Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser hijacked and All anti-virus/spyware scans being stopped [Close

Started by mrsunday , Sep 22 2009 07:58 PM

  • This topic is locked This topic is locked

#1
mrsunday
Posted 22 September 2009 - 07:58 PM

mrsunday

    Member

  • Member
  • PipPip
  • 11 posts
Hello, I hope you can help me. I'm normally very good a fixing problems but spyware all but eludes me!

Well a couple of hours ago I noticed in firefox that when I searched in google and was clicking one of the links it gave it would get redirected to a different search engine. In fact links would take to me to several different places including 'Scour.com' 'livetosearch.com'
It only seems to happen in google, if I type an address in the address bar it works fine. Also another time opening firefox it opened up Internet explorer also and 2 pop-ups for an iphone and something else. This problem doesn't seem to be browser dependent.

First things first I tried Spybot search and destroy, all was working fine until I tried to scan, it started scanning and then suddenly closed. Trying to reopen it would not work as it came up with: 'Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.'
I also tried HijackThis to get a log but it had the same problem.

Adaware no longer will load and after finding your lovely site and installing Malwarebytes' Anti-Malware also closes while scanning and wont re-open. I've followed the instructions in the how-to post and luckily OTL was able to provide me with a log. I hope you can help me out and I also would like to say this site seems great the amount of useful proffesional easy to follow help you guys seem to give out astounds me. So here's the log:
OTL Extras logfile created on: 23/09/2009 02:22:11 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.24% Memory free
4.00 Gb Paging File | 2.72 Gb Available in Paging File | 68.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 200.69 Gb Total Space | 17.26 Gb Free Space | 8.60% Space Free | Partition Type: NTFS
Drive D: | 20.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 887.19 Gb Free Space | 95.24% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 1.92 Gb Total Space | 0.46 Gb Free Space | 24.04% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: LASERFROG-PC
Current User Name: laserfrog
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9785F9-41AF-46BF-9F5B-B8318DE56A68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{21963324-312C-43FE-9263-5D22A1C8A07D}" = lport=3390 | protocol=6 | dir=in | app=system |
"{278F289F-EF84-45C9-BFF7-2D3569853F8D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{34B3DDB8-93BE-450C-92FB-BD57173C19F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34F0E672-43B8-47CD-B460-3CB9FEBBCD94}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36FBBF97-585C-48BB-BDCD-7719B1B6CC7C}" = lport=22 | protocol=6 | dir=in | name=ssh |
"{3E31734F-416B-4BC6-9577-D3D167C4D140}" = rport=10244 | protocol=6 | dir=out | app=system |
"{404C5500-6819-4B23-80AB-A16983496D74}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42377853-443E-4915-965F-DF4F5E016D37}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DD87C5E-A1D9-4682-A2D2-6290331C5E59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58E6A967-CCA2-4F90-90A9-FF84B4515F42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6359CC58-1516-4EB3-BEB0-193962DA47DF}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader |
"{69200982-BBC1-4198-80D1-6AEF3CD9F129}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6B4E1E5B-7157-42E5-8636-40BF034FEC7C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{792367D1-1264-43E1-AE78-D36589850AB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79FE823B-A609-44E5-B3A2-45163FAEDF7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{820DE5C8-9021-402F-A5F8-7C38D8D64219}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8DA625D7-C524-49BB-BF89-07A904AAD107}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90188D92-87B9-4E9D-8A18-2E235DBADACC}" = rport=10244 | protocol=6 | dir=out | app=system |
"{90AE2F35-15D2-4C15-A92C-39AD3DD380CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{91007F20-5CBE-4660-8EF6-20269378A35F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A74BF9CC-0608-484D-8331-F3B03AD8A84B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7854460-5EEB-4D00-BF49-62E344B90CDA}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C3E12B08-5DE6-45CE-BA8D-68E4ACB86FFA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C943B550-64E9-4A25-9F26-681743014E03}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{C983717A-AE9D-4FCC-ACB9-A20B75E46833}" = lport=10244 | protocol=6 | dir=in | app=system |
"{CA0ACB09-0DBC-434E-9173-C9F50900A70F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D01A1884-007A-4BF9-AB43-182B7D6569F8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D0E0CC0E-C8D9-4518-8815-C46E381A7994}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DBC048C6-8A37-40EF-84A8-14C71337655D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFD26CCA-3881-4524-AD6A-C801E4511466}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E26B60BD-E1E9-4C0E-80D2-62F5257B51F9}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E2EC3969-12DC-4E7B-A0FC-641D328F80B3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EDC72AE2-C769-420D-81B5-FD3AF7292B7F}" = lport=8080 | protocol=6 | dir=in | name=http2 |
"{F78DC050-2484-4653-A155-51FBA41B9E79}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8FF7C78-F5F3-468B-ABB3-9A93EB702CD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F99C6502-551F-4AF8-8EF6-C090F3CB8D65}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FD8997FA-83D3-4739-97F4-A1A2A2C89535}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053918A6-85DE-4CEB-856A-1692E07AE5F8}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"{05F01216-4A9E-43F5-8832-E0CE49FA9B1F}" = protocol=6 | dir=in | app=c:\program files\capcom\bionic commando rearmed\bcr.exe |
"{066A6F21-5E8F-48B6-8854-A3C05E06BCC8}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{0FE81954-F0E7-47AF-9A68-017DB2131DAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{11324FAB-6C47-473B-8E95-363CDFE441F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{118A1157-ADB9-4808-A518-71BADC32A541}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{153D7A44-1DC9-47D3-8AAE-AB00ECDEFBA0}" = protocol=17 | dir=in | app=c:\games\rainbow six vegas\binaries\r6vegas_launcher.exe |
"{16D7D46F-50F9-43A5-8D30-F609232AF058}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{18F8C534-EA2A-4339-A530-227E47625754}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1910B702-EBC2-47F3-A1A3-8E6E49B8DB37}" = protocol=17 | dir=in | app=f:\games\call of juarez - bound in blood\cojbibgame_x86.exe |
"{1B7779FB-24FA-446C-9F4C-CCA5D6C0CCB4}" = protocol=6 | dir=in | app=c:\users\laserfrog\program files\utorrent\utorrent.exe |
"{1C2C488B-2DCA-44A0-B9D6-30A2E2B15F79}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{1C42D07A-71A1-4D2C-AD6A-210C04D81FFA}" = protocol=17 | dir=in | app=c:\games\virtual pool 3 dl\vp3.exe |
"{1E1C405A-0B84-45EE-8803-5904EE486F10}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{1F0BCF8B-CAE5-4BAA-98D7-BDC95CD23ECC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22413BBC-41A8-44EE-A586-AC0501A42A3C}" = protocol=6 | dir=in | app=c:\games\rainbow six vegas\binaries\r6vegas_launcher.exe |
"{2263976B-9C54-4265-AC47-FEF0A5833092}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{22D73363-7123-467D-AD66-987C1BD4865F}" = protocol=6 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe |
"{23E5CA8E-FC35-4F24-A71D-352CFE8958F0}" = protocol=6 | dir=in | app=c:\program files\crossloop\vncviewer.exe |
"{24B50780-689E-4D46-BDA2-607F108252D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{26245C9B-A4F9-4C1E-8AC5-3E29DA517E8D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{269AE61A-A02F-4E37-88DF-416D73CD94AA}" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\company of heroes\reliccoh.exe |
"{27E5DF68-60E0-4B9C-95B6-73E7D8378EBB}" = protocol=17 | dir=in | app=c:\games\rainbow six vegas\binaries\r6vegas_game.exe |
"{2AD3495B-724B-4CEA-84D6-DB545EA064D5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CDA67A9-4DB9-4107-8C5E-629FC72E8E98}" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\company of heroes\reliccoh.exe |
"{2D75D3A3-A9E5-4F26-A6E9-9A06FCCACE66}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{304EBD23-7C61-4ADB-BE9F-AADD610D97E2}" = protocol=6 | dir=in | app=c:\program files\sierra\swat 4\contentexpansion\system\swat4x.exe |
"{30834374-C4B5-4A86-B236-39BA61DB2B3A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36B20E37-0B0E-4B07-9FCB-A00A2A16CBC0}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"{385AE497-9C35-47A3-A110-62B643EA07C2}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{3B9D9552-67D8-4079-AFA8-F47AB0AC7A65}" = protocol=6 | dir=in | app=f:\games\call of juarez - bound in blood\cojbibgame_x86.exe |
"{3BA19B38-F33D-4DAB-B427-4B39AEB027C7}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{3CE82F1B-EEB2-42C8-B593-C1078C5F0BD2}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{3DA3D6D8-097C-4079-8C40-6971AD16B692}" = protocol=17 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe |
"{3E491686-7BD2-4255-8219-5A7267E6888F}" = protocol=17 | dir=in | app=f:\games\ai war\aiwarupdater.exe |
"{3E760136-2386-46CB-894C-A878797BB140}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3F9DDC48-42E9-41EC-B1BB-DB4DCFD4C207}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{43696493-0798-48FE-A957-19A0E5E9F584}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{43CCF339-A33B-4BB3-9357-9A1548AEFE43}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{45BA2355-CE93-48BB-B947-4C91D91D4494}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{48D68368-DFAF-4985-BEE5-E4E726AAB484}" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\killingfloor\system\kfed.exe |
"{4A616C99-B9FF-4163-8C41-C359E58FE574}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{4A7EA900-D139-4192-B0D7-C4629BD10023}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4F5E2994-8D16-4619-9BA6-4640410AD523}" = protocol=6 | dir=in | app=c:\pw\patcher\patcher.exe |
"{506F36F2-778E-4139-A6F5-45511FBB0BEB}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{52D3B372-002D-4EF2-97E0-07B1CD27AAE1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{53AE51E4-AEAD-4FBD-B682-6C0782559B12}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{56D203AD-AF60-4501-8281-8FB928AA809A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57706B48-9090-45F1-ACAA-107376291D31}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{595C8519-91C0-4AF9-BF78-86B5D1638B3A}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{5C96A116-221E-4140-B46D-DEF1D64149FF}" = protocol=6 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe |
"{5D5C7F7E-C276-4A40-8E79-10A212663720}" = protocol=17 | dir=in | app=c:\program files\sierra\swat 4\contentexpansion\system\swat4x.exe |
"{5E3DCAED-FD3A-4D2A-99E5-2C586CF89D01}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{5F2326BA-3C77-456D-BBE0-939A24FE7182}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{604A0DF8-84F8-43D4-A72B-631713F7826F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{626C6E68-31F2-4044-9F23-360724C38517}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{63D0492F-5C4A-4D9A-B854-941D53E78780}" = protocol=17 | dir=in | app=c:\skulltag\rcon_utility.exe |
"{6472AA28-0BC4-45B5-B05E-FB8D2E27E289}" = protocol=17 | dir=in | app=c:\skulltag\idese.exe |
"{67C7AB85-8173-40FB-BAB8-595B2DA7773C}" = protocol=6 | dir=in | app=f:\games\ai war\aiwarupdater.exe |
"{68787CD6-7128-4FB4-B2BD-502FBC19C171}" = protocol=17 | dir=in | app=c:\program files\sierra\swat 4\contentexpansion\system\swat4xdedicatedserver.exe |
"{68A4ABB5-E152-4665-8703-25BBE58DFC8C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{69197367-9AA6-4E85-9066-ED794F480E39}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{6B5071E2-47C5-4B60-AE37-7837220FCF7C}" = protocol=6 | dir=in | app=c:\skulltag\rcon_utility.exe |
"{6D36BF5B-19AA-46D7-B595-F2CFCCF236FC}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{6F091233-9ABB-4E1F-ABC9-F7FFC5C08532}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{71753265-CB5D-40C0-9190-8A3609B7A31D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{71F893AB-D6C1-4136-9F7A-823E0E85AD5D}" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{71FA78A2-B02E-4748-AEFB-FE13AE62C2D8}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{73C9CD5F-A7A4-4D6D-9666-A8CE7E35F9FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{745C51C1-81D6-4DFC-BC8F-1B21B84CDC5D}" = protocol=17 | dir=in | app=c:\pw\patcher\patcher.exe |
"{7470BB60-0972-4FA8-893E-2627596CD9ED}" = protocol=6 | dir=in | app=f:\games\ai war\aiwar.exe |
"{78D05FF6-2A5E-49A4-8CD1-5704FC042DF5}" = protocol=17 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe |
"{7BDDB0A5-30DD-4E1C-A1B5-0A2C98B06548}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DB9CEB6-0A31-4F46-A34B-20FD40FDCCBD}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{7F3F5728-F5A4-4D28-9576-C3DC505D9FF0}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7FF918C6-E569-46BA-85CD-95F2049771DA}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{81052CE2-C59B-4EE6-B3F2-DA575A1AA494}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{81A70B25-BBC3-44B2-A418-C8482384AD96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{849C6DD7-77C5-4A8F-B7FB-A23B31F9BD1C}" = protocol=6 | dir=in | app=c:\program files\capcom\streetfighteriv\streetfighteriv.exe |
"{84C057F0-C2C6-4F73-BDAF-2D43934822D3}" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{85B48912-EB43-4C6D-ADEE-B5C787709268}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{85E87236-E89C-4CC9-B37B-4A68D41F500C}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{888BC1B3-B064-4F2C-B324-A9B37A3448BC}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{88B42E10-1DDF-4BE0-85A8-4DB301A239E4}" = protocol=17 | dir=in | app=c:\skulltag\skulltag.exe |
"{89DC92FB-9579-4720-ACC5-8F9C8BFC4124}" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\company of heroes\help.htm |
"{8CE09FE5-CDD8-4676-AD44-6C5504A38AE6}" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{8D24B143-312A-4286-8F60-74D02F8DB0DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E26FECE-9CE6-4FAD-ABF7-C969A2057BEB}" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{924D91CA-B626-47D1-9414-355CAC534C81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96489CA9-3115-4A39-97F4-56A70D376138}" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\company of heroes\help.htm |
"{9662B179-3BB1-4484-9A79-BDAEE04B91FC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{986B2314-40A3-4841-B56A-675783FE9863}" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{9D010E5B-75D1-4284-9899-430DF52AAC59}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A0FD5A1E-FD11-4E81-A3F0-E59DF3EFF68A}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{A38B1564-43F3-4788-B6D8-89ED419C5098}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{A5B4BC17-35A5-4445-8CE1-10F7C3364F40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A750D828-CE18-4A60-AD15-F508E198E1D6}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{A7DD61D1-9054-45FB-AC3D-ACD07CE111F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8168E11-BADB-4C87-8C84-313D46DCBC49}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA3E274F-B6DC-4BB4-87A5-D95DA93CDA27}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{AA57F8B6-C56A-45E6-AA36-A9DE0ADFD8CA}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"{AAB6E0B5-A747-4446-9021-7CFB0895CC05}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 9\3dsmax.exe |
"{ADD6C171-CC16-43D1-995A-743A1FF1DBC2}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{AED68F4E-4029-4DEE-BEFE-1F778EC18379}" = protocol=6 | dir=in | app=c:\program files\crossloop\crossloopconnect.exe |
"{AFCBEFB7-05A5-476F-BC9C-2E8DCAD3B9D8}" = protocol=6 | dir=in | app=c:\skulltag\idese.exe |
"{AFE6E405-C723-46B2-A831-E53CD26F88DA}" = protocol=6 | dir=in | app=c:\program files\sierra\swat 4\contentexpansion\system\swat4xdedicatedserver.exe |
"{B06DE449-96E6-46A6-B5EC-72885981C684}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B4CC6D8C-4B6A-4B14-82ED-2F3684BD8AAB}" = protocol=17 | dir=in | app=c:\program files\capcom\bionic commando rearmed\bcr.exe |
"{B9CF2DE8-3D5D-4113-B7DB-0E104C403399}" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\killingfloor\system\kfed.exe |
"{BBF49354-8CDA-4646-A5FF-64C363330D44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFF14AB2-27E2-44DA-A5AB-BF9997B94D88}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{C2D72598-1696-4383-A079-8468ADEFCB9A}" = protocol=6 | dir=in | app=f:\games\majesty 2\majesty2.exe |
"{C3B23747-16B5-47A7-B933-667F88C0E01E}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{C410AF60-CA57-49F0-B1A6-818FE2F7D82D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C46A9317-CDB3-4C9D-B8D6-DBFA1E571DEB}" = dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat |
"{C4B076A8-867A-4EF2-A035-E9253997D093}" = protocol=17 | dir=in | app=c:\program files\capcom\streetfighteriv\streetfighteriv.exe |
"{C61F9824-B5B1-4613-8495-8202F709E9AC}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{CB71007D-5F29-4EF9-B1F5-75DBCEA0601D}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{CB72D56E-2EC0-4F39-BA53-3242A7D576B7}" = protocol=6 | dir=in | app=c:\games\rainbow six vegas\binaries\r6vegas_game.exe |
"{CDDE505B-9210-4256-8F89-77A47CFC68B0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CE36AD0C-3D91-4BA8-BF10-636289EE0B0D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CEE82481-E892-4470-9061-FF46F06B6EBF}" = protocol=6 | dir=in | app=c:\skulltag\skulltag.exe |
"{CEF80A8F-DA4F-4A72-A44B-541B92881C62}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D360C011-B4F1-4A7D-AB8F-CE268A60114B}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{D42DCA9D-0E0A-4B33-B927-89848BF12C65}" = protocol=17 | dir=in | app=f:\games\majesty 2\majesty2.exe |
"{D7314156-E18E-44C2-BC64-C1148FD6D36F}" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{D821FFED-8ABC-4974-9421-E57E830EA4EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8303977-5E41-4DCB-B5DC-E67CEC63A6AE}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 9\3dsmax.exe |
"{D983B97D-14FC-4FAF-8D21-849F1634E221}" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{DB07D202-25CB-4C85-8915-60A029EB3FB0}" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{DC6DA012-D1DF-4EE3-892B-910A20A36AA5}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{DC7B4B25-3157-4828-B365-0BE165D9A24E}" = protocol=6 | dir=in | app=c:\games\virtual pool 3 dl\vp3.exe |
"{DCEED939-44A8-428F-852F-0E29BB1EC651}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{DD71040E-0D95-4037-AFDE-AD2504E0D43A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DF8893C0-1E3E-4142-9674-3266F62A7934}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{E0434919-41BA-40D7-90DC-82C24919D244}" = protocol=17 | dir=in | app=c:\program files\crossloop\crossloopconnect.exe |
"{E31E89E8-986C-450D-A094-921A68C4AB0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E39F94D0-E2BE-4319-96A3-B38057C09D30}" = protocol=17 | dir=in | app=c:\program files\crossloop\vncviewer.exe |
"{E8B94DA4-B8DA-4FC9-B6E5-733394DF8417}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{E99C9E13-80F2-4C72-B8C6-C490D376BE0B}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{EAE9738F-C167-4FFA-8F0A-653DA49163EB}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{EDB97788-199C-4079-918A-748AA64E634D}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{EED8DF7F-DF19-4F9C-B89B-DA7E1C107EB2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F0D300CD-EFD1-45B7-94AE-74FDC1E8FD33}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F13FDB90-28AA-4A38-B361-EDD7A3A6535B}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{F2435AB5-5C53-4227-9E99-43B33C5E319F}" = protocol=6 | dir=out | app=system |
"{F3E2AB34-519A-4FAC-88E5-6B13A28A0A22}" = protocol=17 | dir=in | app=c:\users\laserfrog\program files\utorrent\utorrent.exe |
"{F695049A-A24A-4491-8C67-ABF0A24FF02F}" = protocol=17 | dir=in | app=f:\games\ai war\aiwar.exe |
"{F7CE3A4A-1549-410B-9EA0-70AA082F029B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{F8C85AF4-2DCB-4E87-B0C6-DAF66DFA0B8E}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{FAC1EB99-136C-49FC-843B-4ADFF78D02D4}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{FD98DDB4-E3D2-4802-9725-ED74D7E8F337}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{FE142848-2958-449A-89FE-959D3D3E6336}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FEE6B4DC-4EF7-4855-843A-E99CF1216244}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"TCP Query User{0225B611-EF43-4018-825B-8C9509D660C2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{04CCB5E0-F5BF-47C2-9483-BDF99851E04C}C:\sbbs\exec\sbbsctrl.exe" = protocol=6 | dir=in | app=c:\sbbs\exec\sbbsctrl.exe |
"TCP Query User{05CAC550-1758-4BC8-A310-555D251451DD}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{07C92B94-F10A-419B-91D2-9DCB9DCCF87C}C:\program files\firefly studios\stronghold\stronghold.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe |
"TCP Query User{099F7F01-01E6-413D-A434-EE4759534E59}C:\downloads\wow-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\downloads\wow-engb-installer-downloader.exe |
"TCP Query User{0D1E569F-D027-4891-9604-DDB2C3465E97}C:\program files\soldier of fortune ii - double helix gold\sof2mp.exe" = protocol=6 | dir=in | app=c:\program files\soldier of fortune ii - double helix gold\sof2mp.exe |
"TCP Query User{0EE47BE9-636E-4B09-B0FB-BD9CEC62E2A7}C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe |
"TCP Query User{10A7F1F2-1D09-4716-9C2B-A5EFE4BF079F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{16DF888A-BE93-46D7-96A1-149C79811D31}C:\program files\microsoft games\steam\steamapps\obileo\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\team fortress 2\hl2.exe |
"TCP Query User{17685F14-6DD0-405B-A27C-D8385A141614}C:\doom2\zdaemon.exe" = protocol=6 | dir=in | app=c:\doom2\zdaemon.exe |
"TCP Query User{1798C7F5-E6E3-4BCB-8D98-EB47F94D8862}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{19704BA2-A14C-4DCA-948A-A1CD2BB8E5AA}C:\program files\autodesk\maya8.5\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya8.5\bin\maya.exe |
"TCP Query User{1C45E265-1AF8-431D-A4B6-51F1C88D5A60}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{1D4C6C32-EECB-4533-9CF5-5A837F52BA28}C:\jfsw_20051009\jfsw_20051009\sw.exe" = protocol=6 | dir=in | app=c:\jfsw_20051009\jfsw_20051009\sw.exe |
"TCP Query User{1DC4659C-B331-48BD-8E2F-B1736048941F}C:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe |
"TCP Query User{1ED61D2F-EDD3-4A58-9614-D9223F7382D0}C:\duke3d\eduke32_20060718\eduke32.exe" = protocol=6 | dir=in | app=c:\duke3d\eduke32_20060718\eduke32.exe |
"TCP Query User{1F7D5A7E-A081-4173-95F0-813B6ABA64AE}C:\program files\autodesk\maya8.5\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya8.5\bin\maya.exe |
"TCP Query User{206D4E50-79B3-45A4-9628-870766174872}C:\starcraft\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\starcraft\starcraft\starcraft.exe |
"TCP Query User{239E9CCF-9215-4B96-BAF0-1426DBD0800A}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{247D2C03-9128-4F7D-8699-F23AB2742C74}C:\program files\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files\defcon\defcon.exe |
"TCP Query User{2487538D-3705-4CEF-8BCF-1ADEBC8F8E08}C:\program files\lightningware\vme 1.2\vme manager.exe" = protocol=6 | dir=in | app=c:\program files\lightningware\vme 1.2\vme manager.exe |
"TCP Query User{25995338-A7CA-45B5-BAEB-D7F6CA0C4944}C:\program files\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe |
"TCP Query User{266576EF-7B76-4AE5-82AC-4B76E484E68D}C:\program files\tale of tales\the endless forest 3\forestviewer.exe" = protocol=6 | dir=in | app=c:\program files\tale of tales\the endless forest 3\forestviewer.exe |
"TCP Query User{303DDDF4-0784-4097-BC5C-F79E6913936F}C:\program files\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=6 | dir=in | app=c:\program files\sierra\homeworld2\bin\release\homeworld2.exe |
"TCP Query User{321ADAFB-0223-4AF0-849D-75D34FE323D2}C:\program files\microsoft games\steam\steamapps\obileo\source dedicated server\srcds.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\source dedicated server\srcds.exe |
"TCP Query User{34A888B1-D13B-4AAD-ABA6-71884E065C28}C:\program files\bomberman online international\bomberman.exe" = protocol=6 | dir=in | app=c:\program files\bomberman online international\bomberman.exe |
"TCP Query User{3610A5A6-2F9C-4D70-A1C1-E3776CE88746}C:\program files\the all-seeing eye\eye.exe" = protocol=6 | dir=in | app=c:\program files\the all-seeing eye\eye.exe |
"TCP Query User{3AA91DBF-BFEC-4670-ABC0-C4744891C60F}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{3F958250-377F-4084-BB8E-2CCD10FAEF9B}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{3F969E8F-CA5B-40F7-B5AE-62DEF224152D}C:\program files\microsoft games\steam\steamapps\obileo\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\day of defeat source\hl2.exe |
"TCP Query User{403BA200-84FE-46C7-971C-9502CD214681}C:\tools\superscan\superscan4.exe" = protocol=6 | dir=in | app=c:\tools\superscan\superscan4.exe |
"TCP Query User{40CBA0D3-7EF6-4101-82F2-AA7B64444CB1}C:\program files\microsoft games\steam\steamapps\obileo\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\half-life 2 deathmatch\hl2.exe |
"TCP Query User{4A46747C-B2F8-4B27-8437-C7C3A18EB5FD}C:\program files\autodesk\maya 8.5 personal learning edition\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya 8.5 personal learning edition\bin\maya.exe |
"TCP Query User{4E246AD5-A4F4-4868-82EA-0B81B16511F1}C:\users\laserfrog\appdata\local\temp\win2ds0.5\win2ds.exe" = protocol=6 | dir=in | app=c:\users\laserfrog\appdata\local\temp\win2ds0.5\win2ds.exe |
"TCP Query User{4F766624-1B21-4E1D-8BF0-436C627B59E4}C:\program files\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files\defcon\defcon.exe |
"TCP Query User{52358430-41A3-4D0B-830E-67DAAC967A3B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5B04B43D-90E1-436E-8901-5E87BD381FBA}C:\emulators\nes\nesterj\nesterj.exe" = protocol=6 | dir=in | app=c:\emulators\nes\nesterj\nesterj.exe |
"TCP Query User{5DFCBAC0-395D-4DA2-BB75-324CEDC59E4A}C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |
"TCP Query User{6219CE5B-F4CD-4F2C-AECA-9C0D71B8C7FE}C:\games\motocross madness 2\mcm2.exe" = protocol=6 | dir=in | app=c:\games\motocross madness 2\mcm2.exe |
"TCP Query User{660B54F7-C1E6-4AAD-B760-74556956006F}C:\program files\ioquake3\ioquake3.x86.exe" = protocol=6 | dir=in | app=c:\program files\ioquake3\ioquake3.x86.exe |
"TCP Query User{672C6BEF-01CA-4CBF-A9B8-CF0E2ECA2545}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=6 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe |
"TCP Query User{672DEDC8-6E8D-44F1-9D3A-67CC8BD15CA4}C:\quake3\q3a\quake3.exe" = protocol=6 | dir=in | app=c:\quake3\q3a\quake3.exe |
"TCP Query User{69B019E8-9E9A-4EC8-820B-C219FAA21E80}C:\doom2\connector\connector.exe" = protocol=6 | dir=in | app=c:\doom2\connector\connector.exe |
"TCP Query User{6A473378-D34C-43B1-854D-ABB38666620F}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{6E9B0D16-5AF4-42CB-92E1-EB5FC12979D3}C:\downloads\my_tools_is_lost\my_tools_is_lost\lost via domus ripforgames\lost via domus ripforgames\yeti_final_win32.exe" = protocol=6 | dir=in | app=c:\downloads\my_tools_is_lost\my_tools_is_lost\lost via domus ripforgames\lost via domus ripforgames\yeti_final_win32.exe |
"TCP Query User{6FF28816-C7B3-4458-8CD3-CE517AABFE67}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{743052FC-9EF5-4ACB-9958-71BD88018E0C}C:\games\halo\halo custom edition\haloce.exe" = protocol=6 | dir=in | app=c:\games\halo\halo custom edition\haloce.exe |
"TCP Query User{747A1C6B-AC45-4D4F-9F2F-86F0A58BAE75}C:\duke3d\jfduke3d_20051009\duke3d.exe" = protocol=6 | dir=in | app=c:\duke3d\jfduke3d_20051009\duke3d.exe |
"TCP Query User{75FB78D3-3042-41A9-9C77-52340ED5E10A}C:\users\laserfrog\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\laserfrog\program files\utorrent\utorrent.exe |
"TCP Query User{79D9AA77-BFD2-41A2-BD1E-C212BF688471}F:\program files\call of duty game of the year edition\coduomp.exe" = protocol=6 | dir=in | app=f:\program files\call of duty game of the year edition\coduomp.exe |
"TCP Query User{83FCB6C0-B6FD-4F1D-8054-FA8616F4DDDE}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"TCP Query User{87CAB36A-A1DF-4AC6-8CCC-ABFCC476A934}C:\program files\eagletron\trackercam\eyewdm.exe" = protocol=6 | dir=in | app=c:\program files\eagletron\trackercam\eyewdm.exe |
"TCP Query User{8A71242B-0A31-41A5-9D9C-3BF3290A83FC}C:\program files\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\tightvnc\winvnc.exe |
"TCP Query User{8E74E181-6E63-4452-A4B5-B72661426EC9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8EF7DD61-178C-464B-8E7B-D3BBC81BCD2D}F:\games\ai war\aiwar.exe" = protocol=6 | dir=in | app=f:\games\ai war\aiwar.exe |
"TCP Query User{923F2BCC-BD89-4FA2-9284-8A70579541DC}C:\program files\activision\star trek away team\star trek.exe" = protocol=6 | dir=in | app=c:\program files\activision\star trek away team\star trek.exe |
"TCP Query User{92B044F0-6D55-4788-9929-015F00DE9E0A}C:\program files\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"TCP Query User{935C66F8-7041-4F60-9344-839A12290433}C:\program files\vibestreamer\vibestreamer.exe" = protocol=6 | dir=in | app=c:\program files\vibestreamer\vibestreamer.exe |
"TCP Query User{95B1F72F-6DBE-4D20-A668-812CE8D70EEB}C:\program files\microsoft games\steam\steamapps\obileo\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\garrysmod\hl2.exe |
"TCP Query User{9864D5E9-0DF9-49C5-A960-67964E15FF1F}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"TCP Query User{9A7824A7-00A3-4465-A914-FFC6DEF52326}C:\program files\microsoft games\steam\steamapps\obileo\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\source sdk base\hl2.exe |
"TCP Query User{9BE73860-1DE9-4D1D-829E-9AFF7AA53157}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{9F41CDA9-551C-4795-A2AA-1492A2A04338}C:\program files\electronic arts\command & conquer 3\retailexe\1.6\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.6\cnc3game.dat |
"TCP Query User{9F5E048D-FD86-4B84-85A3-2D2C74519B23}C:\program files\microsoft games\steam\steamapps\obileo\half-life 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\half-life 2\hl2.exe |
"TCP Query User{A4D25FA2-C072-4213-84D1-72CDAA56D65A}C:\quake ii\quake2.exe" = protocol=6 | dir=in | app=c:\quake ii\quake2.exe |
"TCP Query User{ABF5345D-CE4A-4606-A21E-EFEC276B5837}C:\program files\world in conflict - closed mp beta\wic.exe" = protocol=6 | dir=in | app=c:\program files\world in conflict - closed mp beta\wic.exe |
"TCP Query User{AC0562D1-7554-4B6D-9ECE-5CB055B1BB80}C:\program files\winamp remote\bin\orb.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"TCP Query User{AD6F945C-9395-4F9C-9D09-D2DC74CA66DB}C:\program files\robot arena 2\robot arena 2.exe" = protocol=6 | dir=in | app=c:\program files\robot arena 2\robot arena 2.exe |
"TCP Query User{ADC37526-4202-4695-8705-F7F59CD1DB63}C:\program files\windows media components\encoder\wmenc.exe" = protocol=6 | dir=in | app=c:\program files\windows media components\encoder\wmenc.exe |
"TCP Query User{B036B6C3-C9CF-4249-9CFB-2A33F12C922D}C:\quake ii\quake2.exe" = protocol=6 | dir=in | app=c:\quake ii\quake2.exe |
"TCP Query User{B2269683-7119-4445-BE4F-4B72A4CB5B56}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{B300F5DD-9D33-4D24-A544-0A1D9E06160E}C:\program files\microsoft games\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steam.exe |
"TCP Query User{B617728A-667D-4C70-AF51-6D6C25724E69}C:\program files\octoshape streaming services\laserfrog\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\program files\octoshape streaming services\laserfrog\octoshapeclient.exe |
"TCP Query User{B7E2BB61-4C08-4B54-86D1-9C2BD5E2B704}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{B9978892-4358-47B3-8772-DD0FC31CBCCC}C:\program files\microsoft games\steam\steamapps\obileo\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\day of defeat source\hl2.exe |
"TCP Query User{C628912F-A1F4-4228-B42B-CC60C48DAC44}C:\program files\microsoft games\steam\steamapps\obileo\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\counter-strike source\hl2.exe |
"TCP Query User{C6FA549D-CC03-4FBA-9FAA-7D9B77D1DA0C}C:\program files\microsoft games\steam\steamapps\obileo\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\garrysmod\hl2.exe |
"TCP Query User{C9938D9D-B237-4FFC-974F-0571A6ACF083}C:\program files\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\media player classic\mplayerc.exe |
"TCP Query User{CE306B08-EC38-47BF-A104-7C6646911D8D}F:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=f:\program files\thq\company of heroes\bugreport\bugreport.exe |
"TCP Query User{D2258A44-A8E1-474B-BA4F-4237FDF5AC56}C:\warsow_0.31_windows\warsow.exe" = protocol=6 | dir=in | app=c:\warsow_0.31_windows\warsow.exe |
"TCP Query User{D27382B2-C264-4608-BB6A-A002C58317C9}C:\users\laserfrog\myspacemp3gopher.exe" = protocol=6 | dir=in | app=c:\users\laserfrog\myspacemp3gopher.exe |
"TCP Query User{D5A22967-ECE2-42F7-89E6-BED23704560F}C:\program files\microsoft games\fear\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\fear\fpupdate.exe |
"TCP Query User{D5A39FD0-8EE8-4A11-9EDB-E279B539C847}C:\swp\swp.exe" = protocol=6 | dir=in | app=c:\swp\swp.exe |
"TCP Query User{D5EF0864-D410-4378-9F9D-2184CE14D672}C:\blockland\blockland.exe" = protocol=6 | dir=in | app=c:\blockland\blockland.exe |
"TCP Query User{D61AE334-EF55-40DB-8485-2E7579BF4AFA}C:\doom2\zlauncher.exe" = protocol=6 | dir=in | app=c:\doom2\zlauncher.exe |
"TCP Query User{D88DA42D-86D7-4B1D-92C3-9F68B24C3909}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{D8D82599-3FB4-4EC2-BE48-78EF7202B31C}C:\doom2\zlauncher.exe" = protocol=6 | dir=in | app=c:\doom2\zlauncher.exe |
"TCP Query User{DA6E89B4-A227-4E64-B8A1-54D492ECA947}C:\program files\microsoft games\steam\steamapps\obileo\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\source sdk base\hl2.exe |
"TCP Query User{DAE5A643-14CF-4BBB-8AED-601C3ED79C84}C:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe |
"TCP Query User{DB53B959-CE0B-4EA0-BA8C-4DFA3D673081}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"TCP Query User{DFAD3F02-81C2-4DB9-941C-409F3ED8F2CE}C:\program files\firefly studios\stronghold\stronghold.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe |
"TCP Query User{E254FD2C-E095-445C-A5F6-C926F171CDD6}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{E2856F61-CA89-4F46-821B-C80D2F2B51F1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E38A6116-BE98-4B8F-8269-C7441BEA8D57}C:\duke3d\jfduke3d_20051009\duke3d.exe" = protocol=6 | dir=in | app=c:\duke3d\jfduke3d_20051009\duke3d.exe |
"TCP Query User{E43FA6DC-B4F7-461C-8BC1-4661AE6D1C98}C:\program files\vibestreamer\vibestreamer.exe" = protocol=6 | dir=in | app=c:\program files\vibestreamer\vibestreamer.exe |
"TCP Query User{E47DAFBD-72C2-40D2-9D5E-9DEAB48D2FA6}C:\program files\winamp remote\bin\orbir.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"TCP Query User{E7E98CA4-91D0-4EA8-8D5D-C31F48420C65}C:\program files\microsoft games\steam\steamapps\obileo\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\counter-strike source\hl2.exe |
"TCP Query User{E8259230-7E24-40CF-933F-6B5070D838E7}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds.exe |
"TCP Query User{ECAAF41C-5141-49D3-BC31-AC519B8837A4}C:\users\laserfrog\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\laserfrog\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{EE320DE9-8393-4885-B27D-7C7441E51D66}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{EEEF64ED-B893-40F4-8382-12F7058A4BC5}C:\users\laserfrog\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\laserfrog\program files\utorrent\utorrent.exe |
"TCP Query User{F017AEAA-9852-4D36-A8A5-E024E6B2A364}C:\program files\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"TCP Query User{F245C0DC-4680-4D23-BAA4-34C48BA94700}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{F53B5718-05B8-44F3-B46A-D50405386DB6}C:\doom2\zserv32.exe" = protocol=6 | dir=in | app=c:\doom2\zserv32.exe |
"TCP Query User{F916D6B8-70C3-4B80-8CE9-653B656EFE76}C:\blockland\blockland.exe" = protocol=6 | dir=in | app=c:\blockland\blockland.exe |
"UDP Query User{047A8E01-ABA3-4D13-956C-F931D0031F1C}C:\program files\robot arena 2\robot arena 2.exe" = protocol=17 | dir=in | app=c:\program files\robot arena 2\robot arena 2.exe |
"UDP Query User{05C5FDE1-A81E-454F-B8A5-29A30470C8FD}C:\program files\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\tightvnc\winvnc.exe |
"UDP Query User{09BA1560-D711-44AF-99CF-30376CB38D5F}C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe |
"UDP Query User{0C91E105-E0B4-4DF7-9F1C-B0088F0292AB}C:\downloads\wow-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\downloads\wow-engb-installer-downloader.exe |
"UDP Query User{11A6BC13-1720-4A87-BA00-1AC89E9AB659}C:\program files\ioquake3\ioquake3.x86.exe" = protocol=17 | dir=in | app=c:\program files\ioquake3\ioquake3.x86.exe |
"UDP Query User{138A2BED-3426-43F1-B867-5A8A7A58DC8F}C:\program files\microsoft games\steam\steamapps\obileo\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\half-life 2 deathmatch\hl2.exe |
"UDP Query User{1549A59A-58B8-4019-B707-68E6618944FA}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{1875A4FA-708B-4BCD-A861-5C86589ACC92}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{19014CE1-E7B7-4BE7-B9EF-11E82116B386}F:\program files\call of duty game of the year edition\coduomp.exe" = protocol=17 | dir=in | app=f:\program files\call of duty game of the year edition\coduomp.exe |
"UDP Query User{1A2498E2-28EC-443D-B70E-04A8B9228F91}C:\program files\microsoft games\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steam.exe |
"UDP Query User{1F3368C2-53BD-4A3A-8772-E6B2A37C4F3C}C:\quake ii\quake2.exe" = protocol=17 | dir=in | app=c:\quake ii\quake2.exe |
"UDP Query User{2489067F-F03A-4F3D-9919-F9AA8256C827}C:\games\halo\halo custom edition\haloce.exe" = protocol=17 | dir=in | app=c:\games\halo\halo custom edition\haloce.exe |
"UDP Query User{24C78CAA-C520-49A7-8F95-373BA8D59E47}C:\program files\microsoft games\steam\steamapps\obileo\source dedicated server\srcds.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\source dedicated server\srcds.exe |
"UDP Query User{2616ED02-BC63-42CC-97B9-D755C185B6F3}C:\quake3\q3a\quake3.exe" = protocol=17 | dir=in | app=c:\quake3\q3a\quake3.exe |
"UDP Query User{264009FD-15C5-4646-AF26-A0757135BECE}C:\duke3d\jfduke3d_20051009\duke3d.exe" = protocol=17 | dir=in | app=c:\duke3d\jfduke3d_20051009\duke3d.exe |
"UDP Query User{2A378AB3-275D-42F5-9B49-787554B754CB}C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |
"UDP Query User{2AA11F2C-5F69-4361-8866-82923D121235}C:\program files\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe |
"UDP Query User{2D72E42B-4B07-418F-ACFE-3D9085BA9EFB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2F75D739-94C3-4C94-9017-D784C73E5A3D}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{2FC6D082-3513-478E-AF15-A798BF0C87CD}C:\program files\bomberman online international\bomberman.exe" = protocol=17 | dir=in | app=c:\program files\bomberman online international\bomberman.exe |
"UDP Query User{35623306-C2E4-465E-99DB-8FCE288C0FA5}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{35BDCE3A-652F-40E7-B006-2A9A95F337A0}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{35E4D84B-39FF-4DA4-A811-7899C6C15933}C:\doom2\zlauncher.exe" = protocol=17 | dir=in | app=c:\doom2\zlauncher.exe |
"UDP Query User{35EFF26D-C65F-465A-A5A5-17003D166AF6}C:\program files\world in conflict - closed mp beta\wic.exe" = protocol=17 | dir=in | app=c:\program files\world in conflict - closed mp beta\wic.exe |
"UDP Query User{3622E121-A609-406D-A4F4-4B9F726AE934}C:\users\laserfrog\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\laserfrog\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{3795A080-6704-4D13-9FEF-2613AF2FDD55}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{3EC082FA-6567-464E-AB0E-CD6717259C3E}C:\program files\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"UDP Query User{42C18610-B9D4-4DFD-A134-ADF1E017E12F}C:\doom2\zserv32.exe" = protocol=17 | dir=in | app=c:\doom2\zserv32.exe |
"UDP Query User{44BBFF35-EC3F-4B95-AE14-89EC1B47FC4E}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds.exe |
"UDP Query User{4D5B1B52-20D6-4720-A7E0-9C90F1A5F050}C:\downloads\my_tools_is_lost\my_tools_is_lost\lost via domus ripforgames\lost via domus ripforgames\yeti_final_win32.exe" = protocol=17 | dir=in | app=c:\downloads\my_tools_is_lost\my_tools_is_lost\lost via domus ripforgames\lost via domus ripforgames\yeti_final_win32.exe |
"UDP Query User{4F1B6732-4416-4FC8-A2BA-E7AC6A0DF2CE}C:\program files\microsoft games\steam\steamapps\obileo\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\day of defeat source\hl2.exe |
"UDP Query User{4FF4CF83-86B0-4DEC-BD67-289ADDFFC6F3}C:\swp\swp.exe" = protocol=17 | dir=in | app=c:\swp\swp.exe |
"UDP Query User{5220AA07-3022-4B8E-B655-A248978501A1}C:\doom2\connector\connector.exe" = protocol=17 | dir=in | app=c:\doom2\connector\connector.exe |
"UDP Query User{5743D936-2B3C-40D3-AA74-201973DEEF24}C:\program files\microsoft games\steam\steamapps\obileo\half-life 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\half-life 2\hl2.exe |
"UDP Query User{5765CE20-B4FC-4E40-BDE8-52615367D1AA}C:\duke3d\eduke32_20060718\eduke32.exe" = protocol=17 | dir=in | app=c:\duke3d\eduke32_20060718\eduke32.exe |
"UDP Query User{577FF45B-18C5-48DA-BF1E-043089C32CB1}C:\program files\microsoft games\fear\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\fear\fpupdate.exe |
"UDP Query User{59CA7FCD-BE6F-4D94-B2EA-93882A281460}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{59EE4093-0265-47F4-807A-8B7E9505ED55}C:\blockland\blockland.exe" = protocol=17 | dir=in | app=c:\blockland\blockland.exe |
"UDP Query User{5AD2D42C-7F2D-4FC1-8F4E-2E827F7BEC19}C:\program files\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=17 | dir=in | app=c:\program files\sierra\homeworld2\bin\release\homeworld2.exe |
"UDP Query User{6137F6E7-6FD7-46B3-BBBA-DEC8B77D260B}C:\doom2\zlauncher.exe" = protocol=17 | dir=in | app=c:\doom2\zlauncher.exe |
"UDP Query User{6221FA5E-CE5A-4924-B586-98B080444B5E}F:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=f:\program files\thq\company of heroes\bugreport\bugreport.exe |
"UDP Query User{6481EB33-72AF-419E-9D3F-169A16820257}C:\program files\windows media components\encoder\wmenc.exe" = protocol=17 | dir=in | app=c:\program files\windows media components\encoder\wmenc.exe |
"UDP Query User{663BA4BC-46DE-4E2A-93A8-0C62DC875F6D}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{6ACD8665-0391-46D6-A5F0-454DC02889EB}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{6EC516F0-FA49-4DC0-AC84-6981C66C5885}C:\program files\microsoft games\steam\steamapps\obileo\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\counter-strike source\hl2.exe |
"UDP Query User{6F132715-16CF-4118-9ADF-8FDECA366D02}C:\program files\microsoft games\steam\steamapps\obileo\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\garrysmod\hl2.exe |
"UDP Query User{70F5E6DF-3851-4595-89CA-134ECDA1633A}C:\program files\autodesk\maya 8.5 personal learning edition\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya 8.5 personal learning edition\bin\maya.exe |
"UDP Query User{7508BDB3-4150-44C9-8C17-46663ADBE78B}C:\program files\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files\defcon\defcon.exe |
"UDP Query User{793925A9-9C6F-4894-8D71-8C04ED112165}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"UDP Query User{79BDAD82-E585-4A79-B982-3778938AA091}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{7B088379-44B5-4E43-B7F7-FBB4952EDBCF}C:\emulators\nes\nesterj\nesterj.exe" = protocol=17 | dir=in | app=c:\emulators\nes\nesterj\nesterj.exe |
"UDP Query User{7B552D64-2891-4243-8255-5973BA14354A}C:\program files\firefly studios\stronghold\stronghold.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe |
"UDP Query User{85C0C956-8925-423D-861E-13987CAB64D6}C:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe |
"UDP Query User{87F4E584-8209-4CDC-82FB-E998AB74E94B}C:\program files\autodesk\maya8.5\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya8.5\bin\maya.exe |
"UDP Query User{8AA2EC52-53CE-4A5C-8BE0-FA8CB769EE01}C:\program files\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"UDP Query User{8C0163A8-220A-4D1B-A092-E9E25CD259FA}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{9031952A-CFF1-4FE6-980D-9872E2AE4AC3}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{915157D0-CA01-47AB-9087-44B7A9C0D2E8}C:\quake ii\quake2.exe" = protocol=17 | dir=in | app=c:\quake ii\quake2.exe |
"UDP Query User{932022D5-E39F-4FB1-9CC3-7811C98EC8A3}C:\games\motocross madness 2\mcm2.exe" = protocol=17 | dir=in | app=c:\games\motocross madness 2\mcm2.exe |
"UDP Query User{944470D8-1FED-4306-BB3F-C79236BA80C0}C:\program files\vibestreamer\vibestreamer.exe" = protocol=17 | dir=in | app=c:\program files\vibestreamer\vibestreamer.exe |
"UDP Query User{95D241AF-93EC-4861-B007-0B9116AA7D39}C:\program files\winamp remote\bin\orb.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"UDP Query User{9AB44A26-494E-44F7-8EFD-09CBEF892C7F}C:\program files\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\media player classic\mplayerc.exe |
"UDP Query User{A1092BEF-E190-426D-8F4E-4523C180FA47}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A2524A16-9085-4804-959E-77185D2C12BB}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{A2568DC8-4717-444B-9482-E8C2A3F78011}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{A36AC3B6-3F4A-402C-B87D-FE61321B71D9}C:\blockland\blockland.exe" = protocol=17 | dir=in | app=c:\blockland\blockland.exe |
"UDP Query User{A461C741-3E6C-4E49-B1F3-F807C57E895C}C:\program files\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files\defcon\defcon.exe |
"UDP Query User{A710EF6E-E066-4DB8-971D-E3F577E4B9B7}C:\starcraft\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\starcraft\starcraft\starcraft.exe |
"UDP Query User{A8646AA2-5C53-4892-9DE5-FAFB6FB09532}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{AE1CE5E4-8916-416E-893A-029D802432DC}C:\program files\microsoft games\steam\steamapps\obileo\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\day of defeat source\hl2.exe |
"UDP Query User{AE8B392A-6F58-433F-BF05-B23910E43983}C:\program files\activision\star trek away team\star trek.exe" = protocol=17 | dir=in | app=c:\program files\activision\star trek away team\star trek.exe |
"UDP Query User{B3E13495-379B-481E-AB93-965E3661CE63}C:\jfsw_20051009\jfsw_20051009\sw.exe" = protocol=17 | dir=in | app=c:\jfsw_20051009\jfsw_20051009\sw.exe |
"UDP Query User{B586C6B5-93FC-40CD-9521-BD3CFAF1CEB6}C:\program files\soldier of fortune ii - double helix gold\sof2mp.exe" = protocol=17 | dir=in | app=c:\program files\soldier of fortune ii - double helix gold\sof2mp.exe |
"UDP Query User{BC0C5C60-78F9-4886-BE92-DA905E3649B9}F:\games\ai war\aiwar.exe" = protocol=17 | dir=in | app=f:\games\ai war\aiwar.exe |
"UDP Query User{BD7C1361-76D2-4663-BFF4-348C925DA98E}C:\program files\tale of tales\the endless forest 3\forestviewer.exe" = protocol=17 | dir=in | app=c:\program files\tale of tales\the endless forest 3\forestviewer.exe |
"UDP Query User{BEEB3F83-9B24-4D16-8CEA-3FCCC560A17B}C:\program files\microsoft games\steam\steamapps\obileo\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\garrysmod\hl2.exe |
"UDP Query User{BF4E34F4-037C-456A-AEE1-9FB1F024217D}C:\program files\the all-seeing eye\eye.exe" = protocol=17 | dir=in | app=c:\program files\the all-seeing eye\eye.exe |
"UDP Query User{BFA63259-D5F4-4EFE-991A-A92DD1700EFA}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{C76777C1-6CD0-4504-A587-2A56C8FFF1D1}C:\program files\firefly studios\stronghold\stronghold.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe |
"UDP Query User{C9F90CAB-8732-45CA-BB54-67E07DDE7B09}C:\users\laserfrog\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\laserfrog\program files\utorrent\utorrent.exe |
"UDP Query User{D1A504A7-32D1-4A87-94BB-870564D37751}C:\duke3d\jfduke3d_20051009\duke3d.exe" = protocol=17 | dir=in | app=c:\duke3d\jfduke3d_20051009\duke3d.exe |
"UDP Query User{D345EB73-E89D-4B83-9EB6-7A387FC8656F}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=17 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe |
"UDP Query User{D56EA9D1-3B6A-4724-8CDD-AD4A33EF9107}C:\program files\lightningware\vme 1.2\vme manager.exe" = protocol=17 | dir=in | app=c:\program files\lightningware\vme 1.2\vme manager.exe |
"UDP Query User{D6FF91DD-B4C6-4AD8-BCBF-96C1D47585FA}C:\program files\microsoft games\steam\steamapps\obileo\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\team fortress 2\hl2.exe |
"UDP Query User{D85EE55C-6229-4772-937D-62DDD38F1395}C:\sbbs\exec\sbbsctrl.exe" = protocol=17 | dir=in | app=c:\sbbs\exec\sbbsctrl.exe |
"UDP Query User{D91332E3-ED36-4F5C-8744-0ECA1F7773B5}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{DB97402C-7F54-4837-B33C-078E37B3E56F}C:\program files\electronic arts\command & conquer 3\retailexe\1.6\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.6\cnc3game.dat |
"UDP Query User{DCEB2EAA-2E91-43D9-9055-0E75B0EA65E2}C:\program files\vibestreamer\vibestreamer.exe" = protocol=17 | dir=in | app=c:\program files\vibestreamer\vibestreamer.exe |
"UDP Query User{E2D26A08-91F1-4086-9CFF-09F8CF85952C}C:\doom2\zdaemon.exe" = protocol=17 | dir=in | app=c:\doom2\zdaemon.exe |
"UDP Query User{E605EE04-138E-4928-9FC4-355EA3A08A3F}C:\program files\autodesk\maya8.5\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya8.5\bin\maya.exe |
"UDP Query User{E7E90645-5689-4B6F-AF1E-BF15FCA644A1}C:\warsow_0.31_windows\warsow.exe" = protocol=17 | dir=in | app=c:\warsow_0.31_windows\warsow.exe |
"UDP Query User{EB0F1308-CAD8-4042-AB49-8AE1ED510F10}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"UDP Query User{EDAD784B-D934-45BC-8286-D8B70326E97C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EFC7BD03-DA5E-4EBD-93CD-75EEBB0EA9DC}C:\tools\superscan\superscan4.exe" = protocol=17 | dir=in | app=c:\tools\superscan\superscan4.exe |
"UDP Query User{F0C94076-4BB0-4926-B6ED-D34C2AF2D19D}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{F1C44FDD-C5BE-4757-B7F7-842E8669982D}C:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe |
"UDP Query User{F1FDA071-18DB-4715-B06D-4ECC176C4CE8}C:\program files\microsoft games\steam\steamapps\obileo\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\source sdk base\hl2.exe |
"UDP Query User{F1FF270C-E5BF-4E4B-B64D-965115B362FF}C:\users\laserfrog\appdata\local\temp\win2ds0.5\win2ds.exe" = protocol=17 | dir=in | app=c:\users\laserfrog\appdata\local\temp\win2ds0.5\win2ds.exe |
"UDP Query User{F42AFEFF-81B9-42CA-87F8-CCBF976D1207}C:\users\laserfrog\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\laserfrog\program files\utorrent\utorrent.exe |
"UDP Query User{F4C9A669-133D-4E6A-A992-B0467A8770DD}C:\program files\winamp remote\bin\orbir.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"UDP Query User{F8E78D44-CE70-4B83-A1AC-E76829E1BD3F}C:\program files\microsoft games\steam\steamapps\obileo\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\counter-strike source\hl2.exe |
"UDP Query User{FB134D14-8B72-407C-8023-F0160024C165}C:\program files\octoshape streaming services\laserfrog\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\program files\octoshape streaming services\laserfrog\octoshapeclient.exe |
"UDP Query User{FD5E1CA4-22E6-4A70-B7B9-A9BD4AE599CA}C:\program files\microsoft games\steam\steamapps\obileo\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\steam\steamapps\obileo\source sdk base\hl2.exe |
"UDP Query User{FDC587C9-A277-451A-9AFC-FFBAD0304385}C:\program files\eagletron\trackercam\eyewdm.exe" = protocol=17 | dir=in | app=c:\program files\eagletron\trackercam\eyewdm.exe |
"UDP Query User{FFCDE9DF-5B6D-487B-AC7F-3F34C545DC22}C:\users\laserfrog\myspacemp3gopher.exe" = protocol=17 | dir=in | app=c:\users\laserfrog\myspacemp3gopher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{036AE90B-3974-488B-A0F2-BB9D9A72E420}" = Sci-Fi Voice Pack
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0A9D0652-CFD9-4101-BB28-BC33BEC80982}_is1" = WinTex 5.0
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}" = InterLok Driver Kit
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236479EE-1E63-59DC-8E6B-293A393A135F}" = Catalyst Control Center InstallProxy
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{28C74612-2C48-4421-BF67-3949CD90748E}" = Autodesk DirectConnect 2.0
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A8A598F-A5EC-4262-BA00-A56DC054549A}" = Fiesta
"{2B7B47E1-B482-4D3A-ABFD-2FF8E077ECA6}" = SmartFTP Client
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2D1D14F6-73BD-4A28-AF93-93B803E92046}" = Battlestar Galactica
"{2D8ECB5E-9F6C-4332-AEE6-0E4EE1DEC926}" = Maya 8.5 Personal Learning Edition
"{2DE38C17-DD7E-41BA-88BC-0A2387D29657}" = Lively by Google
"{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009
"{362F8AC6-4EA5-C5AC-ED7E-1F49F0EE20D5}" = TweetDeck
"{39983924-B3B5-44FB-8DCD-F32D3ACF8D77}" = ItalySomaUniteFull
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters ™: The Video Game
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3
"{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes versus Jack the Ripper
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46A5311D-1455-40A2-BA02-0F3AD4259301}" = Kwizmaker
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4BCB0CBD-BCCF-4C6E-BD9C-EBF28A169FB2}" = SomaDev Test Server
"{4C19E771-BCE2-4303-8866-3770BCB7BC21}" = Fantasy Voice Pack
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{51AA8C3F-B316-44A8-B371-4BB6047E45DF}" = WSC Real 09
"{522BFF73-EA5D-4D33-885C-0B52F372FBB7}" = Ten Thumbs 4.1
"{523E58C7-6265-4C94-9A60-7A2B8D857E92}" = AI War
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{53C92981-4972-11D6-A947-F895376BBB42}" = Pro Motion 5 Manual
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{556EEE74-6788-4292-8252-8B17E2C7952A}" = Photosynth 2.0.1403.5
"{55D6F188-6B54-45E1-8EE5-C80FAB383005}" = PDC World Championship Darts
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{57EF5EE1-E32B-4EDE-9D50-3A82126800EE}" = Batman: Arkham Asylum Demo
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FD22739-D4AD-4AAA-9161-AC19DB4B2313}_is1" = Death to Spies (Remove Only)
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A829DA3-E377-4BC0-938F-F453C6BB3F67}" = Maya 8.5 Personal Learning Edition Documentation (en_US)
"{6B2C675E-8040-431B-99C4-137DF4FBF75A}" = Thermal Analysis Tool
"{6D2A44E0-8C7C-47FD-B5AF-7F4857A3EF98}_is1" = Continuum
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{783E0AD7-C128-4398-9F74-99D3EFF2875D}" = Deep Space Nine The Fallen
"{784E6B0F-00EC-4950-95A2-BBA64F44EC48}" = Camtasia Studio 5
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{79F41FC6-07F9-47C2-BBAC-37C7C70EE703}" = MCEBrowser
"{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}" = Virtual Pool 3 DL
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{81525B87-9344-4834-883C-C6A9D78EA1DF}" = Maya 8.5 Documentation (en_US)
"{8160FD56-151C-440B-B2CD-21C3D3E97EB7}" = VLADescu
"{818FB39B-1A57-4F1B-A54D-391C33D6C596}" = Tropico
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{831FE36D-A720-4E0D-A229-84DC8B304591}" = Jakes Alarm Clock
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8BE47CAE-466C-4A12-AA62-3E3A1762DE87}" = Digidesign Pro Tools LE 7.0
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C1877F6E-C1C8-486D-A697-86431029690C}" = Microsoft Office Project 2007 Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{EA35370F-586C-45E1-AC6C-A4E275C6B762}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{75EC8FFC-B913-4991-B3A1-22576D2FC45D}" = Microsoft Office Project 2007 Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92B43A6F-E328-495A-ACFA-FC47C1B7215D}" = Digidesign Shared Plug-Ins 7.0
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{93943AFC-545B-415D-BB5A-E60BF2363D73}_is1" = TrackerCam ver. 5.3.0.17
"{93EE3C83-725F-4EA4-891A-CD6B019FCDC1}" = Xenon 2000 - Project PCF
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}" = Myst IV - Revelation
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{97C4F970-C753-443F-B61C-525C739BBC3D}" = Maya 2009 Documentation (en_US)
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5}" = Enter the Matrix
"{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}" = Maya 8.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5B5B6D8-DE44-44A3-90C4-8C07A1E0FAD4}" = WBFS Manager 2.5
"{A7B9D802-94C0-4AF3-88F6-3D71C935F385}" = EMU7800
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAB1B719-79D5-4EC0-A41B-76E197F3BA44}_is1" = Little Big Adventure for Windows 0.8.1
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C541EEFC-49B0-4976-80DB-4D5B78B50114}" = MorphVOX Pro
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C83E06FB-DE86-48B6-B02E-0BF8445BDFA3}" = Infocom Universe Bootleg Setup Part 1
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC86F12A-A9DB-4F71-8D60-2FA1ACECE51B}" = Legend of mir 3
"{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1" = Majesty 2: The Fantasy Kingdom Sim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D3F0CC05-91DF-403D-9B4B-B612CA5C10D0}" = Belkin 54Mbps Wireless USB Network Adapter
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Library
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DB219559-1F78-4343-9A6E-C2E987AD47A3}" = Bionic Commando Rearmed
"{DB42270E-B4CA-7457-3D2B-E0B46AAEF819}" = twhirl
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0F07676-2C60-4465-A727-20DE3BFCABAC}" = Tony Hawks Pro Skater 4
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}" = Free Bomb Factory Plug-Ins 7.0
"{E1C256F5-58C6-44E9-939A-E1189C8126E2}" = Google SketchUp Pro 7
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E830195F-E242-4DC9-87A3-E711503CF3DF}_is1" = Doom Connector 3.5
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}" = Opera 9.23
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Creature Creator Trial Edition
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F20AE04A-3FDC-4A14-A90B-85DEE2812030}" = Sam & Max Season 1
"{F41C11EC-7C13-47A7-A07C-251D96EC3879}" = Broken Sword - The Angel of Death
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF0AB597-3396-46DB-85CA-9EAEDF5F1590}" = STREET FIGHTER IV BENCHMARK
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.03.800
"AC3Filter" = AC3Filter (remove only)
"Action Replay XBOX_is1" = Action Replay XBOX 1.42
"Activision_StarTrekArmadaUninstallKey" = Star Trek: Armada
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Age of Wonders" = Age of Wonders
"AIMP2" = AIMP2
"Antares Auto-Tune v4.39" = Antares Auto-Tune v4.39
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"Anti-Blaxx_is1" = Anti-Blaxx 1.18
"Antinat" = Antinat
"Ares" = Ares 2.0.8
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.0
"Avidemux 2.4" = Avidemux 2.4
"AviSynth" = AviSynth 2.5
"Blade Runner_is1" = Blade Runner
"Blockland" = Blockland
"Broken Sword" = Broken Sword
"camcodec" = CamStudio Lossless Codec
"CamStudio" = CamStudio
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Carom3D" = Carom3D
"CCleaner" = CCleaner (remove only)
"CDisplayEx_is1" = CDisplayEx 1.4
"Cinergy Script Editor" = Cinergy Script Editor
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Continuum_is1" = Continuum 0.40
"Convergence" = Convergence
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51
"CrossLoop_is1" = CrossLoop 2.10
"Darkest of Days_is1" = Raven Squad
"Death to Spies Moment of Truth_is1" = Death to Spies Moment of Truth
"Defcon_is1" = Defcon Patch 1.43
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dofus 1.28.0" = Dofus 1.28.0
"Doom Builder 2_is1" = Doom Builder 2.0
"DreamWorks Interactive: Trespasser" = Trespasser
"DriverCD" = DriverCD
"DVD Shrink_is1" = DVD Shrink 3.2
"DX-Ball 1.09" = DX-Ball 1.09
"EAX Unified" = EAX Unified
"EMS USB Joypad2" = EMS USB Joypad2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout" = Fallout
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"FileZilla Client" = FileZilla Client 3.0.3
"FL Studio 8" = FL Studio 8
"FL Studio_is1" = FL Studio v7.0
"FlashGet" = FlashGet 1.8.2.1002
"FlashGet(JetCar)" = FlashGet v1.8.2.1002en - with FlashGit RS v2.76
"FlashGit" = FlashGit RS v2.76
"FlatBed Scanner" = FlatBed Scanner
"FLVPlayer" = FLV Player 1.3.3
"Football Manager 2008" = Football Manager 2008
"Fraps" = Fraps (remove only)
"FreeSpace2" = FreeSpace 2
"GameSpy Arcade" = GameSpy Arcade
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"GLtron_is1" = GLtron version 0.70
"GoldenEye Source" = GoldenEye: Source - HalfLife 2 Mod
"Grafx2 Windows_is1" = Grafx2 Windows Version 0.96.5
"Grafx2-SDL" = GrafX2 (GNU GPL)
"Hamachi" = Hamachi 1.0.3.0
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"Homeworld2" = Homeworld2
"htmltdb3.exe" = TADS 3 Author's Kit
"HyperCam 2" = HyperCam 2
"IL Download Manager" = IL Download Manager
"Indeo® Software" = Indeo® Software
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - The Stetchkov Syndicate
"InstallShield_{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"InternetCalls_is1" = InternetCalls
"KeyNote_is1" = KeyNote 1.6.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.88 Basic
"Korg Legacy Collection v1.1.10" = Korg Legacy Collection v1.1.10
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Live 8.0.4" = Live 8.0.4
"LOOXIS Faceworx_is1" = LOOXIS Faceworx 1.0
"Mafia Game" = Mafia Game
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Millennium Project 1.9SE High Resolution Texture Pack" = Millennium Project 1.9SE High Resolution Texture Pack
"mIRC" = mIRC
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MP3 Audio Batch Converter_is1" = MP3 Audio Batch Converter 1.30
"MYLT-V.2" = MYLT-V.2
"Myst Masterpiece Edition" = Myst Masterpiece Edition
"Nero7Lite_is1" = Nero 7 Lite v7.7.5.1
"New LEGO Digital Designer" = LEGO Digital Designer
"Nick3D" = Nickelodeon 3D Movie Maker 1.0
"Notepad++" = Notepad++
"Numark Cue (Atomix Productions)" = Numark Cue (Atomix Productions)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenSSH" = OpenSSH for Windows (remove only)
"Orb" = Winamp Remote
"Pacman Talks_is1" = Pacman Talks 1.1
"Pamela" = Pamela Pro 4.5
"Paperball" = The Blackwell Legacy
"PartyPoker" = PartyPoker
"Pathologic_is1" = Pathologic
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"Pirates, Vikings and Knights II" = Pirates, Vikings and Knights II Beta 1.1
"PodProducer_Beta_0.1" = PodProducer Beta v0.26
"PoiZone" = PoiZone
"Powergramo" = PowerGramo - Skype audio recorder
"PRJPRO" = Microsoft Office Project Professional 2007
"pygame-py2.5" = Python 2.5 pygame-1.7.1release
"Qtracker" = Qtracker
"Rainbow Sentinel Driver" = Sentinel System Driver
"rayatitray" = Ray Adams ATI Tray Tools
"RealAlt_is1" = Real Alternative 1.52
"RocketDock_is1" = RocketDock 1.3.5
"Runesword" = Runesword 2.5.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"SecondLife" = SecondLife (remove only)
"sfArk" = sfArk
"Sherlock Holmes - The Mystery of the Persian Carpet1.0" = Sherlock Holmes - The Mystery of the Persian Carpet
"Shin Megami Tensei: Imagine Online" = Shin Megami Tensei: Imagine Online
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Skulltag" = Skulltag
"Smart FTP1.0" = Smart FTP
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SoftwarePassport v6.6.0.660" = SoftwarePassport
"SopCast" = SopCast 2.0.4
"Soulseek" = SoulSeek Client 156c
"Spotify" = Spotify
"ST6UNST #1" = ADRIFT Version 3.90
"ST6UNST #2" = ADRIFT
"Star Trek Away Team" = Star Trek Away Team
"Steam App 11020" = TrackMania Nations Forever
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 13210" = Unreal Tournament 3
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"SUPER ©" = SUPER © Version 2007.bld.23 (July 4, 2007)
"Synaesthete_is1" = Synaesthete (v1.0)
"Synchronet_BBS_3.10" = Synchronet BBS for Win32 v3.13
"Synergy" = Synergy
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Teleport Pro" = Teleport Pro
"The Babylon Project v3.4b" = The Babylon Project v3.4b
"The Endless Forest_is1" = The Endless Forest
"TightVNC_is1" = TightVNC 1.3.9
"Toxic Biohazard" = Toxic Biohazard
"Tropico3 Demo" = Tropico 3 Demo 1.01
"TVUPlayer" = TVUPlayer 2.3.2.52
"Valve Hammer Editor" = Valve Hammer Editor
"Videora Xbox 360 Converter" = Videora Xbox 360 Converter 2.25
"Virtual Audio Cable 4.8" = Virtual Audio Cable 4.8
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.0
"VMidi" = vanBasco's Karaoke Player
"VoipBuster_is1" = VoipBuster
"Warhammer 40,000 - Dawn of War II" = Warhammer 40,000 - Dawn of War II
"WCW Nitro PC" = WCW Nitro PC
"WebcamMax" = WebcamMax
"Weekday Warrior" = Weekday Warrior
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WindowsFrotz" = Windows Frotz
"Wing Commander IV DVD" = Wing Commander IV DVD
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1 beta5
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"WinSSHD" = Bitvise WinSSHD 5.02 (remove only)
"WinUAE" = WinUAE 1.5.1
"WmeDevKit_is1" = Wintermute Engine Development Kit 1.8.6
"xampp" = XAMPP 1.6.6a
"XBC 5.1" = XBC 5.1
"X-Chat 2_is1" = X-Chat 2.8.0-1
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YANG" = YANG (Yet Another Netplay Guider)
"Zuma Deluxe RA" = Zuma Deluxe RA

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0638265cfb8124a6" = AA2Deploy
"94637a153add787b" = Conferencing
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"Pioneering Explore the Early American Frontier DEMO" = Pioneering Explore the Early American Frontier DEMO
"Quest for Glory II" = Quest for Glory II
"Steam App 205" = Source Dedicated Server
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 4000" = Garry's Mod
"uTorrent" = µTorrent
"VidBlaster" = VidBlaster
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/06/2008 12:41:41 | Computer Name = laserfrog-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module camcodec.dll, version 1.3.1.1, time stamp 0x3e700e34,
exception code 0xc0000005, fault offset 0x000071f1, process id 0xa54, application
start time 0x01c8c4065e28f9c2.

Error - 01/06/2008 12:41:53 | Computer Name = laserfrog-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module camcodec.dll, version 1.3.1.1, time stamp 0x3e700e34,
exception code 0xc0000005, fault offset 0x000071f1, process id 0x1508, application
start time 0x01c8c4066554faac.

Error - 01/06/2008 12:42:19 | Computer Name = laserfrog-PC | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6336, time stamp
0x46a16548, faulting module camcodec.dll, version 1.3.1.1, time stamp 0x3e700e34,
exception code 0xc0000005, fault offset 0x000071f1, process id 0xba8, application
start time 0x01c8c406724c728a.

Error - 02/06/2008 10:22:19 | Computer Name = laserfrog-PC | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 04/06/2008 15:25:41 | Computer Name = laserfrog-PC | Source = Application Error | ID = 1000
Description = Faulting application Photoshop.exe, version 9.0.0.0, time stamp 0x42400fac,
faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0x80000003, fault offset 0x00042ea8, process id 0x1c70, application start time
0x01c8c675fda11c66.

Error - 04/06/2008 17:51:19 | Computer Name = laserfrog-PC | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 04/06/2008 18:23:57 | Computer Name = laserfrog-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6000.16386, time stamp
0x4549b091, faulting module fontext.dll, version 6.0.6000.16386, time stamp 0x4549bcd2,
exception code 0xc0000005, fault offset 0x00008572, process id 0x740, application
start time 0x01c8c68d0d8fe389.

Error - 04/06/2008 19:12:51 | Computer Name = laserfrog-PC | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 04/06/2008 19:59:29 | Computer Name = laserfrog-PC | Source = Application Error | ID = 1000
Description = Faulting application Audition.exe, version 3.0.7283.0, time stamp
0x470d9498, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x1640, application
start time 0x01c8c698f1957fb6.

Error - 07/06/2008 20:08:45 | Computer Name = laserfrog-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 8.5.1302.1018, time stamp
0x4717a53b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x1d4, application start time
0x01c8c69873c43424.

[ Media Center Events ]
Error - 05/11/2007 23:07:58 | Computer Name = laserfrog-PC | Source = McrMgr | ID = 100
Description =

Error - 01/12/2007 11:03:21 | Computer Name = laserfrog-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 22/12/2007 19:29:19 | Computer Name = laserfrog-PC | Source = McrMgr | ID = 107
Description =

Error - 22/12/2007 19:29:29 | Computer Name = laserfrog-PC | Source = McrMgr | ID = 107
Description =

Error - 22/12/2007 19:31:44 | Computer Name = laserfrog-PC | Source = McrMgr | ID = 100
Description =

Error - 17/04/2008 08:24:50 | Computer Name = laserfrog-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 24/05/2008 15:40:18 | Computer Name = laserfrog-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 26/05/2008 23:35:02 | Computer Name = laserfrog-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ ODiag Events ]
Error - 10/06/2007 20:02:18 | Computer Name = laserfrog-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

[ OSession Events ]
Error - 16/11/2008 09:55:14 | Computer Name = laserfrog-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/11/2008 14:27:02 | Computer Name = laserfrog-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 591
seconds with 120 seconds of active time. This session ended with a crash.

Error - 17/11/2008 20:41:13 | Computer Name = laserfrog-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/11/2008 20:44:24 | Computer Name = laserfrog-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 184
seconds with 120 seconds of active time. This session ended with a crash.

Error - 24/11/2008 08:15:26 | Computer Name = laserfrog-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/11/2008 08:16:02 | Computer Name = laserfrog-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/12/2008 12:53:44 | Computer Name = laserfrog-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/12/2008 12:53:52 | Computer Name = laserfrog-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/12/2008 12:54:11 | Computer Name = laserfrog-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/12/2008 13:00:28 | Computer Name = laserfrog-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 325
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 22/09/2009 18:58:00 | Computer Name = laserfrog-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/09/2009 18:58:16 | Computer Name = laserfrog-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/09/2009 18:58:32 | Computer Name = laserfrog-PC | Source = DCOM | ID = 10005
Description =

Error - 22/09/2009 18:58:43 | Computer Name = laserfrog-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/09/2009 19:08:29 | Computer Name = laserfrog-PC | Source = HTTP | ID = 15016
Description =

Error - 22/09/2009 19:09:51 | Computer Name = laserfrog-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/09/2009 19:10:15 | Computer Name = laserfrog-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 22/09/2009 19:10:33 | Computer Name = laserfrog-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 22/09/2009 19:10:33 | Computer Name = laserfrog-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 22/09/2009 19:13:03 | Computer Name = laserfrog-PC | Source = BROWSER | ID = 8032
Description =


< End of report >
OTL logfile created on: 23/09/2009 02:22:11 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.24% Memory free
4.00 Gb Paging File | 2.72 Gb Available in Paging File | 68.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 200.69 Gb Total Space | 17.26 Gb Free Space | 8.60% Space Free | Partition Type: NTFS
Drive D: | 20.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 887.19 Gb Free Space | 95.24% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 1.92 Gb Total Space | 0.46 Gb Free Space | 24.04% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: LASERFROG-PC
Current User Name: laserfrog
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/07/07 10:35:00 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/01 00:07:52 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/05/01 00:07:52 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/06/24 01:28:36 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2008/08/31 08:10:24 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2009/09/07 17:54:24 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/09/07 17:54:12 | 00,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/03/09 12:20:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/05/31 21:08:26 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2005/04/02 02:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2007/05/01 22:52:36 | 00,109,360 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2007/03/23 10:02:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007/05/01 22:52:32 | 00,150,320 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2008/11/16 00:54:11 | 04,972,840 | ---- | M] (Bitvise) -- C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
PRC - [2007/05/01 22:51:46 | 00,121,648 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/18 23:33:42 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/18 23:33:40 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/04/01 02:54:06 | 00,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe
PRC - [2008/01/18 23:38:40 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/07/24 19:46:10 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/09/27 02:05:56 | 00,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2006/11/03 11:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2009/08/02 22:16:46 | 00,022,396 | ---- | M] () -- C:\Windows\System32\msnetsvc.exe
PRC - [2009/09/08 08:47:35 | 00,033,205 | ---- | M] (SornSoft) -- C:\Program Files\Common Files\alg.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/09/22 21:22:50 | 00,156,160 | ---- | M] () -- C:\Windows\msa.exe
PRC - [2008/01/18 23:33:10 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/18 23:33:10 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/09/02 14:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2008/01/18 23:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2009/07/06 16:47:08 | 00,274,489 | ---- | M] () -- C:\Program Files\BillyMaysCapsLock\BillyMaysCapsLock.exe
PRC - [2007/03/05 13:59:10 | 01,679,360 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
PRC - [2008/01/30 03:19:32 | 00,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Winamp Remote\bin\Orb.exe
PRC - [2008/01/15 03:25:40 | 00,024,576 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbIR.exe
PRC - [2008/01/18 23:33:34 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/18 23:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/09/07 17:54:12 | 00,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/10 03:17:58 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Users\laserfrog\Program Files\uTorrent\uTorrent.exe
PRC - [2009/01/26 15:31:12 | 05,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot3 - Search & Destroy\SpybotSD.exe
PRC - [2008/12/30 20:28:26 | 00,358,400 | ---- | M] (AIMP DevTeam) -- C:\Program Files\AIMP2\AIMP2.exe
PRC - [2007/09/24 23:30:30 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
PRC - [2008/01/18 23:33:34 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Taskmgr.exe
PRC - [2009/09/23 02:17:48 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/04/11 15:28:16 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/03/20 02:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
SRV - [2008/07/27 19:03:11 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/06/24 01:28:36 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2008/08/31 08:10:24 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/10/25 22:06:08 | 00,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService [On_Demand | Stopped])
SRV - [2008/01/18 23:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/18 23:36:54 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/07/26 02:33:08 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/30 02:34:56 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c8e2d4d4432e01 [Auto | Stopped])
SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/12/11 13:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
SRV - [2009/07/03 15:49:06 | 01,029,456 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - [2009/09/07 17:54:24 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2006/09/29 12:48:06 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32 [Auto | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/03/09 12:20:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2009/05/01 00:07:52 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2004/04/18 12:11:14 | 00,036,864 | ---- | M] () -- C:\Program Files\OpenSSH\bin\cygrunsrv.exe -- (OpenSSHd [Auto | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/09/02 01:37:42 | 00,262,144 | ---- | M] (KALiNKOsoft) -- C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc [Auto | Stopped])
SRV - [2009/05/31 21:08:26 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2008/12/23 16:35:20 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - File not found -- -- (SandraTheSrv [On_Demand | Stopped])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/03/18 11:28:46 | 00,068,096 | ---- | M] () -- C:\cygwin\bin\cygrunsrv.exe -- (sshd [Auto | Stopped])
SRV - [2005/04/02 02:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto | Running])
SRV - [2009/09/05 02:08:00 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
SRV - [2007/04/09 13:58:14 | 00,187,184 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped])
SRV - [2007/05/01 22:52:36 | 00,109,360 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [Auto | Running])
SRV - [2007/05/01 22:51:46 | 00,121,648 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP [Auto | Running])
SRV - [2007/03/23 10:02:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2 [Auto | Running])
SRV - [2007/05/01 22:52:32 | 00,150,320 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service [Auto | Running])
SRV - [2008/01/18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/11/16 00:54:11 | 04,972,840 | ---- | M] (Bitvise) -- C:\Program Files\Bitvise WinSSHD\WinSSHD.exe -- (WinSSHD [Auto | Running])
SRV - [2008/01/18 23:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 94.193.173.236:8080

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.5.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {f274730f-db76-4942-97ba-7984ab94f854}:2.1c
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "94.193.173.236"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2008/07/07 10:34:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/05/31 02:38:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0b2\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.0b2\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/09/01 15:33:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/15 04:09:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/14 01:29:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/01 15:33:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/09/01 15:33:49 | 00,000,000 | ---D | M]

[2008/06/24 01:55:39 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Extensions
[2008/06/24 01:55:39 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2008/06/18 02:18:14 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/22 22:46:09 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions
[2007/12/05 05:11:56 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2009/03/30 16:07:44 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/11/16 00:53:20 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/11 18:46:46 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/30 16:07:44 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/08/11 18:46:46 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/07/05 14:39:51 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854}
[2009/08/11 18:34:28 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\[email protected]
[2008/07/05 14:39:54 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\[email protected]
[2009/08/02 19:06:23 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\[email protected]
[2009/03/30 20:34:22 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\[email protected]
[2009/08/02 20:59:25 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\[email protected]
[2008/03/05 19:58:21 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\mozilla\Firefox\Profiles\q4c445qs.default\extensions\unplug@compunach
[2009/06/26 04:52:50 | 00,001,281 | ---- | M] () -- C:\Users\laserfrog\AppData\Roaming\Mozilla\FireFox\Profiles\q4c445qs.default\searchplugins\twitter-search.xml
[2009/09/22 22:46:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/14 01:29:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/11 15:09:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/09/10 01:32:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/02/09 15:13:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/09/14 01:29:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/14 01:29:25 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/24 20:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/02/24 20:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/08/20 17:45:02 | 01,431,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/14 01:29:26 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/10/06 17:41:09 | 00,341,360 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npoctoshape.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/09/02 03:09:58 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2006/10/22 23:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/10/07 05:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/09/01 15:33:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/01 15:33:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/01 15:33:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/01 15:33:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/01 15:33:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/01 15:33:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/01 15:33:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/10/07 05:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/02/24 20:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/24 13:14:16 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/06/24 13:14:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 13:14:16 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/06/24 13:14:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 13:14:16 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/06/24 13:14:16 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 13:14:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 13:14:16 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (331674 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 11359 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [Application Layer Gateway] C:\Program Files\Common Files\alg.exe (SornSoft)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [msnetsvc.exe] C:\Windows\System32\msnetsvc.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [PopRock] C:\Users\laserfrog\AppData\Local\Temp\b.exe File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/01/30 05:26:08 | 00,367,328 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 16:27:40 | 00,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{324626ea-e2c9-11db-8f9f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{324626ea-e2c9-11db-8f9f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007/01/30 05:26:08 | 00,367,328 | R--- | M] (NETGEAR Inc.)
O33 - MountPoints2\{8c827b39-56f5-11de-b043-000fea5e09e3}\Shell - "" = AutoRun
O33 - MountPoints2\{8c827b39-56f5-11de-b043-000fea5e09e3}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[1 C:\Windows\System32\*.tmp files]
[5 C:\Windows\*.tmp files]
[2009/09/23 00:28:43 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot3 - Search & Destroy
[2009/09/23 00:08:21 | 21,470,16704 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/23 00:05:56 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/09/22 23:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot2 - Search & Destroy
[2009/09/22 23:41:21 | 00,001,885 | ---- | C] () -- C:\Users\laserfrog\Desktop\HijackThis.lnk
[2009/09/22 23:41:20 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/22 23:25:51 | 00,001,064 | ---- | C] () -- C:\Users\laserfrog\Desktop\Spybot - Search & Destroy.lnk
[2009/09/22 23:25:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/09/22 23:25:47 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/22 23:04:40 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/09/22 23:04:26 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/09/22 23:04:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/09/22 23:02:08 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/22 23:02:04 | 00,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/09/22 23:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/09/22 21:58:05 | 00,068,608 | ---- | C] () -- C:\Windows\System32\drivers\rbsqatndvivetwdt.sys
[2009/09/22 21:35:40 | 00,068,608 | ---- | C] () -- C:\Windows\System32\drivers\kwvplxcpmerqpxvt.sys
[2009/09/22 21:31:06 | 00,000,000 | ---- | C] () -- C:\Windows\System32\drivers\gasfkymdxtfnfi.sys
[2009/09/22 21:25:02 | 23,712,7973 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/09/22 21:23:11 | 00,000,000 | ---- | C] () -- C:\Windows\System32\drivers\gasfkynkswuxqa.sys
[2009/09/22 21:23:03 | 00,156,160 | ---- | C] () -- C:\Windows\msa.exe
[2009/09/22 21:22:53 | 00,000,248 | -H-- | C] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/22 21:22:51 | 00,000,298 | -H-- | C] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/22 21:22:47 | 00,000,000 | ---- | C] () -- C:\Windows\win32k.sys
[2009/09/21 20:26:41 | 00,000,000 | ---D | C] -- C:\Users\laserfrog\Documents\majesty2
[2009/09/20 22:56:57 | 00,001,844 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2009/09/20 22:55:48 | 00,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2009/09/20 22:55:38 | 00,000,000 | ---D | C] -- C:\Windows\Smart FTP
[2009/09/20 22:55:38 | 00,000,000 | ---D | C] -- C:\Program Files\Smart FTP
[2009/09/20 20:24:29 | 00,000,765 | ---- | C] () -- C:\Users\Public\Desktop\XBC 5.1.lnk
[2009/09/20 20:24:06 | 00,000,000 | ---D | C] -- C:\Program Files\XBC
[2009/09/19 23:56:42 | 00,013,916 | ---- | C] () -- C:\Users\laserfrog\Documents\Timecopgame - Copy.docx
[2009/09/19 02:46:14 | 00,000,000 | ---D | C] -- C:\Users\laserfrog\Documents\TVCatchupV2.1 (tempfix)
[2009/09/18 23:23:38 | 00,001,163 | ---- | C] () -- C:\Users\laserfrog\Documents\[email protected] Sharing Folders Archive.lnk
[2009/09/15 18:44:46 | 00,000,000 | ---D | C] -- C:\OEMSettings
[2009/09/15 18:44:32 | 00,001,961 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2009/09/15 18:44:32 | 00,001,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2009/09/15 18:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2009/09/12 19:48:58 | 00,033,609 | ---- | C] () -- C:\Users\laserfrog\Documents\hgdfn.jpg
[2009/09/12 09:39:44 | 00,636,478 | ---- | C] () -- C:\Users\laserfrog\Documents\amazinggame.taf
[2009/09/12 09:39:44 | 00,182,300 | ---- | C] () -- C:\Users\laserfrog\Documents\amazinggame.bak
[2009/09/12 08:37:42 | 01,175,516 | ---- | C] () -- C:\Users\laserfrog\Documents\pants_dbg.t3
[2009/09/12 08:37:37 | 00,017,424 | ---- | C] () -- C:\Users\laserfrog\Documents\pants.t
[2009/09/12 08:37:37 | 00,006,409 | ---- | C] () -- C:\Users\laserfrog\Documents\pants.t3m
[2009/09/11 23:06:41 | 00,000,000 | ---D | C] -- C:\Users\laserfrog\AppData\Roaming\Tropico 3 Demo
[2009/09/11 22:41:15 | 00,000,000 | ---D | C] -- C:\Program Files\Kalypso
[2009/09/11 21:57:58 | 02,856,726 | ---- | C] () -- C:\Users\laserfrog\Documents\vlcsnap-2009-09-11-11h34m52s222.png
[2009/09/10 10:15:57 | 00,000,000 | ---D | C] -- C:\Users\laserfrog\Documents\Dungeons and Dragons Online
[2009/09/10 10:14:45 | 00,000,000 | ---D | C] -- C:\Users\laserfrog\AppData\Roaming\Turbine
[2009/09/10 10:14:37 | 00,000,097 | ---- | C] () -- C:\Users\laserfrog\AppData\Local\fusioncache.dat
[2009/09/10 10:14:29 | 00,000,000 | ---D | C] -- C:\Users\laserfrog\AppData\Local\Turbine
[2009/09/10 07:54:46 | 00,001,399 | ---- | C] () -- C:\Users\laserfrog\Desktop\xchat.exe - Shortcut.lnk
[2009/09/10 04:18:05 | 00,017,705 | ---- | C] () -- C:\Users\laserfrog\Documents\ohk.t
[2009/09/10 04:18:05 | 00,004,619 | ---- | C] () -- C:\Users\laserfrog\Documents\ohk.t3m
[2009/09/10 04:18:05 | 00,000,000 | ---D | C] -- C:\Users\laserfrog\Documents\web
[2009/09/10 04:18:05 | 00,000,000 | ---D | C] -- C:\Users\laserfrog\Documents\Scripts
[2009/09/10 04:18:05 | 00,000,000 | ---D | C] -- C:\Users\laserfrog\Documents\obj
[2009/09/10 04:18:05 | 00,000,000 | ---D | C] -- C:\Users\laserfrog\Documents\debug
[2009/09/09 17:40:27 | 00,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE
[2009/09/09 17:40:27 | 00,000,780 | ---- | C] () -- C:\Users\laserfrog\Desktop\TADS 3 Workbench.lnk
[2009/09/09 17:40:26 | 00,000,000 | ---D | C] -- C:\Users\laserfrog\Documents\TADS 3
[2009/09/09 17:40:26 | 00,000,000 | ---D | C] -- C:\ProgramData\TADS 3 Workbench
[2009/09/09 17:40:09 | 00,000,000 | ---D | C] -- C:\Program Files\TADS 3
[2009/09/09 17:27:42 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Frotz

========== Files - Modified Within 14 Days ==========

[1 C:\Windows\System32\*.tmp files]
[5 C:\Windows\*.tmp files]
[2009/09/23 02:27:59 | 00,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3373122025-2526711485-2940768051-1000UA.job
[2009/09/23 02:09:18 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/23 02:09:18 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/23 02:00:03 | 00,000,298 | -H-- | M] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/23 02:00:01 | 00,000,248 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/23 01:57:38 | 00,001,885 | ---- | M] () -- C:\Users\laserfrog\Desktop\HijackThis.lnk
[2009/09/23 01:56:00 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/23 00:35:53 | 00,331,674 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2009/09/23 00:35:53 | 00,331,674 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/09/23 00:28:48 | 00,001,064 | ---- | M] () -- C:\Users\laserfrog\Desktop\Spybot - Search & Destroy.lnk
[2009/09/23 00:15:56 | 00,611,394 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/23 00:15:55 | 00,708,582 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/23 00:15:55 | 00,110,684 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/23 00:12:17 | 00,032,251 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/09/23 00:12:15 | 00,032,251 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/09/23 00:12:02 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/23 00:09:05 | 00,119,296 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2009/09/23 00:08:45 | 08,405,015 | ---- | M] () -- C:\Windows\TempFile
[2009/09/23 00:08:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/23 00:08:25 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/23 00:08:23 | 00,000,000 | ---- | M] () -- C:\Windows\win32k.sys
[2009/09/23 00:08:21 | 21,470,16704 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/22 23:10:21 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/09/22 23:02:04 | 00,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/09/22 22:50:12 | 00,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{426E1E21-4199-4954-9F50-180AEEB8D3FB}.job
[2009/09/22 21:58:06 | 00,068,608 | ---- | M] () -- C:\Windows\System32\drivers\rbsqatndvivetwdt.sys
[2009/09/22 21:35:40 | 00,068,608 | ---- | M] () -- C:\Windows\System32\drivers\kwvplxcpmerqpxvt.sys
[2009/09/22 21:31:06 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\gasfkymdxtfnfi.sys
[2009/09/22 21:25:26 | 23,712,7973 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/09/22 21:23:11 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\gasfkynkswuxqa.sys
[2009/09/22 21:22:50 | 00,156,160 | ---- | M] () -- C:\Windows\msa.exe
[2009/09/22 20:54:05 | 00,180,224 | ---- | M] () -- C:\Users\laserfrog\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/22 20:54:05 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/09/22 14:28:00 | 00,000,870 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3373122025-2526711485-2940768051-1000Core.job
[2009/09/20 22:56:57 | 00,001,844 | ---- | M] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2009/09/20 20:24:29 | 00,000,765 | ---- | M] () -- C:\Users\Public\Desktop\XBC 5.1.lnk
[2009/09/18 23:23:38 | 00,001,163 | ---- | M] () -- C:\Users\laserfrog\Documents\[email protected] Sharing Folders Archive.lnk
[2009/09/16 11:29:53 | 00,002,108 | ---- | M] () -- C:\Users\laserfrog\Desktop\Google Chrome.lnk
[2009/09/15 18:44:32 | 00,001,961 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2009/09/15 18:44:32 | 00,001,959 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2009/09/12 19:49:32 | 00,033,609 | ---- | M] () -- C:\Users\laserfrog\Documents\hgdfn.jpg
[2009/09/12 10:00:26 | 00,636,478 | ---- | M] () -- C:\Users\laserfrog\Documents\amazinggame.taf
[2009/09/12 09:55:34 | 00,182,300 | ---- | M] () -- C:\Users\laserfrog\Documents\amazinggame.bak
[2009/09/12 09:16:29 | 01,175,516 | ---- | M] () -- C:\Users\laserfrog\Documents\pants_dbg.t3
[2009/09/12 09:16:29 | 00,006,409 | ---- | M] () -- C:\Users\laserfrog\Documents\pants.t3m
[2009/09/12 09:16:24 | 00,017,424 | ---- | M] () -- C:\Users\laserfrog\Documents\pants.t
[2009/09/11 11:34:52 | 02,856,726 | ---- | M] () -- C:\Users\laserfrog\Documents\vlcsnap-2009-09-11-11h34m52s222.png
[2009/09/10 10:14:37 | 00,000,097 | ---- | M] () -- C:\Users\laserfrog\AppData\Local\fusioncache.dat
[2009/09/10 07:54:49 | 00,001,399 | ---- | M] () -- C:\Users\laserfrog\Desktop\xchat.exe - Shortcut.lnk
[2009/09/10 04:20:31 | 00,004,619 | ---- | M] () -- C:\Users\laserfrog\Documents\ohk.t3m
[2009/09/10 04:18:05 | 00,017,705 | ---- | M] () -- C:\Users\laserfrog\Documents\ohk.t
[2009/09/09 17:40:27 | 00,000,780 | ---- | M] () -- C:\Users\laserfrog\Desktop\TADS 3 Workbench.lnk
[2009/09/09 17:39:59 | 00,065,536 | ---- | M] () -- C:\Windows\TADSUINS.EXE

========== LOP Check ==========

[2009/09/11 23:06:41 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming
[2009/07/19 10:19:43 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Ableton
[2009/09/23 00:53:14 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\AIMP
[2009/09/08 19:45:33 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Arcen Games, LLC
[2007/04/11 02:53:55 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\ATI
[2007/04/21 00:53:16 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\atitray
[2009/09/14 16:52:45 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Autodesk
[2007/04/14 18:53:27 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Bersirc
[2009/09/21 22:19:25 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Bioshock
[2009/04/13 22:29:20 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Braid
[2009/06/07 14:15:39 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Canneverbe_Limited
[2008/03/26 20:47:59 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\CDBurnerXP_Soft
[2007/08/10 03:55:26 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/06/12 03:10:55 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\DAEMON Tools Lite
[2008/04/29 20:10:36 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2009/09/08 19:31:45 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\DNA
[2009/08/12 03:59:26 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Download Manager
[2009/06/12 19:26:12 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\dvdcss
[2009/09/20 22:48:52 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\FileZilla
[2007/08/01 02:22:49 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Final Draft
[2008/09/21 02:10:27 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Flock
[2007/07/29 16:24:55 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\fltk.org
[2007/08/04 16:20:58 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\fretsonfire
[2009/06/12 03:21:51 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Games
[2009/07/26 17:50:49 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\GrafX2
[2008/07/02 04:51:15 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\gtk-2.0
[2009/09/20 21:37:08 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Hamachi
[2009/06/10 23:37:19 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Hamachibackup
[2007/09/09 15:23:13 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\InternetCalls
[2009/07/28 05:45:11 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\KALiNKOsoft
[2008/02/04 02:33:05 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\LEGO Company
[2009/07/16 04:05:20 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\LucasArts
[2009/08/02 20:40:30 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\ManyCam
[2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Media Center Programs
[2009/08/18 21:39:51 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Muchobene
[2007/11/12 20:51:37 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Notepad++
[2007/09/08 16:13:28 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Opera
[2007/08/18 16:26:33 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\PACE Anti-Piracy
[2009/07/26 00:54:37 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Pamela
[2007/12/16 01:40:29 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\PowerRangers
[2007/06/30 15:10:42 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Quake3
[2007/05/12 12:48:46 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\SAM
[2007/05/10 15:26:29 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Screaming Bee
[2007/07/10 04:11:23 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\ScummVM
[2009/07/15 02:05:13 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\SecondLife
[2007/04/10 16:35:21 | 00,000,000 | RH-D | M] -- C:\Users\laserfrog\AppData\Roaming\SecuROM
[2007/04/27 22:31:45 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\SmartFTP
[2008/06/20 16:00:28 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\SPORE Creature Creator
[2008/08/16 02:01:49 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Sports Interactive
[2009/08/31 20:15:16 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Spotify
[2007/04/26 23:21:09 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Syntrillium
[2009/06/28 02:03:32 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\SystemRequirementsLab
[2009/06/06 14:36:55 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\teamspeak2
[2007/05/02 23:09:57 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Thunderbird
[2009/09/11 23:08:20 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Tropico 3 Demo
[2007/04/15 19:02:29 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\TSO
[2009/09/10 10:14:45 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Turbine
[2007/08/19 11:35:26 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\TVU Networks
[2009/08/08 18:51:34 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/09/23 02:28:03 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\uTorrent
[2009/06/04 22:49:29 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Ventrilo
[2007/06/03 02:50:40 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\VoipBuster
[2009/06/09 21:09:49 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Vso
[2009/08/02 20:12:53 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Webcammax
[2008/04/27 17:39:22 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Wintermute Engine
[2009/09/14 01:00:08 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\X-Chat 2
[2007/10/18 17:40:50 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\Xfire
[2009/06/04 03:05:23 | 00,000,000 | ---D | M] -- C:\Users\laserfrog\AppData\Roaming\yang
[2009/09/22 23:10:21 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/09/23 00:12:02 | 00,000,880 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/23 01:56:00 | 00,000,884 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/09/22 14:28:00 | 00,000,870 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3373122025-2526711485-2940768051-1000Core.job
[2009/09/23 02:28:04 | 00,000,922 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3373122025-2526711485-2940768051-1000UA.job
[2009/09/23 00:08:29 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/22 23:42:24 | 00,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/22 22:50:12 | 00,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{426E1E21-4199-4954-9F50-180AEEB8D3FB}.job
[2009/09/23 02:00:01 | 00,000,248 | -H-- | M] () -- C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/23 02:00:03 | 00,000,298 | -H-- | M] () -- C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/02 15:00:16 | 00,118,784 | ---- | M] () -- C:\ski32.exe

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2008/01/18 23:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll
[1 C:\Windows\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 10:46:03 | 00,061,952 | ---- | M] () -- C:\Windows\system32\cngaudit.dll
[1 C:\Windows\system32\*.tmp files]

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\logevent.dll
[1 C:\Windows\system32\*.tmp files]

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\laserfrog\Documents\Sequence 0uujy1.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\laserfrog\Documents\lancestorm2.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\laserfrog\Documents\lancestorm.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\laserfrog\Documents\busrunner.avi:TOC.WMV
@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:8E236DBE
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:42DC4246
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:073341D1
@Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:85FB0BBF
< End of report >
  • 0

Advertisements

#2
hammerman
Posted 25 September 2009 - 01:57 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello mrsunday and welcome to GeeksToGo :)
I'm hammerman and I'm going to help you fix your problem.

Before we begin, I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.

Please follow these steps.

-- Step 1 --

Please download Win32kDiag to your desktop.
Double-click on Win32kDiag to run it.
A log should appear when it is finished. Post that log here.

If it doesn't pop up, a log file called Win32kDiag.txt should be located on your desktop. Please post that.

-- Step 2 --

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new Window should appear.
  • Make sure Scan all drives is selected and click on the Start button.
  • When it is complete a new Window will appear to indicate that the scan is finished.
  • The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

  • 0

#3
mrsunday
Posted 25 September 2009 - 02:25 PM

mrsunday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks! I can't follow the steps right now, as I'm moving house tomorrow. But I should be able to reply with logs on monday.
  • 0

#4
hammerman
Posted 25 September 2009 - 02:26 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
No problem. Good luck with the move :)
  • 0

#5
mrsunday
Posted 28 September 2009 - 12:53 PM

mrsunday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here I am! Moved in on saturday and got the internet today!

Here's the Win32diag log:

Running from: C:\downloads\Win32kDiag.exe

Log file at : C:\Users\laserfrog\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP116A.tmp\ZAP116A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ConfigSetRoot\ConfigSetRoot

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109450090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021094B0090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\repair\wuau.{00021401-0000-0000-C000-000000000046}\wuau.{00021401-0000-0000-C000-000000000046}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFile

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\cngaudit.dll

[1] 2006-11-02 10:46:03 61952 C:\Windows\System32\cngaudit.dll ()


And here's the SysProt log:
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 452
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 528
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 580
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 592
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 600
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 656
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 680
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 780
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 904
Hidden: No
Window Visible: No

Name: C:\Windows\System32\nvvsvc.exe
PID: 948
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 976
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1012
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1112
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1168
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1196
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1304
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1336
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1380
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1500
Hidden: No
Window Visible: No

Name: C:\Windows\System32\nvvsvc.exe
PID: 1516
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1744
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1768
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 316
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PID: 344
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 496
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 1136
Hidden: No
Window Visible: No

Name: C:\Program Files\Kontiki\KService.exe
PID: 880
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\ramaint.exe
PID: 2620
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LogMeIn.exe
PID: 2652
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PID: 2684
Hidden: No
Window Visible: No

Name: C:\Program Files\CDBurnerXP\NMSAccessU.exe
PID: 2724
Hidden: No
Window Visible: No

Name: C:\Windows\System32\PnkBstrA.exe
PID: 2996
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3008
Hidden: No
Window Visible: No

Name: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PID: 3352
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3384
Hidden: No
Window Visible: No

Name: C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PID: 3444
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PID: 3680
Hidden: No
Window Visible: No

Name: C:\Windows\System32\vmnat.exe
PID: 3736
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3916
Hidden: No
Window Visible: No

Name: C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
PID: 3964
Hidden: No
Window Visible: No

Name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PID: 2320
Hidden: No
Window Visible: No

Name: C:\Windows\System32\vmnetdhcp.exe
PID: 2484
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 3428
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 2456
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\taskeng.exe
PID: 3324
Hidden: No
Window Visible: No

Name: C:\Windows\msa.exe
PID: 2712
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 852
Hidden: No
Window Visible: No

Name: C:\Program Files\Winamp Remote\bin\OrbTray.exe
PID: 1568
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 3344
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PID: 3708
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PID: 4144
Hidden: No
Window Visible: No

Name: C:\Windows\PixArt\PAC207\Monitor.exe
PID: 4172
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\alg.exe
PID: 4216
Hidden: No
Window Visible: No

Name: C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PID: 4244
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 4264
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehtray.exe
PID: 4368
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 4424
Hidden: No
Window Visible: No

Name: C:\Program Files\RocketDock\RocketDock.exe
PID: 4448
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 4460
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wuauclt.exe
PID: 4568
Hidden: No
Window Visible: No

Name: C:\Program Files\BillyMaysCapsLock\BillyMaysCapsLock.exe
PID: 4600
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 4660
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 4700
Hidden: No
Window Visible: No

Name: C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
PID: 4740
Hidden: No
Window Visible: No

Name: C:\Program Files\Winamp Remote\bin\Orb.exe
PID: 4752
Hidden: No
Window Visible: No

Name: C:\Program Files\Winamp Remote\bin\OrbIR.exe
PID: 4772
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 4796
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PID: 4980
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Contacts\wlcomm.exe
PID: 4332
Hidden: No
Window Visible: No

Name: C:\Windows\System32\mmc.exe
PID: 1280
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Frotz\Frotz.exe
PID: 9156
Hidden: No
Window Visible: No

Name: C:\Windows\System32\mspaint.exe
PID: 7296
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PID: 9700
Hidden: No
Window Visible: No

Name: C:\Program Files\Cosmigo\Pro Motion 4.7\Pmotion.exe
PID: 9384
Hidden: No
Window Visible: No

Name: C:\Windows\System32\notepad.exe
PID: 10236
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\cmd.exe
PID: 404
Hidden: No
Window Visible: Yes

Name: C:\xmplay\xmplay.exe
PID: 8516
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 10548
Hidden: No
Window Visible: No

Name: C:\Users\laserfrog\Desktop\SysProt\SysProt.exe
PID: 11600
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 6856
Hidden: No
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\laserfrog\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A2DD8000
Module End: A2DE3000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 8241F000
Module End: 827D8000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 827D8000
Module End: 8280B000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 8060E000
Module End: 80616000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80616000
Module End: 80676000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80676000
Module End: 80687000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80687000
Module End: 8068F000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8068F000
Module End: 806D0000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 806D0000
Module End: 807B0000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 82A0E000
Module End: 82A8A000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 82A8A000
Module End: 82A97000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\spwa.sys
Service Name: ---
Module Base: 82A97000
Module End: 82B98000
Hidden: Yes

Module Name: C:\Windows\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: 82B98000
Module End: 82BA1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\SCSIPORT.SYS
Service Name: ---
Module Base: 82BA1000
Module End: 82BC7000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 807B0000
Module End: 807F6000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 82BC7000
Module End: 82BCF000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 82BCF000
Module End: 82BF6000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 8840F000
Module End: 8841E000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 8841E000
Module End: 8842D000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 8842D000
Module End: 88477000
Hidden: No

Module Name: C:\Windows\system32\drivers\intelide.sys
Service Name: intelide
Module Base: 88477000
Module End: 8847E000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 8847E000
Module End: 8848C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pciide.sys
Service Name: pciide
Module Base: 8848C000
Module End: 88493000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 88493000
Module End: 884A3000
Hidden: No

Module Name: C:\Windows\system32\drivers\nvraid.sys
Service Name: nvraid
Module Base: 884A3000
Module End: 884BC000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 884BC000
Module End: 884DD000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 884DD000
Module End: 884E5000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 884E5000
Module End: 88503000
Hidden: No

Module Name: C:\Windows\system32\drivers\vsmraid.sys
Service Name: vsmraid
Module Base: 88503000
Module End: 88521000
Hidden: No

Module Name: C:\Windows\system32\drivers\storport.sys
Service Name: ---
Module Base: 88521000
Module End: 88562000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 88562000
Module End: 88594000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 88594000
Module End: 885A4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Lbd.sys
Service Name: Lbd
Module Base: 885A4000
Module End: 885B3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\PxHelp20.sys
Service Name: PxHelp20
Module Base: 885B3000
Module End: 885BD000
Hidden: No

Module Name: C:\Windows\system32\drivers\siwinacc.sys
Service Name: SiFilter
Module Base: 885BD000
Module End: 885C0000
Hidden: No

Module Name: C:\Windows\System32\Drivers\TPkd.sys
Service Name: TPkd
Module Base: 885C0000
Module End: 885D2000
Hidden: No

Module Name: C:\Windows\system32\drivers\xfilt.sys
Service Name: xfilt
Module Base: 885D2000
Module End: 885DB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 88607000
Module End: 88678000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 88678000
Module End: 88783000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 887AE000
Module End: 887E8000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 88800000
Module End: 888E7000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 888E7000
Module End: 88902000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 88A0F000
Module End: 88B1E000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 88B1E000
Module End: 88B57000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 88B57000
Module End: 88B5F000
Hidden: No

Module Name: C:\Windows\system32\drivers\siremfil.sys
Service Name: SiRemFil
Module Base: 88B5F000
Module End: 88B61000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 88B61000
Module End: 88B70000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 88B70000
Module End: 88B97000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 88B97000
Module End: 88BA8000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 88BA8000
Module End: 88BB1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 88BD1000
Module End: 88BDC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 88BDC000
Module End: 88BE5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 88BE5000
Module End: 88BF4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8C801000
Module End: 8D166000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvBridge.kmd
Service Name: ---
Module Base: 8D166000
Module End: 8D168000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 88902000
Module End: 889A1000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8D168000
Module End: 8D175000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8D175000
Module End: 8D187000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 8D196000
Module End: 8D1A1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8D1A1000
Module End: 8D1DF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8D1DF000
Module End: 8D1EE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 8D1EE000
Module End: 8D1FE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 88A00000
Module End: 88A0E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: 889A1000
Module End: 889BB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serenum.sys
Service Name: Serenum
Module Base: 88BF4000
Module End: 88BFE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: 889BB000
Module End: 889D3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 889D3000
Module End: 889E6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 889E6000
Module End: 889F1000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\VMkbd.sys
Service Name: vmkbd
Module Base: 889F1000
Module End: 889F5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 887E8000
Module End: 88800000
Hidden: No

Module Name: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: 889F5000
Module End: 889FC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\vaxscsi.sys
Service Name: vaxscsi
Module Base: 8D40B000
Module End: 8D455000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\andke2xn.SYS
Service Name: ---
Module Base: 8D455000
Module End: 8D48D000
Hidden: Yes

Module Name: C:\Windows\system32\DRIVERS\vncmirror.sys
Service Name: vncmirror
Module Base: 8D48D000
Module End: 8D48E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: 8D48E000
Module End: 8D4AF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lmimirr.sys
Service Name: lmimirr
Module Base: 8D4AF000
Module End: 8D4B0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8D4B0000
Module End: 8D4DE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8D4DE000
Module End: 8D4E9000
Hidden: No

Module Name: C:\Windows\system32\drivers\ScreamingBAudio.sys
Service Name: SCREAMINGBDRIVER
Module Base: 8D4E9000
Module End: 8D4ED000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8D4ED000
Module End: 8D51A000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8D51A000
Module End: 8D53F000
Hidden: No

Module Name: C:\Windows\system32\drivers\ks.sys
Service Name: ---
Module Base: 8D53F000
Module End: 8D569000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\STREAM.SYS
Service Name: ---
Module Base: 8D572000
Module End: 8D57F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\vrtaucbl.sys
Service Name: EuMusDesignVirtualAudioCableWdm
Module Base: 8D57F000
Module End: 8D58A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CAMTHWDM.sys
Service Name: CAMTHWDM
Module Base: 8D804000
Module End: 8D8E9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8D8EF000
Module End: 8D906000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8D906000
Module End: 8D911000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8D911000
Module End: 8D934000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8D934000
Module End: 8D943000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8D943000
Module End: 8D957000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8D957000
Module End: 8D96C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hamachi.sys
Service Name: hamachi
Module Base: 8D96C000
Module End: 8D971000
Hidden: No

Module Name: C:\Windows\System32\Drivers\pcouffin.sys
Service Name: pcouffin
Module Base: 8D971000
Module End: 8D97D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8D97D000
Module End: 8D98D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8D98D000
Module End: 8D998000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8D998000
Module End: 8D99A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8D99A000
Module End: 8D9A4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8D9A4000
Module End: 8D9B1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8D9B1000
Module End: 8D9E5000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8D9E5000
Module End: 8D9F6000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 8DA05000
Module End: 8DB96000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8DBA6000
Module End: 8DBAD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 8DBB6000
Module End: 8DBBD000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8DBBD000
Module End: 8DBC9000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8DBC9000
Module End: 8DBD1000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8DBD1000
Module End: 8DBD9000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8DBE4000
Module End: 8DBF2000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8DBF2000
Module End: 8DBFB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8D58A000
Module End: 8D5A0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8D5A0000
Module End: 8D5B4000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8D5B4000
Module End: 8D5FC000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8DE00000
Module End: 8DE32000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8DE32000
Module End: 8DE48000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8DE48000
Module End: 8DE56000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8DE56000
Module End: 8DE69000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8DE69000
Module End: 8DEA5000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8DEA5000
Module End: 8DEAF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8DEAF000
Module End: 8DEC6000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: 8DEC6000
Module End: 8DECB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: 8DECB000
Module End: 8DEE2000
Hidden: No

Module Name: C:\Windows\system32\drivers\dadder.sys
Service Name: DAdderFltr
Module Base: 8DEE2000
Module End: 8DEE5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 8DEE5000
Module End: 8DEEE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 8DEEE000
Module End: 8DEFE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8DEFE000
Module End: 8DF00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 8DF00000
Module End: 8DF08000
Hidden: No

Module Name: \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
Service Name: atitray
Module Base: 8DF08000
Module End: 8DF0C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 8DF0C000
Module End: 8DF22000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8DF22000
Module End: 8DF2F000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8DF2F000
Module End: 8DF3A000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8DF3A000
Module End: 8DF42000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8DF42000
Module End: 8DF4C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8DF4C000
Module End: 8DF5B000
Hidden: No

Module Name: \systemroot\win32k.sys:1
Service Name: ---
Module Base: 8DF5B000
Module End: 8DF60000
Hidden: Yes

Module Name: \systemroot\win32k.sys:2
Service Name: ---
Module Base: 8DF60000
Module End: 8DF6F000
Hidden: Yes

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 8DF6F000
Module End: 8DF8A000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: A1E0E000
Module End: A1EBD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\vmnetbridge.sys
Service Name: VMnetBridge
Module Base: A1EBD000
Module End: A1EC3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\VMNET.SYS
Service Name: ---
Module Base: A1EC3000
Module End: A1EC6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: A1EC6000
Module End: A1ED6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: A1ED6000
Module End: A1F00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: A1F00000
Module End: A1F0A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: A1F0A000
Module End: A1F1D000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: A1F1D000
Module End: A1F88000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: A1F88000
Module End: A1FA5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: A1FA5000
Module End: A1FBE000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: A1FBE000
Module End: A1FD3000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: A1FD3000
Module End: A1FF3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 8DF92000
Module End: 8DFB1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 8DFB1000
Module End: 8DFEA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 88BB1000
Module End: 88BC9000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: A2C03000
Module End: A2C2A000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: A2C2A000
Module End: A2C76000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\asyncmac.sys
Service Name: AsyncMac
Module Base: A2C76000
Module End: A2C7F000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\Haspnt.sys
Service Name: Haspnt
Module Base: A2C7F000
Module End: A2C8B000
Hidden: No

Module Name: \??\C:\Windows\system32\Drivers\hcmon.sys
Service Name: hcmon
Module Base: A2C8B000
Module End: A2C96000
Hidden: No

Module Name: C:\Windows\System32\Drivers\SENTINEL.SYS
Service Name: Sentinel
Module Base: A2C9D000
Module End: A2CAF000
Hidden: No

Module Name: \??\C:\Windows\system32\Drivers\VMparport.sys
Service Name: VMparport
Module Base: A2CAF000
Module End: A2CB6000
Hidden: No

Module Name: \??\C:\Windows\system32\Drivers\vmx86.sys
Service Name: vmx86
Module Base: A2CB6000
Module End: A2D1E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\atksgt.sys
Service Name: atksgt
Module Base: A2D1E000
Module End: A2D61000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\ds1410d.sys
Service Name: DS1410D
Module Base: A2D61000
Module End: A2D63000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\hardlock.sys
Service Name: Hardlock
Module Base: A6807000
Module End: A68AF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\fastfat.SYS
Service Name: fastfat
Module Base: A68AF000
Module End: A68D7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lirsgt.sys
Service Name: lirsgt
Module Base: A68D7000
Module End: A68DC000
Hidden: No

Module Name: \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
Service Name: LMIInfo
Module Base: A68DC000
Module End: A68DE000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
Service Name: LMIRfsDriver
Module Base: A68DE000
Module End: A68E8000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: A68E8000
Module End: A69C6000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: A69CE000
Module End: A69D8000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: A69D8000
Module End: A69E4000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\vmnetuserif.sys
Service Name: VMnetuserif
Module Base: A69E4000
Module End: A69E9000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
Service Name: vstor2
Module Base: A69E9000
Module End: A69EC000
Hidden: No

Module Name: \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
Service Name: vstor2-ws60
Module Base: A69EC000
Module End: A69F0000
Hidden: No

Module Name: C:\Windows\system32\drivers\tdtcp.sys
Service Name: TDTCP
Module Base: A69F0000
Module End: A69FB000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\tssecsrv.sys
Service Name: tssecsrv
Module Base: A2D63000
Module End: A2D6F000
Hidden: No

Module Name: C:\Windows\System32\Drivers\RDPWD.SYS
Service Name: Wd
Module Base: A2D6F000
Module End: A2DA2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Rtlh86.sys
Service Name: RTL8169
Module Base: A2DC9000
Module End: A2DD8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ManyCam.sys
Service Name: ManyCam
Module Base: 8D8E9000
Module End: 8D8EF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\parvdm.sys
Service Name: Parvdm
Module Base: A2C96000
Module End: A2C9D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\splitcam.sys
Service Name: SPLITCAM
Module Base: 8D569000
Module End: 8D572000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8DB9F000
Module End: 8DBA6000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8DBD9000
Module End: 8DBE4000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 854231F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 854231F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 854231F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 854231F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 854231F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 854231F8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_CREATE
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_READ
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_WRITE
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_SET_EA
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_POWER
Jump To: 82A9FE30
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82AB4514
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\PCI_PNP2376
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 82ADBAEA
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 82A98000
Hooking Module: \SystemRoot\System32\Drivers\spwa.sys

Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 867661F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 867661F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 867661F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: A2C8E2C0
Hooking Module: \??\C:\Windows\system32\Drivers\hcmon.sys

Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 867661F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 867661F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86C3B500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86C3B500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86C3B500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86C3B500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 86C3B500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86C3F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86C3F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86C3F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86C3F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 86C3F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 868781F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 868781F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 868781F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 868781F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 868781F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 868781F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 865FB1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 865FB1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 865FB1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 865FB1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 865FB1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 865FB1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 865FB1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 865FB1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 865FB1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 865FB1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 854211F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_READ
Jump To: 854211F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 854211F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 854211F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 854211F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 854211F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 854211F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 854211F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 854211F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 854211F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 854241F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 854241F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 854241F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 854241F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 854241F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 854241F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\andke2xn.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\andke2xn.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\andke2xn.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\andke2xn.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\andke2xn.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\andke2xn.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 867701F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 867701F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 867701F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: A2C8E690
Hooking Module: \??\C:\Windows\system32\Drivers\hcmon.sys

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 867701F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 867701F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\Drivers\vaxscsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8684A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\Drivers\vaxscsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8684A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\Drivers\vaxscsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8684A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\Drivers\vaxscsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8684A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\Drivers\vaxscsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8684A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\Drivers\vaxscsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8684A1F8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: LASERFROG-PC.ROUTER:3192
Remote Address: AD1.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3190
Remote Address: 216.73.84.17:HTTP
Type: TCP
Process: C:\Windows\msa.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:3189
Remote Address: WY-IN-F148.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Windows\msa.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:3188
Remote Address: 75.126.76.193-STATIC.REVERSE.SOFTLAYER.COM:HTTP
Type: TCP
Process: C:\Windows\msa.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:3186
Remote Address: AD4.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3184
Remote Address: AD4.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3182
Remote Address: 77.67.21.33:HTTP
Type: TCP
Process: C:\Windows\msa.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:3178
Remote Address: AD1.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3176
Remote Address: CHANNEL02.01.05.SF2P.FACEBOOK.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:3171
Remote Address: AD4.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3168
Remote Address: AD4.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3161
Remote Address: AD1.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3159
Remote Address: CHANNEL02.01.05.SF2P.FACEBOOK.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3156
Remote Address: AD1.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3152
Remote Address: AD1.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3149
Remote Address: AD1.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3146
Remote Address: AD1.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LASERFROG-PC.ROUTER:3144
Remote Address: 77.67.21.51:HTTP
Type: TCP
Process: C:\Windows\msa.exe
State: CLOSE_WAIT

Local Address: LASERFROG-PC.ROUTER:3137
Remote Address: LM-IN-F137.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:3124
Remote Address: WY-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:3031
Remote Address: EY-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: CLOSE_WAIT

Local Address: LASERFROG-PC.ROUTER:3030
Remote Address: IW-IN-F100.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: CLOSE_WAIT

Local Address: LASERFROG-PC.ROUTER:3029
Remote Address: GV-IN-F99.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: CLOSE_WAIT

Local Address: LASERFROG-PC.ROUTER:3028
Remote Address: GV-IN-F99.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: CLOSE_WAIT

Local Address: LASERFROG-PC.ROUTER:3027
Remote Address: WW-IN-F113.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:3026
Remote Address: WW-IN-F113.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: CLOSE_WAIT

Local Address: LASERFROG-PC.ROUTER:ICSLAP
Remote Address: 192.168.0.1:4554
Type: TCP
Process: System
State: CLOSE_WAIT

Local Address: LASERFROG-PC.ROUTER:ICSLAP
Remote Address: 192.168.0.1:4416
Type: TCP
Process: System
State: CLOSE_WAIT

Local Address: LASERFROG-PC.ROUTER:2529
Remote Address: WWW-11-08-ASH1.FACEBOOK.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:2521
Remote Address: WWW-11-08-ASH1.FACEBOOK.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:2479
Remote Address: WWW-12-08-ASH1.FACEBOOK.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:2296
Remote Address: APP03-09.LOGMEIN.COM:HTTPS
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:2281
Remote Address: VA4.ORB.COM:85
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC.ROUTER:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1117
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1100
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1090
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1081
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1078
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1075
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1072
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1067
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1065
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1062
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1059
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1056
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1052
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1049
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1046
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1043
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1040
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1038
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:29831
Remote Address: LOCALHOST:1037
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: LASERFROG-PC:2295
Remote Address: LOCALHOST:2294
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:2294
Remote Address: LOCALHOST:2295
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:2290
Remote Address: LOCALHOST:2289
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:2289
Remote Address: LOCALHOST:2290
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:2002
Remote Address: LOCALHOST:1124
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1124
Remote Address: LOCALHOST:2002
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1118
Remote Address: LOCALHOST:1045
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1117
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:NFSD-STATUS
Remote Address: LOCALHOST:1066
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1107
Remote Address: LOCALHOST:1058
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1100
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1098
Remote Address: LOCALHOST:1066
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1097
Remote Address: LOCALHOST:1066
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1091
Remote Address: LOCALHOST:1045
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1090
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1089
Remote Address: LOCALHOST:1045
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1088
Remote Address: LOCALHOST:1045
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1087
Remote Address: LOCALHOST:1045
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1086
Remote Address: LOCALHOST:1045
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1083
Remote Address: LOCALHOST:1045
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1081
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1078
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1075
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1072
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbIR.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1067
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1066
Remote Address: LOCALHOST:NFSD-STATUS
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1066
Remote Address: LOCALHOST:1098
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1066
Remote Address: LOCALHOST:1097
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1065
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1062
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1059
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1058
Remote Address: LOCALHOST:1107
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1056
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1052
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1049
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1046
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1045
Remote Address: LOCALHOST:1118
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1045
Remote Address: LOCALHOST:1091
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1045
Remote Address: LOCALHOST:1089
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1045
Remote Address: LOCALHOST:1088
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1045
Remote Address: LOCALHOST:1087
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1045
Remote Address: LOCALHOST:1086
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1045
Remote Address: LOCALHOST:1083
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1043
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1040
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1038
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1037
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:ACTIVESYNC
Remote Address: LOCALHOST:1033
Type: TCP
Process: C:\Program Files\Kontiki\KService.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1033
Remote Address: LOCALHOST:ACTIVESYNC
Type: TCP
Process: C:\Program Files\Kontiki\KService.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1032
Remote Address: LOCALHOST:1031
Type: TCP
Process: C:\Program Files\Kontiki\KService.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1031
Remote Address: LOCALHOST:1032
Type: TCP
Process: C:\Program Files\Kontiki\KService.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:954
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1106
Remote Address: LASERFROG-PC:1099
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:1099
Remote Address: LASERFROG-PC:1106
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: LASERFROG-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LASERFROG-PC:58606
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: LISTENING

Local Address: LASERFROG-PC:55162
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: LISTENING

Local Address: LASERFROG-PC:29831
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: LISTENING

Local Address: LASERFROG-PC:10243
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LASERFROG-PC:9500
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:8080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
State: LISTENING

Local Address: LASERFROG-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LASERFROG-PC:3390
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LASERFROG-PC:3261
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
State: LISTENING

Local Address: LASERFROG-PC:3260
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
State: LISTENING

Local Address: LASERFROG-PC:ICSLAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LASERFROG-PC:2002
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: LISTENING

Local Address: LASERFROG-PC:1947
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Kontiki\KService.exe
State: LISTENING

Local Address: LASERFROG-PC:1099
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1077
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1074
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1071
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbIR.exe
State: LISTENING

Local Address: LASERFROG-PC:1066
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1064
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1061
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1058
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1055
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1051
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1048
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1045
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: LASERFROG-PC:1042
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: LISTENING

Local Address: LASERFROG-PC:1039
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: LISTENING

Local Address: LASERFROG-PC:1036
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: LASERFROG-PC:1035
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LASERFROG-PC:1028
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: LASERFROG-PC:1027
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LASERFROG-PC:1026
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LASERFROG-PC:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: LASERFROG-PC:912
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
State: LISTENING

Local Address: LASERFROG-PC:RTSP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: LISTENING

Local Address: LASERFROG-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LASERFROG-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LASERFROG-PC.ROUTER:59156
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC.ROUTER:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC.ROUTER:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC.ROUTER:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LASERFROG-PC.ROUTER:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LASERFROG-PC:59945
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: NA

Local Address: LASERFROG-PC:59183
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:59158
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:51680
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:50654
Remote Address: NA
Type: UDP
Process: C:\Windows\explorer.exe
State: NA

Local Address: LASERFROG-PC:49192
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\alg.exe
State: NA

Local Address: LASERFROG-PC:49181
Remote Address: NA
Type: UDP
Process: C:\Windows\msa.exe
State: NA

Local Address: LASERFROG-PC:44301
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\PnkBstrA.exe
State: NA

Local Address: LASERFROG-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:59157
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:30015
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30014
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30013
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30012
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30011
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30010
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30009
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30008
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30007
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30006
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30005
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30004
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30003
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30002
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:30001
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LASERFROG-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LASERFROG-PC:63389
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:55162
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: NA

Local Address: LASERFROG-PC:52198
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: NA

Local Address: LASERFROG-PC:49665
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:49152
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:5005
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: NA

Local Address: LASERFROG-PC:5004
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: NA

Local Address: LASERFROG-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:1948
Remote Address: NA
Type: UDP
Process: C:\Program Files\Kontiki\KService.exe
State: NA

Local Address: LASERFROG-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: NA

Local Address: LASERFROG-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: NA

Local Address: LASERFROG-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: LASERFROG-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LASERFROG-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: F:\System Volume Information\tracking.log
Status: Access denied

Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\«???????»
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3f873f92-aa92-11de-b335-000fea5e09e3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3f874004-aa92-11de-b335-000fea5e09e3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\«???????»
Status: Hidden

Object: C:\Users\laserfrog\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{4A8639BB-09F1-05F4-400D-F1C515399D86}\01\10-{4A8639BB-09F1-05F4-400D-F1C515399D86}-v1-{5ECE5D95-B001-4116-ACC0-65FD
Status: Hidden

Object: C:\Users\laserfrog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\«???????»
Status: Hidden

Object: C:\Users\laserfrog\AppData\Roaming\SecuROM\UserData\???????????p?????????
Status: Hidden

Object: C:\Users\laserfrog\AppData\Roaming\SecuROM\UserData\???????????p?????????
Status: Hidden

Object: C:\Users\laserfrog\AppData\Roaming\Sports Interactive\Installer Launcher
Status: Hidden

Object: C:\Users\Public\Documents\Sports Interactive\Installer Launcher
Status: Hidden

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied



Hope you can help! Thanks
  • 0

#6
hammerman
Posted 28 September 2009 - 01:36 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello,

Please follow these steps.

-- Step 1 --

Delete the copy of win32kDiag you have and download a fresh copy to your desktop. It is important you download this file to your desktop or the rest of the fix will not work.

-- Step 2 --

Click on Start -> Run..., and copy-paste the following command (the bolded text) into the "Open:" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

-- Step 3 --

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Files to move:
C:\Windows\system32\logevent.dll | C:\Windows\system32\cngaudit.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

-- Step 4 --

Download Combofix from any of the links below but rename it to hammer.exe before saving it to your desktop.

Link 2
Link 3

==================================

Double click on hammer.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

  • 0

#7
mrsunday
Posted 28 September 2009 - 05:35 PM

mrsunday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok here's the win32kDiag log, I'm going to follow the other steps in a minute:

Running from: C:\Users\laserfrog\Desktop\win32kdiag.exe

Log file at : C:\Users\laserfrog\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP116A.tmp\ZAP116A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP116A.tmp\ZAP116A.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\temp\temp

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\tmp\tmp

Found mount point : C:\Windows\ConfigSetRoot\ConfigSetRoot

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ConfigSetRoot\ConfigSetRoot

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ehome\CreateDisc\style\style

Found mount point : C:\Windows\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ftpcache\ftpcache

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Globalization\Globalization

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Help\Corporate\Corporate

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Help\OEM\OEM

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109450090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109450090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021094B0090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\000021094B0090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Microsoft.NET\authman\authman

Found mount point : C:\Windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ModemLogs\ModemLogs

Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\nap\configuration\configuration

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Panther\setup.exe\setup.exe

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\Windows\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PIF\PIF

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PLA\Templates\Templates

Found mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}

Found mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}

Found mount point : C:\Windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Registration\CRMLog\CRMLog

Found mount point : C:\Windows\repair\wuau.{00021401-0000-0000-C000-000000000046}\wuau.{00021401-0000-0000-C000-000000000046}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\repair\wuau.{00021401-0000-0000-C000-000000000046}\wuau.{00021401-0000-0000-C000-000000000046}

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SchCache\SchCache

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\security\templates\templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Found mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFile

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFile

Found mount point : C:\Windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Sun\Java\Deployment\Deployment

Cannot access: C:\Windows\System32\cngaudit.dll

Attempting to restore permissions of : C:\Windows\System32\cngaudit.dll

[1] 2006-11-02 10:46:03 61952 C:\Windows\System32\cngaudit.dll ()

[2] 2006-11-02 10:46:03 11776 C:\Windows\System32\logevent.dll (Microsoft Corporation)

[1] 2006-11-02 10:46:03 11776 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll (Microsoft Corporation)



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-09-26 12:47:44 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-09-26 12:47:06 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-09-26 12:47:07 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-09-26 12:47:07 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-09-26 12:48:11 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Cannot access: C:\Windows\System32\WerFault.exe

Attempting to restore permissions of : C:\Windows\System32\WerFault.exe

Found mount point : C:\Windows\Temp\GUM2EBD.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\GUM2EBD.tmp\CrashReports\CrashReports

Found mount point : C:\Windows\Temp\GUM5F7E.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\GUM5F7E.tmp\CrashReports\CrashReports

Found mount point : C:\Windows\Temp\GUM70BF.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\GUM70BF.tmp\CrashReports\CrashReports

Found mount point : C:\Windows\Temp\GUM7B3D.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\GUM7B3D.tmp\CrashReports\CrashReports

Found mount point : C:\Windows\Temp\GUM80A7.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\GUM80A7.tmp\CrashReports\CrashReports

Found mount point : C:\Windows\Temp\GUMEA9.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\GUMEA9.tmp\CrashReports\CrashReports

Found mount point : C:\Windows\Temp\GUMEB64.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\GUMEB64.tmp\CrashReports\CrashReports

Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\tracing\tracing

Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\winsxs\InstallTemp\InstallTemp

Found mount point : C:\Windows\winsxs\Temp\PendingDeletes\PendingDeletes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\winsxs\Temp\PendingDeletes\PendingDeletes



Finished!
  • 0

#8
mrsunday
Posted 28 September 2009 - 05:59 PM

mrsunday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here's the Avenger log: Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\Windows\system32\logevent.dll|C:\Windows\system32\cngaudit.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#9
mrsunday
Posted 28 September 2009 - 06:07 PM

mrsunday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I just tried runnung combofix after renaming it hammer.exe and this came up, i've uploaded an imagehidec.jpg
  • 0

#10
mrsunday
Posted 28 September 2009 - 06:09 PM

mrsunday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
oh no! Also this just came up: combofixerror.jpg
  • 0

Advertisements

#11
hammerman
Posted 29 September 2009 - 06:31 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

This may be bad news as Virut means a reformat/re-install. Let's check if it is indeed Virut.

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\Windows\explorer.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Repeat the above for the following files.

C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
  • 0

#12
mrsunday
Posted 29 September 2009 - 09:06 AM

mrsunday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here's the result for explorer.exe:

VirSCAN.org Scanned Report :
Scanned time : 2009/09/29 15:49:29 (BST)
Scanner results: All Scanners reported not find malware!
File Name : explorer.exe
File Size : 2927104 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 4f554999d7d5f05daaebba7b5ba1089d
SHA1 : e509a42554cc0e5888ac8bf494d3c02223238609
Online report : http://virscan.org/r...3ce2f5636d.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090929000129 2009-09-29 4.56 -
AhnLab V3 2009.09.29.06 2009.09.29 2009-09-29 0.85 -
AntiVir 8.2.1.27 7.1.6.52 2009-09-29 0.54 -
Antiy 2.0.18 20090929.2941244 2009-09-29 0.12 -
Arcavir 2009 200909291037 2009-09-29 0.09 -
Authentium 5.1.1 200909290916 2009-09-29 2.31 -
AVAST! 4.7.4 090928-0 2009-09-28 0.11 -
AVG 8.5.288 270.13.114/2402 2009-09-29 0.33 -
BitDefender 7.81008.4285962 7.27967 2009-09-29 3.68 -
CA (VET) 9.0.0.143 31.6.6767 2009-09-29 6.25 -
ClamAV 0.95.2 9849 2009-09-29 0.32 -
Comodo 3.11 2469 2009-09-29 1.12 -
CP Secure 1.3.0.5 2009.09.29 2009-09-29 0.47 -
Dr.Web 4.44.0.9170 2009.09.29 2009-09-29 5.48 -
F-Prot 4.4.4.56 20090929 2009-09-29 2.22 -
F-Secure 7.02.73807 2009.09.29.08 2009-09-29 0.14 -
Fortinet 2.81-3.120 10.888 2009-09-29 0.65 -
GData 19.8136/19.493 20090929 2009-09-29 5.21 -
ViRobot 20090929 2009.09.29 2009-09-29 0.61 -
Ikarus T3.1.01.72 2009.09.29.73820 2009-09-29 4.09 -
JiangMin 11.0.800 2009.09.26 2009-09-26 15.46 -
Kaspersky 5.5.10 2009.09.29 2009-09-29 0.07 -
KingSoft 2009.2.5.15 2009.9.29.22 2009-09-29 1.04 -
McAfee 5.3.00 5755 2009-09-28 5.02 -
Microsoft 1.5101 2009.09.29 2009-09-29 7.24 -
Norman 6.01.09 6.01.00 2009-09-16 1.88 -
Panda 9.05.01 2009.09.28 2009-09-28 5.11 -
Trend Micro 8.700-1004 6.486.03 2009-09-29 0.03 -
Quick Heal 10.00 2009.09.29 2009-09-29 2.93 -
Rising 20.0 21.49.14.00 2009-09-29 1.28 -
Sophos 2.90.1 4.45 2009-09-29 3.42 -
Sunbelt 5420 5420 2009-09-28 2.38 -
Symantec 1.3.0.24 20090928.003 2009-09-28 0.12 -
nProtect 20090929.01 5672855 2009-09-29 12.97 -
The Hacker 6.5.0.2 v00021 2009-09-28 1.96 -
VBA32 3.12.10.11 20090928.1523 2009-09-28 2.25 -
VirusBuster 4.5.11.10 10.112.52/1924976 2009-09-28 2.90 -

Here's the svchost.exe scan:

VirSCAN.org Scanned Report :
Scanned time : 2009/09/29 15:54:44 (BST)
Scanner results: All Scanners reported not find malware!
File Name : svchost.exe
File Size : 21504 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 3794b461c45882e06856f282eef025af
SHA1 : bf15549a7ec01ac505ccac036aba5b9bae688135
Online report : http://virscan.org/r...852c1f345d.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090929000129 2009-09-29 4.30 -
AhnLab V3 2009.09.29.06 2009.09.29 2009-09-29 0.96 -
AntiVir 8.2.1.27 7.1.6.52 2009-09-29 0.09 -
Antiy 2.0.18 20090929.2941244 2009-09-29 0.12 -
Arcavir 2009 200909291037 2009-09-29 0.03 -
Authentium 5.1.1 200909290916 2009-09-29 1.20 -
AVAST! 4.7.4 090928-0 2009-09-28 0.01 -
AVG 8.5.288 270.13.114/2402 2009-09-29 0.30 -
BitDefender 7.81008.4285962 7.27967 2009-09-29 3.67 -
CA (VET) 9.0.0.143 31.6.6767 2009-09-29 3.29 -
ClamAV 0.95.2 9849 2009-09-29 0.01 -
Comodo 3.11 2469 2009-09-29 1.08 -
CP Secure 1.3.0.5 2009.09.29 2009-09-29 0.04 -
Dr.Web 4.44.0.9170 2009.09.29 2009-09-29 5.45 -
F-Prot 4.4.4.56 20090929 2009-09-29 1.19 -
F-Secure 7.02.73807 2009.09.29.08 2009-09-29 0.10 -
Fortinet 2.81-3.120 10.888 2009-09-29 0.42 -
GData 19.8136/19.493 20090929 2009-09-29 7.67 -
ViRobot 20090929 2009.09.29 2009-09-29 0.43 -
Ikarus T3.1.01.72 2009.09.29.73820 2009-09-29 4.10 -
JiangMin 11.0.800 2009.09.26 2009-09-26 3.75 -
Kaspersky 5.5.10 2009.09.29 2009-09-29 0.07 -
KingSoft 2009.2.5.15 2009.9.29.22 2009-09-29 0.57 -
McAfee 5.3.00 5755 2009-09-28 3.23 -
Microsoft 1.5101 2009.09.29 2009-09-29 7.68 -
Norman 6.01.09 6.01.00 2009-09-16 2.85 -
Panda 9.05.01 2009.09.28 2009-09-28 4.16 -
Trend Micro 8.700-1004 6.486.03 2009-09-29 0.03 -
Quick Heal 10.00 2009.09.29 2009-09-29 1.19 -
Rising 20.0 21.49.14.00 2009-09-29 0.82 -
Sophos 2.90.1 4.45 2009-09-29 3.41 -
Sunbelt 5420 5420 2009-09-28 3.52 -
Symantec 1.3.0.24 20090928.003 2009-09-28 0.09 -
nProtect 20090929.01 5672855 2009-09-29 7.53 -
The Hacker 6.5.0.2 v00021 2009-09-28 0.71 -
VBA32 3.12.10.11 20090928.1523 2009-09-28 2.00 -
VirusBuster 4.5.11.10 10.112.52/1924976 2009-09-28 2.33 -

and winlogon.exe:

VirSCAN.org Scanned Report :
Scanned time : 2009/09/29 15:57:38 (BST)
Scanner results: All Scanners reported not find malware!
File Name : winlogon.exe
File Size : 314880 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : c2610b6bdbefc053bbdab4f1b965cb24
SHA1 : 145787476862969411875c30e3ef177bc8ac1863
Online report : http://virscan.org/r...6902593a62.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090929000129 2009-09-29 5.36 -
AhnLab V3 2009.09.29.06 2009.09.29 2009-09-29 2.30 -
AntiVir 8.2.1.27 7.1.6.52 2009-09-29 0.33 -
Antiy 2.0.18 20090929.2941244 2009-09-29 0.12 -
Arcavir 2009 200909291037 2009-09-29 0.08 -
Authentium 5.1.1 200909290916 2009-09-29 2.04 -
AVAST! 4.7.4 090928-0 2009-09-28 0.02 -
AVG 8.5.288 270.13.114/2402 2009-09-29 0.30 -
BitDefender 7.81008.4285962 7.27967 2009-09-29 3.68 -
CA (VET) 9.0.0.143 31.6.6767 2009-09-29 8.18 -
ClamAV 0.95.2 9849 2009-09-29 0.06 -
Comodo 3.11 2469 2009-09-29 0.74 -
CP Secure 1.3.0.5 2009.09.29 2009-09-29 0.08 -
Dr.Web 4.44.0.9170 2009.09.29 2009-09-29 5.54 -
F-Prot 4.4.4.56 20090929 2009-09-29 1.96 -
F-Secure 7.02.73807 2009.09.29.08 2009-09-29 8.49 -
Fortinet 2.81-3.120 10.888 2009-09-29 0.27 -
GData 19.8136/19.493 20090929 2009-09-29 6.03 -
ViRobot 20090929 2009.09.29 2009-09-29 0.42 -
Ikarus T3.1.01.72 2009.09.29.73820 2009-09-29 4.17 -
JiangMin 11.0.800 2009.09.26 2009-09-26 8.32 -
Kaspersky 5.5.10 2009.09.29 2009-09-29 0.06 -
KingSoft 2009.2.5.15 2009.9.29.22 2009-09-29 0.56 -
McAfee 5.3.00 5755 2009-09-28 3.31 -
Microsoft 1.5101 2009.09.29 2009-09-29 6.09 -
Norman 6.01.09 6.01.00 2009-09-16 1.88 -
Panda 9.05.01 2009.09.28 2009-09-28 2.77 -
Trend Micro 8.700-1004 6.486.03 2009-09-29 0.03 -
Quick Heal 10.00 2009.09.29 2009-09-29 1.42 -
Rising 20.0 21.49.14.00 2009-09-29 1.49 -
Sophos 2.90.1 4.45 2009-09-29 3.45 -
Sunbelt 5420 5420 2009-09-28 1.78 -
Symantec 1.3.0.24 20090928.003 2009-09-28 0.09 -
nProtect 20090929.01 5672855 2009-09-29 10.15 -
The Hacker 6.5.0.2 v00021 2009-09-28 0.91 -
VBA32 3.12.10.11 20090928.1523 2009-09-28 2.25 -
VirusBuster 4.5.11.10 10.112.52/1924976 2009-09-28 2.44 -
  • 0

#13
hammerman
Posted 29 September 2009 - 01:51 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, choose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0

#14
hammerman
Posted 29 September 2009 - 02:24 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Can you hold on the Dr.Web scan - I need to check something first.
  • 0

#15
mrsunday
Posted 29 September 2009 - 02:26 PM

mrsunday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP