Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix.exe Log


  • This topic is locked This topic is locked
1 reply to this topic

#1 Rhodderzxii

Rhodderzxii

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 26 July 2008 - 04:16 AM

hi i had a virus and had trouble getting rid of it and googled the names of the dll and came up with combofix and was told to upload the log file
so here it is




ComboFix 08-07-25.4 - Rhodderz 2008-07-26 9:27:14.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1055 [GMT 1:00]
Running from: C:\Users\Rhodderz\Desktop\ComboFix.exe
Command switches used :: \killall
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vzr
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vzr
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\ShoppingReport
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\afpliqps.ini
C:\Windows\system32\eplxijvs.ini
C:\Windows\System32\eyheyhmo.ini
C:\Windows\system32\gsnjistl.ini
C:\Windows\system32\heeynbhl.ini
C:\Windows\system32\hnvjotes.ini
C:\Windows\system32\hqalxqif.ini
C:\Windows\system32\kfjtwqbl.ini
C:\Windows\system32\ljJBtrrQ.dll
C:\Windows\system32\lmcihghs.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\ndkoocro.ini
C:\Windows\system32\rfgmpdui.ini
C:\Windows\system32\sex2.ico

----- BITS: Possible infected sites -----

http://theinstalls.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.

2008-07-23 14:59 . 2008-07-23 14:59 <DIR> d-------- C:\Program Files\Sun
2008-07-19 12:59 . 2008-07-26 08:56 3,521 --a------ C:\rollback.ini
2008-07-19 12:22 . 2008-07-26 09:35 4,576,800 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-07-19 12:22 . 2008-07-26 09:35 56,804 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-07-19 11:48 . 2008-01-09 03:31 75,248 --a------ C:\Windows\zllsputility.exe
2008-07-19 11:46 . 2008-07-19 11:46 <DIR> d-------- C:\ProgramData\CheckPoint
2008-07-19 11:46 . 2008-07-19 11:46 <DIR> d-------- C:\Program Files\Zone Labs
2008-07-19 11:46 . 2008-01-09 03:31 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-07-19 11:46 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-07-19 11:45 . 2008-07-26 08:51 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-07-19 11:45 . 2008-07-26 09:37 354,388 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-07-19 11:45 . 2008-01-09 03:32 276,368 --------- C:\Windows\System32\drivers\vsdatant.sys
2008-07-19 10:58 . 2008-07-19 10:58 <DIR> d-------- C:\Program Files\123 Flash Menu
2008-07-19 10:43 . 2008-07-19 10:43 <DIR> d-------- C:\Program Files\SourceTec
2008-07-19 10:43 . 2008-07-19 10:43 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-07-18 21:32 . 2008-07-18 21:32 <DIR> d-------- C:\Program Files\Cosmic Bugs
2008-07-18 21:31 . 2008-07-18 21:31 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-07-18 21:29 . 2008-07-18 21:32 <DIR> d-------- C:\Program Files\AirXonix
2008-07-18 21:29 . 2008-07-18 21:29 4,096 --a------ C:\Windows\d3dx.dat
2008-07-16 17:46 . 2008-07-16 17:46 <DIR> d-------- C:\Program Files\Windows SideShow
2008-07-15 21:01 . 2008-07-15 21:01 <DIR> d-------- C:\Program Files\RAR Password Cracker
2008-07-13 21:17 . 2008-07-13 21:19 <DIR> d-------- C:\Program Files\Zune
2008-07-13 16:13 . 2008-07-13 16:13 <DIR> d-------- C:\Program Files\iTunes
2008-07-13 16:13 . 2008-07-13 16:13 <DIR> d-------- C:\Program Files\iPod
2008-07-13 16:11 . 2008-07-13 16:12 <DIR> d-------- C:\Program Files\QuickTime
2008-07-13 15:56 . 2008-07-13 15:56 <DIR> d-------- C:\Program Files\Safari
2008-07-11 16:01 . 2008-07-11 16:02 <DIR> d-------- C:\Program Files\AdorageI-GfxDatas
2008-07-10 21:09 . 2008-06-26 02:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-10 21:09 . 2008-06-26 02:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-10 21:09 . 2008-06-26 04:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-09 18:57 . 2008-07-09 18:57 <DIR> d-------- C:\Program Files\Capture-A-ScreenShot
2008-07-09 18:33 . 2008-07-09 18:33 <DIR> d-------- C:\Program Files\proDAD
2008-07-09 18:26 . 2008-07-09 18:26 <DIR> d-------- C:\Program Files\AdorageI-SAL
2008-07-05 21:47 . 2007-03-14 08:25 1,577,045 --a------ C:\Windows\System32\SaFireU.dll
2008-07-05 20:21 . 2008-07-05 21:25 <DIR> d-------- C:\Users\Rhodderz\AppData\Roaming\Download Manager
2008-07-05 19:59 . 2006-11-03 16:13 226,816 --a------ C:\Windows\System32\drivers\wisgostrm.sys
2008-07-05 19:59 . 2008-07-11 16:12 2,256 --a------ C:\Windows\current_settings.bin
2008-07-05 19:08 . 2002-09-24 10:12 2,653,888 --a------ C:\Windows\System32\LTRDG13n.OCX
2008-07-05 19:08 . 2002-09-24 10:12 934,576 --a------ C:\Windows\System32\ltr13n.dll
2008-07-05 19:08 . 2002-09-24 10:12 534,192 --a------ C:\Windows\System32\LTRVW13N.OCX
2008-07-05 19:08 . 2002-09-24 10:12 466,624 --a------ C:\Windows\System32\LTRPR13n.DLL
2008-07-05 19:08 . 2005-07-12 13:25 401,408 --a------ C:\Windows\System32\pvmjpg30.dll
2008-07-05 19:08 . 2002-09-24 10:12 304,816 --a------ C:\Windows\System32\LTRIO13N.DLL
2008-07-05 19:08 . 2006-03-28 22:50 233,472 --a------ C:\Windows\System32\DiskIO.dll
2008-07-05 19:08 . 2002-09-24 10:12 194,248 --a------ C:\Windows\System32\LTRFD13n.DLL
2008-07-05 19:08 . 2006-03-28 22:45 184,320 --a------ C:\Windows\System32\RALMain.dll
2008-07-05 19:05 . 2008-07-05 19:06 <DIR> d-------- C:\ProgramData\SmartSound Software Inc
2008-07-05 19:05 . 2008-07-05 19:05 <DIR> d-------- C:\Program Files\SmartSound Software
2008-07-05 19:03 . 2008-07-05 19:03 <DIR> d-------- C:\Program Files\DivX
2008-07-05 19:03 . 2003-11-25 05:02 196,096 --a------ C:\Windows\System32\macd32.dll
2008-07-05 19:03 . 2003-11-25 05:02 138,752 --a------ C:\Windows\System32\mase32.dll
2008-07-05 19:03 . 2003-11-25 05:02 136,192 --a------ C:\Windows\System32\mamc32.dll
2008-07-05 19:03 . 2004-07-02 16:28 89,088 --a------ C:\Windows\System32\atl71.dll
2008-07-05 19:03 . 2004-07-02 16:28 84,992 --a------ C:\Windows\System32\ATL70.DLL
2008-07-05 19:03 . 2003-11-25 05:02 57,856 --a------ C:\Windows\System32\masd32.dll
2008-07-05 19:03 . 2003-11-25 05:02 27,648 --a------ C:\Windows\System32\ma32.dll
2008-07-05 19:03 . 2005-02-09 11:59 14,165 --a------ C:\Windows\System32\drivers\Pclepci.sys
2008-07-05 19:01 . 2001-05-16 00:48 38,232 --a------ C:\Windows\wmprfsky.prx
2008-07-05 19:00 . 2005-03-21 23:26 1,047,552 --a------ C:\Windows\System32\MFC71u.DLL
2008-07-05 18:59 . 2008-07-05 21:48 <DIR> d-------- C:\ProgramData\Pinnacle Studio
2008-07-05 18:56 . 2008-07-05 21:48 <DIR> d-------- C:\ProgramData\Pinnacle
2008-07-05 18:56 . 2008-07-05 19:06 <DIR> d-------- C:\Program Files\Pinnacle
2008-06-29 22:08 . 2008-06-29 22:09 <DIR> d-------- C:\Program Files\TorrentSpeeder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 08:40 --------- d-----w C:\Users\Rhodderz\AppData\Roaming\BitTorrent
2008-07-26 08:35 2,051,072 ----a-w C:\Windows\Internet Logs\xDB93F3.tmp
2008-07-26 08:35 --------- d-----w C:\Users\Rhodderz\AppData\Roaming\DNA
2008-07-26 08:22 --------- d-----w C:\Program Files\BitLord2
2008-07-23 13:58 --------- d-----w C:\Program Files\Java
2008-07-20 12:25 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-19 12:02 --------- d-----w C:\Program Files\OneStepSearch
2008-07-16 16:36 --------- d-----w C:\Users\Rhodderz\AppData\Roaming\Apple Computer
2008-07-11 14:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 19:13 --------- d-----w C:\Program Files\Quake III Arena (BOB)
2008-07-09 14:52 --------- d-----w C:\Program Files\Windows Mail
2008-06-29 09:08 --------- d-----w C:\ProgramData\Google Updater
2008-06-29 08:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-28 10:14 --------- d-----w C:\ProgramData\Symantec
2008-06-23 21:10 --------- d-----w C:\Program Files\EA Games
2008-06-22 09:18 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-22 08:39 --------- d-----w C:\ProgramData\WindowsSearch
2008-06-21 15:06 --------- d-----w C:\Program Files\Nsauditor
2008-06-20 07:14 --------- d-----w C:\Program Files\Common Files\Java
2008-06-19 17:34 --------- d-----w C:\Program Files\IntelegSoft
2008-06-18 21:20 --------- d-----w C:\Users\Rhodderz\AppData\Roaming\.ZMatrix
2008-06-18 21:17 --------- d-----w C:\Program Files\ZMatrix
2008-06-18 19:24 --------- d-----w C:\Program Files\DesktopEffects
2008-06-18 18:51 16,180 ----a-w C:\Windows\System32\DreamScene.reg
2008-06-18 18:51 122,880 ----a-w C:\Windows\System32\DreamScene.2.bak.dll
2008-06-18 18:47 1,149,440 ----a-w C:\Windows\System32\themecpl.dll
2008-06-18 15:25 174 --sha-w C:\Program Files\desktop.ini
2008-06-18 15:10 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-18 15:10 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-18 15:10 --------- d-----w C:\Program Files\Windows Journal
2008-06-18 15:10 --------- d-----w C:\Program Files\Windows Defender
2008-06-18 15:10 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-18 15:10 --------- d-----w C:\Program Files\Windows Calendar
2008-06-18 07:11 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-18 07:10 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-16 15:06 --------- d-----w C:\Program Files\Maxis
2008-06-15 20:02 --------- d-----w C:\Program Files\Install Wizard Creator
2008-06-14 19:31 --------- d-----w C:\Program Files\Nsasoft
2008-06-14 12:49 --------- d-----w C:\ProgramData\Stardock
2008-06-14 12:21 --------- d-----w C:\Program Files\FLV Player
2008-06-14 07:47 --------- d-----w C:\Program Files\DreamRender
2008-06-11 22:57 --------- d-----w C:\Program Files\Microsoft Virtual PC
2008-06-08 23:05 --------- d-----w C:\Program Files\M Exe Editor
2008-06-05 21:35 --------- d-----w C:\Program Files\Stardock
2008-06-05 15:45 --------- d-----w C:\ProgramData\Messenger Plus!
2008-06-04 21:20 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-04 21:10 --------- d-----w C:\ProgramData\WLInstaller
2008-06-04 19:28 --------- d-----w C:\Program Files\Apple Software Update
2008-06-02 18:10 --------- d-----w C:\Program Files\DOSBox-0.70
2008-06-02 16:00 --------- d-----w C:\Program Files\Microsoft Games
2008-06-01 21:32 --------- d-----w C:\Program Files\YouTube Downloader
2008-06-01 07:43 --------- d-----w C:\Program Files\id Software
2008-05-31 12:30 --------- d-----w C:\Users\Rhodderz\AppData\Roaming\Microsoft Game Studios
2008-05-31 12:30 --------- d-----w C:\ProgramData\Microsoft Games
2008-05-30 19:22 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-05-30 12:36 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-05-30 12:25 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-05-30 12:25 --------- d-----w C:\Users\Rhodderz\AppData\Roaming\DAEMON Tools
2008-05-30 12:24 --------- d---a-w C:\ProgramData\TEMP
2008-05-30 12:23 --------- d-----w C:\Program Files\Bittorrent Download Accelerator Pro
2008-05-29 16:52 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-29 11:41 --------- d-----w C:\Program Files\BitTorrent
2008-05-29 11:27 --------- d-----w C:\Program Files\DNA
2008-05-28 22:50 --------- d-----w C:\Program Files\Microsoft Works
2008-05-28 13:06 --------- d-----w C:\Program Files\Belkin
2008-05-27 16:39 3,825,152 ----a-w C:\Windows\System32\winload.old2.exe
2008-05-27 16:14 --------- d-----w C:\Program Files\Vista Boot Logo Generator
2008-05-26 19:08 --------- d-----w C:\Users\Rhodderz\AppData\Roaming\InstallShield
2008-05-22 17:18 109,568 ----a-w C:\Windows\System32\pxinsi64.exe
2008-05-22 17:18 108,544 ----a-w C:\Windows\System32\pxcpyi64.exe
2008-05-19 20:38 0 ----a-w C:\Users\Rhodderz\AppData\Roaming\wklnhst.dat
2008-05-19 19:08 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-05-19 17:46 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-19 17:45 988,216 ----a-w C:\Windows\System32\winload.exe
2008-05-19 17:45 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-05-19 17:45 615,992 ----a-w C:\Windows\System32\ci.dll
2008-05-19 17:45 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-05-19 17:45 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-19 17:45 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-05-19 17:45 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-05-19 17:45 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-19 17:45 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-19 17:44 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-05-19 17:42 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-05-12 16:32 2,924,544 ----a-w C:\Windows\explorerMOD.exe
2008-05-10 03:35 885,248 ----a-w C:\Windows\System32\RacEngn.dll
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-29 18:56 245,664 ----a-w C:\Windows\System32\ZuneWlanCfgSvc.exe
2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 16:18 68856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"BitTorrent DNA"="C:\Users\Rhodderz\Program Files\DNA\btdna.exe" [2008-05-29 13:54 289088]
"BitTorrent"="C:\Users\Rhodderz\Program Files\BitTorrent\BitTorrent.exe" [2008-06-19 23:30 587568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpareMessaging"="C:\Program Files\Spare Messaging\MessagingApp.exe" [2007-11-28 17:43 42824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"OSD"="C:\Program Files\C&E\OSD\osd.exe" [2007-08-28 14:36 671801]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-19 16:25 185632]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2006-11-10 16:19 1051648]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440]
"UpdateP2GShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2007-07-26 22:07 202024]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 08:33 227840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264]
"V0230Mon.exe"="C:\Windows\V0230Mon.exe" [2006-09-06 18:01 32768]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-08-16 01:12 24576]
"LaunchList"="C:\Program Files\Pinnacle\Studio 10\LaunchList.exe" [2007-01-04 11:27 50712]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 20:26 4702208 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 14:22 1826816 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB2AB280-FE14-4C20-A551-79ADEF5207A9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DD7AA0A8-A9A3-4CFB-AD24-2A6B1F374988}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{60CE70A9-D815-4889-B6BD-440B75C41D30}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DBDDF834-B035-4612-960D-DB5383FEDACB}C:\\users\\rhodderz\\documents\\downloads\\copy of ip2ipchat.exe"= UDP:C:\users\rhodderz\documents\downloads\copy of ip2ipchat.exe:copy of ip2ipchat.exe
"UDP Query User{0664A093-6809-421E-96A8-FB29C3305548}C:\\users\\rhodderz\\documents\\downloads\\copy of ip2ipchat.exe"= TCP:C:\users\rhodderz\documents\downloads\copy of ip2ipchat.exe:copy of ip2ipchat.exe
"{CA7A3B09-6436-445B-AC45-D01AB50CC970}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{209C8B33-7A7A-41F1-9799-D57C323DDD77}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{06EBA4FC-9A49-4BA1-BB81-E115A1EF978D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8791F399-BE63-414B-A3D7-2D5AD825D6D9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{C7CA8C46-32F8-436C-814C-24D18A4F7EBD}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{7575B60F-9EA6-4500-BE92-4B576909B054}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{838DD877-62D3-4F85-A2F2-BC2DB27927CC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A6AC9BFF-7C84-400C-8FA2-D98BEE91A4FB}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{CAA4E239-98DF-44CB-9735-4456DDE34BD7}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"TCP Query User{6A89BDDD-F6BB-4E98-96A8-30B9E05F6873}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{73FB41DD-38C5-4B58-9094-D2BC53F01466}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{61410EF3-745A-46F4-93EB-DE7978F0BDEC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9FD9F08B-4E5A-4B66-8240-13A7276F2B7C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{60EDBB68-259D-4B57-9415-39D2304FD52C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{13145C2B-CE27-4013-88A2-A3FD367B8770}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E262DDB0-78B6-401A-AE0F-D40B7E8FB754}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{74C324F5-D8E4-47D8-97D2-11E2789C76BF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD725DD0-0C75-457D-B782-44A9DD233991}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E88214ED-8E4C-45D0-BF67-A0F3B378155A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C4415011-38CC-498B-9472-C37C682A236B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4EB558EE-EDA3-4715-9D60-115FD6919336}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8D4C7DD6-3B71-4E2F-A797-A8056B1BDBE0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{730F5AD6-D8C2-475D-B87B-6CAE9DEA2D5D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CB68D168-2DB5-4BAF-82BA-F5EA5E8E8BF2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{11B8B5B8-5E5B-48E9-95ED-A19D0CCBCAFE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B09EBE26-B4BC-4FBF-8A6E-303B8765E1C3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{992F2078-8CBE-42B7-808B-7FF8794033A7}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{6A766FFF-41AA-40E5-8704-438DF66BA79C}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"{47556B87-7F2A-417D-8022-A9B0BA9DCA97}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{43CCDC7F-D7C3-4D4E-BC6C-1931EF31F64C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2D69A868-0BEC-4D89-9A38-EE38DDA86061}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9FF6330D-7338-4BA5-ACC3-4DE04FF08BEE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{76268DE2-7041-4E45-B089-F4C25A62C59D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{001AA611-C455-4A57-A313-D0C65A5374A2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BB8A05EC-157F-443A-B952-AA1C587FD2F3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2060C6AF-130E-4F79-A8F1-6B2DFFDA2C20}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{0C543BC4-866F-4028-B307-49B4257E8D5E}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{14946149-F0E3-472C-8DCA-A1F441D56B91}C:\\program files\\lucasarts\\star wars empire at war\\gamedata\\fpupdate.exe"= UDP:C:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe:fpupdate
"UDP Query User{BA802CD2-F163-470C-95AF-60B4516BF2F2}C:\\program files\\lucasarts\\star wars empire at war\\gamedata\\fpupdate.exe"= TCP:C:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe:fpupdate
"TCP Query User{1EA947DD-F67E-4480-AD9A-C4B149256856}C:\\program files\\quake iii arena (bob)\\quake3.exe"= UDP:C:\program files\quake iii arena (bob)\quake3.exe:quake3
"UDP Query User{8E61CFC5-8163-4B68-B64A-413589E30BB6}C:\\program files\\quake iii arena (bob)\\quake3.exe"= TCP:C:\program files\quake iii arena (bob)\quake3.exe:quake3
"{F48B0632-119D-4C5D-A140-8B220A3DC0EC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5DCFDEB8-B5D2-43F8-A7E4-90A7D598A882}\\\\bob\\quake iii arena\\quake3.exe"= UDP:\\bob\quake iii arena\quake3.exe:quake3.exe
"UDP Query User{6EB385CC-4BF6-46F4-A663-2FA64680546F}\\\\bob\\quake iii arena\\quake3.exe"= TCP:\\bob\quake iii arena\quake3.exe:quake3.exe
"{F18F80A3-8646-433F-9D00-C6108F02B469}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{083ECCD0-6908-41F8-BF8A-EE0D31D909D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BA09D79F-D8F7-4D69-A458-B9B4870F84B7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2B7AEABD-2498-431B-A502-ED272810F829}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{390F4CF6-C66C-4138-9B73-BBB094D24962}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B4B5452E-E0B8-435E-AD3A-4BF715D0705F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8121EB3E-0CFD-43BC-B30C-CFA71B3CE745}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FE7F2BFF-C5CC-4B78-87FE-37122BA45DD0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B573C94A-1DD0-4C6A-BDA8-E118DF0242B6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BDF8F4F7-7AF5-4856-B48E-6739E922ED7B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C93DDD16-7D06-43D5-9F0A-7BE1DC7C57D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{25EE7F2A-0E75-4446-8776-5D28B752A0ED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{79F931AB-8EB3-4D1D-8A90-339BFF81A64C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{35BEE16F-0230-46BF-B293-698917D55314}C:\\program files\\quake iii arena (bob)\\quake3.exe"= UDP:C:\program files\quake iii arena (bob)\quake3.exe:quake3
"UDP Query User{01704999-925C-4601-8FDA-6320D970685A}C:\\program files\\quake iii arena (bob)\\quake3.exe"= TCP:C:\program files\quake iii arena (bob)\quake3.exe:quake3
"TCP Query User{87442C4D-C52C-4591-9AF4-A0E2FB49F831}C:\\users\\rhodderz\\appdata\\local\\temp\\wzse0.tmp\\upgradest\\upgradest.exe"= UDP:C:\users\rhodderz\appdata\local\temp\wzse0.tmp\upgradest\upgradest.exe:upgradest.exe
"UDP Query User{E3C25901-BF4F-4EBD-9EDD-E17A5E1B186F}C:\\users\\rhodderz\\appdata\\local\\temp\\wzse0.tmp\\upgradest\\upgradest.exe"= TCP:C:\users\rhodderz\appdata\local\temp\wzse0.tmp\upgradest\upgradest.exe:upgradest.exe
"{8A9538ED-9D8A-4EA5-9239-6E6B88B65FE0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D774EA9E-56AA-4FB6-94C9-04EE564F6D13}C:\\users\\rhodderz\\appdata\\local\\temp\\wzse2.tmp\\upgradest\\upgradest.exe"= UDP:C:\users\rhodderz\appdata\local\temp\wzse2.tmp\upgradest\upgradest.exe:upgradest.exe
"UDP Query User{7308A4BC-BFFD-467F-916D-1C1F85FD3589}C:\\users\\rhodderz\\appdata\\local\\temp\\wzse2.tmp\\upgradest\\upgradest.exe"= TCP:C:\users\rhodderz\appdata\local\temp\wzse2.tmp\upgradest\upgradest.exe:upgradest.exe
"{7C579640-BE72-4813-B11D-548281207B35}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D1CB2706-47DD-4D9A-970B-70668EA6C7D3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1E95EEC2-E386-4CA9-ACF9-9C51C0ADDD2F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C22E8667-A5EB-465B-A9B3-8D09B1F7E55A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5058B355-6A79-410B-91DE-C46C62A5383D}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{6CF7E927-DE3D-44F0-B916-F51E2F571239}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{1D4A6557-1882-4169-A775-9EFD767ACA11}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{F513599B-14BC-4D7E-932B-E46AED76EE49}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{338821CB-5979-489C-B9DD-27B63ED18A2A}"= UDP:32463:bittorent
"{E3ECD471-5D58-4363-81D7-6ABE5F4DEA5E}"= UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{C806B37A-ED21-4133-9D84-6A86F4AA5BCF}"= TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{AA6AC16E-B434-4569-ACBB-824D8AA12643}C:\\users\\rhodderz\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\rhodderz\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{BF630C39-A9CB-4EB9-AA60-ED03E306EE12}C:\\users\\rhodderz\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\rhodderz\program files\bittorrent\bittorrent.exe:bittorrent.exe
"TCP Query User{C6C74E47-F730-419C-853A-0346EC6237BC}C:\\users\\rhodderz\\program files\\dna\\btdna.exe"= UDP:C:\users\rhodderz\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CEA81B78-8932-4934-A74F-19A8CD4981FB}C:\\users\\rhodderz\\program files\\dna\\btdna.exe"= TCP:C:\users\rhodderz\program files\dna\btdna.exe:btdna.exe
"TCP Query User{595AC5A9-BF3B-4D04-9D89-B2DB6D444E26}C:\\users\\rhodderz\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\rhodderz\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{86A45355-3CAA-4CBF-80D0-06C427BF8D85}C:\\users\\rhodderz\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\rhodderz\program files\bittorrent\bittorrent.exe:bittorrent.exe
"{747DCA64-7A72-464E-93DA-F8BD90FC053E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A1C12504-F35D-4667-B96E-3B9DE3D2D4D0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D59559DD-8372-4738-89B0-A0B6A7486FB3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{64F9B609-FBCD-4361-86CF-A4C10794C4B9}C:\\users\\rhodderz\\program files\\dna\\btdna.exe"= UDP:C:\users\rhodderz\program files\dna\btdna.exe:btdna.exe
"UDP Query User{55796867-D7C6-47B0-A88F-D4F2958275FA}C:\\users\\rhodderz\\program files\\dna\\btdna.exe"= TCP:C:\users\rhodderz\program files\dna\btdna.exe:btdna.exe
"TCP Query User{5C66DC7B-B1D9-4369-850B-3AAF7D113E3F}C:\\program files\\dap\\dap.exe"= UDP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"UDP Query User{DE0057FB-CC9C-459D-AA2A-71F1377FBB27}C:\\program files\\dap\\dap.exe"= TCP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"{13F8C30E-0A0A-452B-9568-DE7B3E1398B1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D1AAAA38-7626-475B-9E76-2F6C0EABC21F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0439EEEE-2656-4539-A170-57586E0FCF1A}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{BA711C5A-0815-4C31-9473-F51E3A0CEBE0}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo
"{78BC8864-82DF-4858-AEFF-328EA82F0DEB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{49CC51A6-FA8D-4627-984C-0276683EADDE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F248E373-7056-4618-9E5A-3C3D492E64A9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CB59ABE8-B627-4162-B2F2-514EE1F5A5DA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FD0FB23F-31CD-426B-9497-7D6D6161F674}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FEF7DA3E-61C6-404A-856E-927EBE7DA9AD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EF40C6F5-7081-4B24-ADA7-F3BA55DABB9D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29B19F5B-9763-4921-8F41-65CB6DD674D3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E128EF8F-5949-45C0-94B3-F77270485403}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B350B00A-7F90-4B07-A04F-C03B5224AAEB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A8ABB329-FE98-42AD-90D6-4A4DD44E7D33}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ADE30FAB-DBBA-4979-AD76-F26A26893EBC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D7D6BD02-9FA2-42F8-AC8A-1620F160322E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E38387B8-938F-4424-A7F7-9B5B2E90606B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{41EE4853-1821-4EE0-BD7B-365D708FB7C4}"= Disabled:UDP:C:\Program Files\id Software\Quake 4\quake4.exe:Quake 4
"{4D20D36B-9A85-4D8F-A995-884CDB70CAAB}"= Disabled:TCP:C:\Program Files\id Software\Quake 4\quake4.exe:Quake 4
"{6D5F5514-5F89-4EB7-B161-C98510D683AE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{665CC8B1-D94F-4C93-870F-AE7A885CA441}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{785E0F5F-8EAD-43E6-B553-E3A3C4CD4B8C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{009BC00F-DB6E-48D8-AED6-4133DB02AF04}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{37448E10-9837-4EC6-B386-D1A2DE189D1A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{996FE607-1692-4A58-BB2A-1AAAD205861E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4607CB77-6B43-4B83-90D2-B3F9FE018E2B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C6E6D44-CAA1-4FCE-9297-07D7F38144A7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1BC7EB82-83C2-41FF-8E11-0C865B44DA6F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9E906A97-3930-4C3C-8E5E-1114FC9F3F31}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{32B5F09A-FDCE-4E09-9CB5-7441A35DA41E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BF22381B-B31D-4B4D-AD57-6044584DCFD2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D8A009C1-6025-466F-BA42-9C489A4C99F0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F06647B-D552-4F68-ACF5-749A39EBEB24}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B4C89A6D-0F0B-4119-8179-F9EB92C9C194}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ED6283D4-CADA-47C6-887A-B21795BF6E7B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{63D1F733-1C4D-4B3B-8FAA-3E10052AF17E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B87ECEC1-FB0A-4CD7-9B86-62303528DE0D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C6EF112E-0657-44FA-9CD7-0ECC5A39BAAD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BCC8519F-0F3C-4514-ADFA-B55F4C55D513}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5F087FE-08D5-40E6-9329-590D91052E47}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{41CC6AB8-0338-4ABA-BA97-CD3EA34040E5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F9BEF6AE-EBE0-40C9-9639-BA9C877000C2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{99638FC5-8665-4DA0-99AA-9A2B4301F7ED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7BA20729-3C96-4FC4-A947-92ACE5DCE317}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{92307F65-AB0C-463A-8B93-FFC5D1E16AC7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1E729E10-D8CC-457C-AA20-1C78262EC4C9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8428F94D-F8B4-4BE5-BE30-31D2146360AB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9B768F39-9662-463D-A82D-153D3BC733B1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3C4E685C-02BD-42F1-88E1-E49E56FFDF2E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DF38BA1B-6E25-4F74-9895-18C7C0F3BF4E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6E3AB00F-D33C-46C8-AFA2-78DF4C01F9E7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1FFCB1C6-9124-4B1E-9519-74B20D7D4767}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7796F88F-0301-436A-A8E4-50B41686EBEB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A02F2D58-8E9F-44B6-9033-815815B51954}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1243D0A5-BDBD-41D1-9209-EFB51DEB1386}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FB5802DD-44E6-4FC1-A7F9-3786A25210B2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{227E6E7B-A807-4B0D-87F7-1CD78480026B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{61C4E930-6F4D-4E08-89B5-F05C06A9253D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B37CD3E9-D248-4E74-A924-A8093D3B4C1A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E8C4C62F-C775-4A59-9BBC-7EDB8E846237}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D5ED33FB-7AD9-4A89-98E0-28A430B966B8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6A646566-9EF9-438A-81F5-3E43C5B8BA79}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D08B6F8C-773D-4F5B-93F7-06AE7E1B3601}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D714F11D-6963-4857-A3BA-48A244B7240A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0BF36A16-3393-4E00-A37F-C77019EFA69D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CB6283E3-A410-42F7-A809-CC7C5E4422D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{471E919B-9082-4D2C-B437-669FF88B185D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{69F0CD37-DDF5-47A2-89D2-30FCABC444A6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{02BE208E-8023-4B89-B7D1-05355022DC75}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4A9BBD62-82CC-4C1E-8DCB-E3A1E2BBAD94}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{92F54FD5-9C44-4F4F-AACF-40B56E4F0F5F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3B02CDED-4F24-4A83-B94B-0D9E08086567}C:\\program files\\torrentspeeder\\speeder.exe"= UDP:C:\program files\torrentspeeder\speeder.exe:P2P utility
"UDP Query User{546E858B-F48D-4B33-83C4-471635684E81}C:\\program files\\torrentspeeder\\speeder.exe"= TCP:C:\program files\torrentspeeder\speeder.exe:P2P utility
"{3454E91B-0AE6-4DA9-9A5D-3380955E3C4A}"= UDP:6881:Port 6881_TCP
"{DD1F75FF-EA38-499F-A038-1DD6BBC600E5}"= TCP:6881:Port 6881_UDP
"{BB1333AA-B6F4-4635-8873-E793F5E76E08}"= UDP:6882:Port 6882_TCP
"{84F9D8A5-B228-4120-AF1B-3595F6A932E1}"= TCP:6882:Port 6882_UDP
"{8E3104F6-F686-4B9D-8480-5FAC04CCA76C}"= UDP:6883:Port 6883_TCP
"{F999E220-DC22-4C41-8E03-C2F082F878EC}"= TCP:6883:Port 6883_UDP
"{9EA88B94-55E9-4AFA-B555-2D46E2880327}"= UDP:6884:Port 6884_TCP
"{D2741B8F-51FB-4050-AC00-E0765AF4A379}"= TCP:6884:Port 6884_UDP
"{BCDECBEB-9179-4D23-9B03-D7C1D6469990}"= UDP:6885:Port 6885_TCP
"{78CB2371-5493-4B98-9D2C-9E3479660090}"= TCP:6885:Port 6885_UDP
"{076F8EDE-B391-4730-B6F4-47F4BA1BC95D}"= UDP:6886:Port 6886_TCP
"{20B4BD7F-AFC6-4D81-9822-E8513694758C}"= TCP:6886:Port 6886_UDP
"{7763A72D-C67D-4457-9697-9EF120FF92DB}"= UDP:6887:Port 6887_TCP
"{036DD179-2F36-4D84-8509-82B38D6AAB1E}"= TCP:6887:Port 6887_UDP
"{8BFEC97B-C868-4003-8818-277E76B5A57F}"= UDP:6888:Port 6888_TCP
"{E146DEAE-F09C-4A66-8D94-EBEE79D35E19}"= TCP:6888:Port 6888_UDP
"{84E87F90-C020-46C6-A45C-1034312F8085}"= UDP:6889:Port 6889_TCP
"{CCFC79AC-3DC5-4C5A-82AC-72A843B75169}"= TCP:6889:Port 6889_UDP
"{F22A08A4-733A-4ED8-9B9C-9579DED63497}"= UDP:6890:Port 6890_TCP
"{09CA47AD-9BBC-47F1-94C4-509A36D345BB}"= TCP:6890:Port 6890_UDP
"{4D707D60-5816-42CC-B26C-5732BC555CB9}"= UDP:6891:Port 6891_TCP
"{9E5A307C-3DE2-4CEF-A857-E4385F557300}"= TCP:6891:Port 6891_UDP
"{8E653DF5-00E0-4E1A-AAA3-E91E903FC1C8}"= UDP:6892:Port 6892_TCP
"{7E108D72-D91D-43D4-A3B1-7EA7B257A7CF}"= TCP:6892:Port 6892_UDP
"{6A9E4B19-C258-4C54-BC10-22357C260FCE}"= UDP:6893:Port 6893_TCP
"{FDFE7706-51F4-4A6B-95CF-96E101797DE4}"= TCP:6893:Port 6893_UDP
"{6B6309DD-6B95-4E02-B716-CF260358F7E4}"= UDP:6894:Port 6894_TCP
"{A0CE65E8-9F32-4FCA-89F6-54FE08175106}"= TCP:6894:Port 6894_UDP
"{58DCA979-AF68-4709-B5E7-10D5031AA32E}"= UDP:6895:Port 6895_TCP
"{8679656E-AF62-40E9-AC20-B0D463E670E7}"= TCP:6895:Port 6895_UDP
"{52853C2E-7F83-47D3-AC88-D8D592D88341}"= UDP:6896:Port 6896_TCP
"{ADF66CEA-BC5B-4F53-B47E-7972C1ADCAAB}"= TCP:6896:Port 6896_UDP
"{A2AE8984-CD73-48A8-A60A-D04397DF94E4}"= UDP:6897:Port 6897_TCP
"{F033C34E-B86D-490C-B21F-3A80E091DE63}"= TCP:6897:Port 6897_UDP
"{9B535590-CA6F-426A-8A6A-B121C17DDD96}"= UDP:6898:Port 6898_TCP
"{A3A20465-4174-4E07-85AF-54483636D7EC}"= TCP:6898:Port 6898_UDP
"{3199B98F-DA5A-4BB0-A96B-B6028DA67B2C}"= UDP:6899:Port 6899_TCP
"{137590A8-5915-4277-B162-EA5E9D2C9A67}"= TCP:6899:Port 6899_UDP
"{850D6551-08E6-47D5-8D26-97C20F52BB6F}"= UDP:6900:Port 6900_TCP
"{6E367C96-8B04-444D-BED5-029F0C7DD935}"= TCP:6900:Port 6900_UDP
"{D5BCDF4B-E04E-4CFE-964E-6A105AD82CFF}"= UDP:6901:Port 6901_TCP
"{0B51D350-5CCF-492B-A221-83378D3DC403}"= TCP:6901:Port 6901_UDP
"{8DE4A71A-4EE7-4E1A-A624-34FD1041DD3D}"= UDP:6902:Port 6902_TCP
"{C7155DD6-702C-40EA-B627-DA1E503C59D2}"= TCP:6902:Port 6902_UDP
"{418AFFA1-8AE5-43DF-ABCA-D34E3E1C76DD}"= UDP:6903:Port 6903_TCP
"{FB2C12B6-D3EF-4566-9169-768F8BE206B6}"= TCP:6903:Port 6903_UDP
"{50CD4B3D-C8EE-4E73-9F27-C2F0C2B43378}"= UDP:6904:Port 6904_TCP
"{07D55AAE-EA2B-4BC4-A96A-85085D2F5201}"= TCP:6904:Port 6904_UDP
"{447FA4EF-E726-4AFB-AEC7-B735235969E8}"= UDP:6905:Port 6905_TCP
"{9D66FDBB-2314-4A5A-9541-DEA67722A2D6}"= TCP:6905:Port 6905_UDP
"{1081C68D-98C3-45F7-AFD3-527EE006F595}"= UDP:6906:Port 6906_TCP
"{86B7F0D0-12A5-4FE3-85AC-ECD58258C9CA}"= TCP:6906:Port 6906_UDP
"{9CC87B2B-7BDE-4BD3-96D7-53EAAAA610BC}"= UDP:6907:Port 6907_TCP
"{02EC8703-2A95-4CF0-A1EC-5D31DC725CCD}"= TCP:6907:Port 6907_UDP
"{9FF299C0-23AE-4223-BD93-82B5C5ADC255}"= UDP:6908:Port 6908_TCP
"{B40F6206-88C7-4CE8-88B9-4B1679B4D0FD}"= TCP:6908:Port 6908_UDP
"{00E7A29C-0696-4408-A8D3-6876B957E82E}"= UDP:6909:Port 6909_TCP
"{86EB091C-F496-477F-A03D-D916A386AA01}"= TCP:6909:Port 6909_UDP
"{DD6C46E5-1EF9-4D4D-80BA-193EF9DBC5DB}"= UDP:6910:Port 6910_TCP
"{B3063B3D-9953-423C-8B21-BDA40A78E0F1}"= TCP:6910:Port 6910_UDP
"{BAC68A28-5298-461D-AF39-3FEFE520E4FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C4F1449-27F6-4F3A-AE01-BCC613834686}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{66854C9F-5CAA-42AF-8668-1D4241A7A8A1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BB601848-A654-4B4A-9BFA-34859E2D1F0C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1E7EA19A-D37D-4A3A-BDC4-7525D7D14C14}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{03A284C2-7DFA-4C2F-88D3-F1D627FE8108}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{47D1A4DB-DF0B-4ACA-B49E-702D2A31E12B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12F96FB4-57CF-4338-B19C-85A3357292B5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F358255A-528C-49A0-A1E1-54E7FFA60647}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3B5699D2-4916-4E0C-828E-0FF9FFDC87D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{14D1CB02-1712-48FB-94DF-27B379A44A7E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A3728426-C755-43CB-9060-F13EDFC36F89}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{19A99BC1-9B00-4019-B842-20D91F29C7A7}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{CCE219B0-81C1-40EA-8D3D-0D5342002608}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{904DC882-9A9E-4AD2-88A3-9B6853019010}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{836299F0-A756-472D-AA60-91FB9C971F85}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{EB7D039F-9C5A-471E-A93D-A87128B10084}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{974A0731-3556-47C8-A30D-4FE1A22B5B0D}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{95BA8EDA-34F5-417F-BDA0-11DA4A601865}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{A2C8DCF7-FDB0-416C-88FD-703EC4EACD98}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A978EB95-CA36-43F5-B2A6-DE018DF421B7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2D50CD90-ED34-494C-A8BE-DABD296002AD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{76A52F74-B98D-4FB6-ABD8-6FBE014D421D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AEB4D8E9-7E7B-46E9-839F-205EF5C56001}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F31A6C5F-82ED-48F9-9DBD-C34381764D1B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8D3E778F-64F5-4A42-B53E-6B71FB94DACF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8E1974C9-A4C0-4CAB-B2D4-29C949B20EC0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1D3EE55F-79E6-42FF-AF3C-1599F758CE38}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1796300F-4AFF-44DB-AB7E-496BE690C9BC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{D029BEF6-144B-43BD-8336-A0FF75B94620}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{872D242F-95B1-46D8-A39C-6F1336143D35}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{D759EA97-761D-4A16-B244-01DC0D82AAC3}"= UDP:C:\Program Files\Zune\Zune.exe:Zune
"{E4936B50-5AFB-4F5C-95F2-466E4EF78DB4}"= TCP:C:\Program Files\Zune\Zune.exe:Zune
"TCP Query User{4B49D5BC-56E5-4D96-A46F-56FE1D8475D4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{15681BBE-EA58-4E38-9E94-E18B1DA88671}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A48BFBA7-4DB8-4575-B6CD-689E6DAA5AAB}C:\\program files\\microsoft office\\office11\\frontpg.exe"= UDP:C:\program files\microsoft office\office11\frontpg.exe:Microsoft Office FrontPage
"UDP Query User{3D5AF74E-B6C8-43FB-8811-9CDD242A4015}C:\\program files\\microsoft office\\office11\\frontpg.exe"= TCP:C:\program files\microsoft office\office11\frontpg.exe:Microsoft Office FrontPage

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2008-02-20 12:14]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 14:22]
R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-08-24 11:28]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 09:09]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 06:53]
S3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-23 18:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2006-09-28 18:01]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\Startup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-26 08:19:04 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SysD511.exe - C:\Windows\SysD511.exe
HKCU-Run-d8b66651 - C:\Windows\system32\iudpmgfr.dll
HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-SysD511.exe - C:\Windows\SysD511.exe
HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-MSServer - C:\Windows\system32\geBsTJDt.dll
ShellExecuteHooks-{2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - C:\Windows\system32\geBsTJDt.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 -: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O17 -: HKLM\CCS\Interface\{47F73753-7EF5-4FB2-8830-F935522ED999}: NameServer = 223.223.223.0,221.221.221.0
O17 -: HKLM\CCS\Interface\{6C78C4A4-3D01-4FE6-9C4F-301410B3AC18}: NameServer = 192.168.1.254


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 09:40:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Rhodderz\AppData\Local\Temp\Rhodderz.bmp 31832 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ProgramData\Stardock\XGF\XGFRuntimeServer.exe
C:\Program Files\Zune\ZuneNss.exe
.
**************************************************************************
.
Completion time: 2008-07-26 9:49:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 08:49:14

Pre-Run: 23,252,684,800 bytes free
Post-Run: 40,532,119,552 bytes free

649 --- E O F --- 2008-07-25 08:03:16

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:09:03 PM

Posted 26 July 2008 - 05:52 AM

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users