\WINDOWS\SYSWOW64\PNKBSTRB.EXE |
{5E9A98DB-9A5B-45D2-B516-33AFDBC6F86F} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CCCINSTALL | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCCINSTALL.EXE |
{61989484-D86D-4E29-BBDC-4E71E359A5AE} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{61F0832C-9089-444D-BC0F-F5CF64CCE96B} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{63EE85C7-FB94-4C1F-A4D8-D2733A1818FE} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=CCCINSTALL | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCCINSTALL.EXE |
{662D3A45-69E0-45F1-9613-AEDDD6D2CA73} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{6665D593-163C-4359-8443-AE7DEC49B532} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LOST VIA DOMUS UPDATER | APP=C:\PROGRAM FILES (X86)\UBISOFT\LOST VIA DOMUS\GU.EXE |
{66875B4A-B9AD-4E60-8BB3-3160B192DC0F} = PROTOCOL=1 | DIR=IN | ACTION=ALLOW | NAME=SISOFTWARE SANDRA AGENT SERVICE (ICMP-IN) |
{668D2702-B8A6-4651-9E24-D8A05A79C773} = PROFILE=PUBLIC | PROTOCOL=1 | DIR=IN | ACTION=ALLOW | [email protected],-28543 |
{67D288E1-3826-4351-9389-950D4439CF61} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31281 | APP=SYSTEM |
{686D74C9-27E0-4309-B55F-351F5F58948C} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=CCC | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE |
{699D026A-AD86-41F7-9C90-A9CF84D236A2} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SACRED 2 | APP=C:\PROGRAM FILES (X86)\DEEP SILVER\SACRED 2 - FALLEN ANGEL\SYSTEM\SACRED2.EXE |
{6A48FB05-714C-4F11-92F0-887032B32810} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MEDIAMALL SERVER | APP=C:\PROGRAM FILES (X86)\MEDIAMALL\MEDIAMALLSERVER.EXE |
{6C41CABD-042C-4C87-9DB6-55617151F011} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MIRROR'S EDGEâ„¢ | APP=C:\PROGRAM FILES (X86)\EA GAMES\MIRROR'S EDGE\BINARIES\MIRRORSEDGE.EXE |
{6C5E3DBD-F265-4958-9871-B33360B8CF38} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{6DFA9495-2B5C-4B7F-A73E-2B41A2AC3E09} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=CCCINSTALL | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\BRANDING\CCCINSTALL.EXE |
{71BAA066-248B-4C78-9096-11EE3D9B7ED3} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31023 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{74D62200-ECD6-42CB-857F-E6797CB4FC26} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31313 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{77ECA6B4-6D3A-4A84-A6FA-A09D0EC9ADF9} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{79CC893E-5B21-4451-86DE-264CB1CED915} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=TVERSITY MEDIA SERVER | APP=C:\PROGRAM FILES (X86)\TVERSITY\MEDIA SERVER\MEDIASERVER.EXE |
{7A2963E2-6206-4D08-844E-C4D25D052B7E} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MOM | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\BRANDING\MOM.EXE |
{7A92D732-04B7-4390-8D2E-C2BDB64C9981} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31321 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{7C6800B7-15EB-4CC4-9036-8D91A2616787} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{7E8ACD1B-293B-4E07-9A66-2A593015E073} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{814257DE-044B-4810-A4DE-FA647F8AF38D} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=GHOST RECON ADVANCED WARFIGHTERÂ® 2 | APP=C:\PROGRAM FILES (X86)\UBISOFT\GHOST RECON ADVANCED WARFIGHTER 2\GRAW2.EXE |
{8207D9BD-EFB2-42F1-A152-286553A2C0F4} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{82676F08-B2F0-4154-83A1-84CDAE8729C6} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31297 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{84A4042F-71E8-4E05-9274-D7B22C2304E6} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{84F44643-6C3A-4BD0-8F0D-C1832BE6BFBE} = PROFILE=DOMAIN | DIR=OUT | ACTION=ALLOW | [email protected],-151 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SHAREDACCESS |
{85437BD5-C6EA-4FFC-9E7C-694BDA910DFD} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=TVERSITY MEDIA SERVER | APP=C:\PROGRAM FILES (X86)\TVERSITY\MEDIA SERVER\MEDIASERVER.EXE |
{88747B6B-3155-44D6-8B3E-D803477D3801} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31324 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{89687BE0-22EA-40F9-989D-BC1819AA2531} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SACRED 2 GAME SERVER | APP=C:\PROGRAM FILES (X86)\DEEP SILVER\SACRED 2 - FALLEN ANGEL\SYSTEM\S2GS.EXE |
{8EFA18ED-C4F4-4DF0-B691-15EDE784D305} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=TOM CLANCY'S ENDWAR | APP=C:\PROGRAM FILES (X86)\UBISOFT\TOM CLANCY'S ENDWAR\BINARIES\ENDWAR.EXE |
{8F0F8BF4-1CBA-4574-B61D-878F8C146212} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31025 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{93B32BB0-9FF6-46DC-82BC-81C2B7E07879} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-30805 | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{9437DC8E-3732-47BB-B9C7-BF2A1EC76674} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-30765 | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{970090D5-527F-464D-B25F-9F30D55C561D} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{9E9B3DF9-04ED-4B5F-9326-FBFE24847E64} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{9EC70DB2-37B5-4356-A7E8-D5D0EC345FDE} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{9ED3DC95-EADB-4306-83BA-B5C4B8544CF1} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31309 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{9FBB1930-7921-4BBE-AB7D-197BB04681CD} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-30812 | APP=%SYSTEMROOT%\EHOME\MCX2PROV.EXE |
{A13A7C29-B422-47ED-90A4-A78882C7202A} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{A33DFF14-6437-4474-8FA8-C4CB7D026C7E} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{A7A32156-E165-4C5A-B9E9-02529EF9ABB7} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{A9F1B0BD-169A-4C7B-B50F-AD1B640C8BA2} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{AAB4C22D-8DF9-4467-ADC0-90876F5F7B6E} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CURSE CLIENT | APP=C:\PROGRAM FILES (X86)\CURSE\CURSECLIENT.EXE |
{ABBABFFC-5135-4A55-8532-B562CD189B13} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{ACB180D0-EC67-4260-A657-D406FCE0DBAF} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31325 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{AFB541F4-758F-44A6-897E-D3C3BD1E1586} = PROFILE=PUBLIC | PROTOCOL=58 | DIR=OUT | ACTION=ALLOW | [email protected],-28546 |
{B8537D6D-CEBE-4BC7-87AD-5F391AA881EF} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=CLI | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CLI.EXE |
{BA457B7A-D1BF-4B5C-8AF0-6BF7CB739B41} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LOST VIA DOMUS REQUIREMENTS TOOL | APP=C:\PROGRAM FILES (X86)\UBISOFT\LOST VIA DOMUS\DETECTION\LAUNCHER.EXE |
{BE27A2AC-9375-4A0A-ABA8-C02B5C502459} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{BE43A936-4964-47AB-A662-FEEFA77D5BF1} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ÎœTORRENT (TCP-IN) | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
{BE7B6F1A-1D33-4AF6-A591-11D7B77B1E2C} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=PNKBSTRB | APP=C:\WINDOWS\SYSWOW64\PNKBSTRB.EXE |
{C081FBD7-7BAD-4D0B-B26E-CA8BA2073D02} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-30765 | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{C0AD075B-A0E7-402E-9476-5250E4B17165} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SACRED 2 GAME SERVER | APP=C:\PROGRAM FILES (X86)\DEEP SILVER\SACRED 2 - FALLEN ANGEL\SYSTEM\S2GS.EXE |
{C10478C3-299D-435F-A7D5-1E185361AA3C} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MEDIAMALL SERVER | APP=C:\PROGRAM FILES (X86)\MEDIAMALL\MEDIAMALLSERVER.EXE |
{C1A0C1E7-A2C4-4027-86FD-00837C676E7E} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{C4F69BB2-E6BD-446F-9E5B-6DB6B298CD35} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{C7263655-00FE-4F8F-B01C-539F4A0DB356} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE |
{C899B5F7-3289-4AC5-8C0E-31D258ABFBCB} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=YAHOO! MESSENGER | APP=C:\PROGRAM FILES (X86)\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
{C9A4C346-6793-490E-9AA1-A8562D3B9F5B} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{CBF1C0C7-7662-42EC-A8B4-14150280B1AE} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-30810 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=MCX2SVC |
{CE827ACC-495B-4BEF-B665-2A04AFF800D1} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31301 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{D0002E7A-FFDD-4D01-8F93-FA7E0B94DF91} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-30805 | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{D059B228-C54C-45DD-AF6C-E897ABE41199} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MEDIAMALL SERVER | APP=C:\PROGRAM FILES (X86)\MEDIAMALL\MEDIAMALLSERVER.EXE |
{D1183442-BCBF-428C-BD6D-35349EDAF69A} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{D6BA6D32-48E5-4E81-B93A-8353669186F6} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31323 | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{D8C49CA7-9F4A-4B30-A52A-9AD376922B25} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CLISTART | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE |
{D8D12320-984F-4C26-9E91-296F379FB40E} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{E31405DA-59D3-4EE7-B1D9-C38506FDD216} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LOST VIA DOMUS GAME | APP=C:\PROGRAM FILES (X86)\UBISOFT\LOST VIA DOMUS\YETI_FINAL_WIN32.EXE |
{E3AA8BD0-D498-4283-95FA-FDF803DB10DD} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=CURSE CLIENT | APP=C:\PROGRAM FILES (X86)\CURSE\CURSECLIENT.EXE |
{E40877B1-B164-45B1-9FAA-8DB68080C3EE} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CCC | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE |
{E4A9B87B-0C1D-484C-9E55-45F954614F30} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{E6E5B9A1-0657-44E6-93F9-98A3424FDB61} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{E7A69E85-EF50-4DA5-8A86-CEAA6E9F27DA} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{E900880B-D7DC-404F-AD58-1A61488ED5A3} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-30812 | APP=%SYSTEMROOT%\EHOME\MCX2PROV.EXE |
{E9D8DB5F-B209-43DE-9FA9-B40D96595AE1} = PROFILE=DOMAIN | PROTOCOL=58 | DIR=IN | ACTION=ALLOW | [email protected],-148 |
{EC3B25E7-8C6E-4D4A-99FB-683E2B8354C9} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{EE675D02-7235-454B-85F6-CE39A161E111} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=TOM CLANCY'S ENDWAR LAUNCHER | APP=C:\PROGRAM FILES (X86)\UBISOFT\TOM CLANCY'S ENDWAR\TOM CLANCY'S ENDWAR LAUNCHER.EXE |
{EEB2BBC6-BE01-44F1-A0AE-4FC7DC3E1AA8} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-149 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{F0C96985-547C-46D1-922F-21AFF9B09844} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{F1D5F590-E5FF-422E-9AF2-5C59D1FCE393} = PROFILE=PUBLIC | PROTOCOL=58 | DIR=IN | ACTION=ALLOW | [email protected],-28545 |
{F3413B4D-D872-4827-A5C7-6995A46985F5} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{F939B96C-3DF7-478A-B44B-4F10D42D4B02} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CLI | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CLI.EXE |
{F93F8B89-C543-4404-A0C4-AA53DF152771} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MOM.INSTALLPROXY | APP=C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\MOM-INSTALLPROXY\MOM.INSTALLPROXY.EXE |
{FA923A72-78C8-4182-A7C1-775F2B1A7001} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{FAACE663-E170-4BAA-B6BF-640E90BCDCF1} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{FC401CE7-1E76-4374-8D61-8DAAF9961DCC} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE |
{FDCE3A21-4926-4023-AE69-3EF24BFB9C88} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WORLD IN CONFLICT - ONLINE ONLY | APP=C:\PROGRAM FILES (X86)\SIERRA ENTERTAINMENT\WORLD IN CONFLICT\WIC_ONLINE.EXE |
{FE14BC24-26D3-464C-98C4-E83737ABD408} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=FROSTWIRE | APP=C:\PROGRAM FILES (X86)\FROSTWIRE\FROSTWIRE.EXE |
TCP Query User{0F164B50-C1B9-4486-856D-764B2F8ADA13}C:\program files (x86)\electronic arts\eadm\core.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=BLOCK | NAME=EA DOWNLOAD MANAGER | APP=C:\PROGRAM FILES (X86)\ELECTRONIC ARTS\EADM\CORE.EXE |
TCP Query User{4B1B2037-0D1A-42D8-897F-FEA6F7BA269E}C:\program files (x86)\curse\curseclient.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CURSECLIENT | APP=C:\PROGRAM FILES (X86)\CURSE\CURSECLIENT.EXE |
TCP Query User{66A445AE-E8A3-47DC-9FB8-C7B68F4D54FD}C:\program files (x86)\xfire\xfire.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=XFIRE | APP=C:\PROGRAM FILES (X86)\XFIRE\XFIRE.EXE |
TCP Query User{6C34FD94-2C52-4145-8FE0-48BE1AD830C7}C:\program files (x86)\vuze\azureus.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AZUREUS | APP=C:\PROGRAM FILES (X86)\VUZE\AZUREUS.EXE |
TCP Query User{87955D3B-ECFF-4CC4-A3A0-2A64A5EB8203}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=YAHOO! MESSENGER | APP=C:\PROGRAM FILES (X86)\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
TCP Query User{88BC2C98-9BF3-4C1D-A507-A2A586D52994}C:\program files (x86)\java\jre6\launch4j-tmp\jdownloader.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=BLOCK | NAME=JAVA(tm) PLATFORM SE BINARY | APP=C:\PROGRAM FILES (X86)\JAVA\JRE6\LAUNCH4J-TMP\JDOWNLOADER.EXE |
TCP Query User{9B251E46-E92F-4B2A-975E-2EAFCCED901F}C:\program files (x86)\common files\nero\nero web\setupx.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=NERO INSTALLER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\NERO\NERO WEB\SETUPX.EXE |
TCP Query User{A3238872-A158-4577-B9DA-0CC93DCA8177}C:\users\pig pig\appdata\local\temp\onlineupdate8\setupxu.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SETUPXU.EXE | APP=C:\USERS\PIG PIG\APPDATA\LOCAL\TEMP\ONLINEUPDATE8\SETUPXU.EXE |
TCP Query User{EBE16DAB-5B83-4395-A320-3C7360A956D0}C:\program files (x86)\utorrent\utorrent.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ÎœTORRENT | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
UDP Query User{108E0C18-B44C-4EDA-B16D-FD4217BC5FE7}C:\program files (x86)\java\jre6\launch4j-tmp\jdownloader.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=BLOCK | NAME=JAVA(tm) PLATFORM SE BINARY | APP=C:\PROGRAM FILES (X86)\JAVA\JRE6\LAUNCH4J-TMP\JDOWNLOADER.EXE |
UDP Query User{1A6DBAB9-0566-4B1B-8CCB-14B7203BA049}C:\users\pig pig\appdata\local\temp\onlineupdate8\setupxu.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SETUPXU.EXE | APP=C:\USERS\PIG PIG\APPDATA\LOCAL\TEMP\ONLINEUPDATE8\SETUPXU.EXE |
UDP Query User{5FAA4204-B173-4C9E-B9B5-93CC7A0E17C2}C:\program files (x86)\electronic arts\eadm\core.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=BLOCK | NAME=EA DOWNLOAD MANAGER | APP=C:\PROGRAM FILES (X86)\ELECTRONIC ARTS\EADM\CORE.EXE |
UDP Query User{602C68B1-28FB-4DFB-B033-08807AAA3701}C:\program files (x86)\xfire\xfire.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=XFIRE | APP=C:\PROGRAM FILES (X86)\XFIRE\XFIRE.EXE |
UDP Query User{6CF37538-92F4-4AB0-8738-B41BC9D9AE50}C:\program files (x86)\vuze\azureus.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AZUREUS | APP=C:\PROGRAM FILES (X86)\VUZE\AZUREUS.EXE |
UDP Query User{87577A1A-6066-435E-96CA-995BF1CED7A5}C:\program files (x86)\curse\curseclient.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=CURSECLIENT | APP=C:\PROGRAM FILES (X86)\CURSE\CURSECLIENT.EXE |
UDP Query User{89E97D9D-653D-428A-BA9A-31F42E724B4F}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=YAHOO! MESSENGER | APP=C:\PROGRAM FILES (X86)\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
UDP Query User{8A8033B5-C509-4A8B-AA0B-3BF99A652FFB}C:\program files (x86)\utorrent\utorrent.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ÎœTORRENT | APP=C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE |
UDP Query User{987BB978-3898-4A9E-A3ED-D3B21DC3CF29}C:\program files (x86)\common files\nero\nero web\setupx.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NERO INSTALLER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\NERO\NERO WEB\SETUPX.EXE |

[color=\"orange\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{04AA8DF8-D7B9-AE86-F4A6-5257BD20DF53}" = CCC Help English
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09EA3E66-F60C-45EF-9C16-6CA2262E21C4}" = Roxio Creator 2009 Ultimate
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F9306FD-E246-7427-44B6-081342F411C9}" = Catalyst Control Center Core Implementation
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{183AB714-2AA6-9073-2D2F-60B7FEC2F653}" = Catalyst Control Center Graphics Full Existing
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1AEBE79A-63F4-0FB2-0269-282FB8CC5129}" = Catalyst Control Center HydraVision Full
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skypeâ„¢ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(tm) 6 Update 13
"{2702B8FC-6003-4AC6-ADBC-EC65746D800A}" = Lost Via Domus
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquerâ„¢ Red Alertâ„¢ 3
"{2BB047B7-E613-4686-BE0C-E63BB26BE121}" = Sacred 2 - Elite
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Central
"{35709580-CF4C-4BA3-9833-13B39389F48B}" = Play On Plugin Pack
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37288DA4-0426-2B76-ED1F-6E2DC8DB291A}" = Catalyst Control Center Graphics Full New
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Spaceâ„¢
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5977A284-6ADB-4CC1-BEC5-1CDE7908ACA3}" = Vista Manager
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5E35BD20-7C55-52D7-A462-BB98289E2D98}" = Catalyst Control Center InstallProxy
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX
"{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588}" = Windows Live Device Manager
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B}" = Windows Live Movie Maker Beta
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Creator 2009 Ultimate
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8356F0AB-7382-88C9-FF97-1687DB17703A}" = Catalyst Control Center InstallProxy
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8651784F-123E-4E8F-A5AD-60B8BE121033}" = Nero 8 Essentials
"{866F72F0-1363-2420-45E8-058EB36062C8}" = Catalyst Control Center Graphics Full New
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FDD65E7-ABDB-C777-1EED-0B086440CF10}" = Catalyst Control Center Graphics Light
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-42

guestolo · « **Reply #5 on:** May 10, 2009, 01:08:10 AM »

Can you do the following

Click on the Start>>Control Panel

# When the Control Panel window opens click on the Uninstall a program option
under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.

Uninstall the following:
Vuze Toolbar
and
RON Too1 Addestination
If you are prompted for a verification code, type it in and follow the prompts
If you can't type in the code, try and copy/paste the code

Reboot the computer afterwards
Back in Windows

Right click on OTListit2.exe and choose to Run as Admin
Copy the contents of the paths below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[color=\"#0000FF\"]:OTLI
PRC - C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
O2 - BHO: (addestination browser enhancer) - {28F50F0C-A4F3-392A-B83D-3619D148B0D9} - C:\Windows\SysWow64\prhhyoszquxwojoxc.dll ()
O4 - HKLM..\Run: [czsbiuuwuap] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\prhhyoszquxwojoxc.dll" (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" (BitTorrent, Inc.)

:files
C:\Program Files (x86)\AskBarDis
C:\Windows\System32\kqdzyzwnxxm.exe
C:\Windows\System32\prhhyoszquxwojoxc.dll
C:\Windows\SysWow64\prhhyoszquxwojoxc.dll

:commands
[emptytemp]
[start explorer]
[Reboot][/color]

Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTListIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Back in Windows
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Recap: Post the log from OTListit2
and the report from MBAM
Keep me informed how things are running please

guestolo · « **Reply #6 on:** May 10, 2009, 02:17:58 AM »

In case you have tried the script with OTListit2 and it froze at killing explorer
I've edited it, it should work fine now

smallsbig · « **Reply #7 on:** May 10, 2009, 03:02:25 AM »

========== OTLISTIT ==========
Process explorer.exe killed successfully!
No active process named Program Files was found!
No active process named Program Files was found!
No active process named Program Files was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28F50F0C-A4F3-392A-B83D-3619D148B0D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28F50F0C-A4F3-392A-B83D-3619D148B0D9}\ not found.
C:\Windows\SysWow64\prhhyoszquxwojoxc.dll unregistered successfully.
C:\Windows\SysWow64\prhhyoszquxwojoxc.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\czsbiuuwuap not found.
File move failed. C:\Windows\System32\regsvr32.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
C:\Program Files (x86)\uTorrent\uTorrent.exe moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\AskBarDis not found.
File\Folder C:\Windows\System32\kqdzyzwnxxm.exe not found.
File\Folder C:\Windows\System32\prhhyoszquxwojoxc.dll not found.
File\Folder C:\Windows\SysWow64\prhhyoszquxwojoxc.dll not found.
========== COMMANDS ==========
File delete failed. C:\Users\pig pig\AppData\Local\Temp\Rar$EX00.688\RootAlyzer.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\JETFAA0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\~DFDC8D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\~DFDCFB.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\~DFDD4A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\~DFDD56.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\~DFDD9C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\~DFDDA8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\~DFDDF7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\~DFDE06.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\~DFDF8C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\pig pig\AppData\Local\Temp\~DFDFA1.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.5 log created on 05102009_035330

Files moved on Reboot...
File move failed. C:\Windows\System32\regsvr32.exe scheduled to be moved on reboot.
C:\Users\pig pig\AppData\Local\Temp\Rar$EX00.688\RootAlyzer.exe moved successfully.
C:\Users\pig pig\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\pig pig\AppData\Local\Temp\JETFAA0.tmp not found!
File C:\Users\pig pig\AppData\Local\Temp\~DFDC8D.tmp not found!
File C:\Users\pig pig\AppData\Local\Temp\~DFDCFB.tmp not found!
File C:\Users\pig pig\AppData\Local\Temp\~DFDD4A.tmp not found!
File C:\Users\pig pig\AppData\Local\Temp\~DFDD56.tmp not found!
File C:\Users\pig pig\AppData\Local\Temp\~DFDD9C.tmp not found!
File C:\Users\pig pig\AppData\Local\Temp\~DFDDA8.tmp not found!
File C:\Users\pig pig\AppData\Local\Temp\~DFDDF7.tmp not found!
File C:\Users\pig pig\AppData\Local\Temp\~DFDE06.tmp not found!
File C:\Users\pig pig\AppData\Local\Temp\~DFDF8C.tmp not found!
File C:\Users\pig pig\AppData\Local\Temp\~DFDFA1.tmp not found!

Registry entries deleted on Reboot...

guestolo · « **Reply #8 on:** May 10, 2009, 03:37:40 AM »

I mistakenly had OTList2 move a couple legit files

Not a big deal, as we can replace them

First, navigate to the following folder
C:\Windows\System32

Inside the system32 folder, look for a file called
regsvr32.exe

It should be there, as it's a protected file, and was probably replaced on reboot
But just double check
If it's not there, go to the following folder created by OTListIt2
C:\_OTListIt\MovedFiles
Inside that folder, open the folder corresponding to Date of fix\Windows\System32
Right click on regsvr32.exe and copy it, paste it to the following location
C:\Windows\System32

The next file would not of been replaced
Open the folder
C:\_OTListIt\MovedFiles\Date of fix\Program Files (x86)\uTorrent\
Inside the folder right click on uTorrent.exe and Copy it

Then navigate to the following folder and paste a copy of it
C:\Program Files (x86)\uTorrent

You must keep me informed how things are now running
In addition, can you supply me with a fresh Hijackthis log please
Also, post the log from Malwarebytes' Anti-malware when you have finished the scan

sona · « **Reply #9 on:** May 13, 2009, 06:59:36 PM »

I need help please with this yoog program as well.

TheTechGuide Forum

News:

Author Topic: Yoog and Addestination, An Addestination program somehow got on my com (Read 3218 times)

smallsbig

Yoog and Addestination, An Addestination program somehow got on my com

guestolo

Yoog and Addestination, An Addestination program somehow got on my com

smallsbig

Yoog and Addestination, An Addestination program somehow got on my com

guestolo

Yoog and Addestination, An Addestination program somehow got on my com

smallsbig

Yoog and Addestination, An Addestination program somehow got on my com

guestolo

Yoog and Addestination, An Addestination program somehow got on my com

guestolo

Yoog and Addestination, An Addestination program somehow got on my com

smallsbig

Yoog and Addestination, An Addestination program somehow got on my com

guestolo

Yoog and Addestination, An Addestination program somehow got on my com

sona

Yoog and Addestination, An Addestination program somehow got on my com