Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mouse only works in safe mode, infected with viruses


  • This topic is locked This topic is locked
11 replies to this topic

#1 Captain Meeeee

Captain Meeeee

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 21 September 2010 - 08:33 PM

My cousin's mouse stopped working on his computer after installing a game expansion. He asked me to try to fix it and I noticed his computer was heavily infected with viruses. I've removed a lot of malicious files through Malwarebytes' Anti-Malware; however, the mouse still doesn't work, and I think there are still viruses. I also tried to reinstall the drivers for the mouse off the manufacturer's website(Logitech), but it didn't help. Since the mouse only works in safe mode, I can only run GMER in safe mode.


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 19:10:45.24 on Mon 09/20/2010
Internet Explorer: 7.0.6000.16643
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2813.2149 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
mSearch Page =
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [<NO NAME>]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Octoshape Streaming Services] "c:\users\administrator\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\0cc25c0c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-offrhap&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-offrhap&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [2007-1-4 25384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2007-5-2 256000]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-5-18 214024]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-3 144704]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2007-11-11 1153368]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-3 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-5-18 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-5-18 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-5-18 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-5-18 40552]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [2007-5-9 434176]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-16 210216]
S4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-3 359952]
S4 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-09-21 01:44:38 8212 ----a-w- c:\windows\mfebcdata
2010-09-13 02:51:36 0 d-----w- c:\users\admini~1\appdata\roaming\Logishrd
2010-09-13 02:46:08 0 d-----w- C:\asdfasdf
2010-09-13 02:45:09 0 d-----w- C:\ComboFix
2010-09-10 01:04:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-10 01:04:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 02:18:35 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-09-07 02:17:39 0 d-----w- c:\programdata\Logishrd

==================== Find3M ====================

2010-09-21 01:47:29 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-21 01:47:29 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-21 01:47:28 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-09-21 01:47:28 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-12 22:43:55 5798 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-08-19 00:31:40 56 ---ha-w- c:\programdata\ezsidmv.dat
2007-08-29 10:14:55 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2002-07-27 00:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
2010-04-24 21:52:05 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-24 21:52:05 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-24 21:52:05 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-07-22 05:36:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007072120070722\index.dat
2007-09-01 04:26:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007083120070901\index.dat
2010-06-02 23:00:33 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-06-02 23:00:33 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-06-02 23:00:33 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:13:23.89 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:16 AM

Posted 27 September 2010 - 09:17 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 28 September 2010 - 09:08 PM

The two files are too long to paste, so I attached Extras.txt

OTL Extras logfile created on: 9/28/2010 6:43:19 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16643)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.14 Gb Total Space | 35.34 Gb Free Space | 15.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7.64 Gb Total Space | 7.63 Gb Free Space | 99.81% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 569.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 1396.61 Gb Total Space | 1396.39 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive Z: | 465.63 Gb Total Space | 350.75 Gb Free Space | 75.33% Space Free | Partition Type: NTFS

Computer Name: ALANSXPS
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\EA Games\Battlefield 2\BF2.exe" = C:\Program Files\EA Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems, Inc.)
"C:\Program Files\Sierra\FEAR\FEAR.exe" = C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Program Files\Sierra\FEAR\FEARMP.exe" = C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\WINDOWS\ehome\ehshell.exe" = C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center -- (Microsoft Corporation)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D3DD60-41C1-46AA-A45E-FB85B8ED5EB8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{06E08EE5-1820-494A-8304-5ECC5A91E9A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{0786FDF2-CF93-4EF5-B046-C5964BF51090}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{07BCD390-DC67-498E-B3BC-95F60EC03DF2}" = rport=138 | protocol=17 | dir=out | app=system |
"{15F7A998-C320-4D94-B9D2-D0D58D255399}" = lport=2869 | protocol=6 | dir=in | app=system |
"{305D5C57-D426-4A9E-B52D-C07032DF5F19}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{38B6E83B-99AC-4336-900E-F35F6D56FD70}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B58F48D-A3EC-481D-B211-98E632264727}" = lport=139 | protocol=6 | dir=in | app=system |
"{3BED58B2-08C0-408B-89E5-F8A2B571A554}" = lport=57271 | protocol=6 | dir=in | name=pandorest listening port |
"{3CC65DE9-79E5-4659-87A2-AA76DB345D66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{3F2E9229-8ACF-4CB7-9E5E-0F29C7A67D76}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4300E176-9515-4A3C-A8B4-8E4A88AEB1BA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{447D6B69-5328-415A-9103-7A06E164A645}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4838BBBB-F8C4-47EB-B1A4-7AA79DF3AFF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{49625881-08C1-4572-8999-09EFD46CCAB2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5C086235-2D3C-4E7E-A67A-B9CEE664AC55}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{70517D69-FA65-4C3E-85D2-621D2E074391}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{70CD15DE-FE94-4819-A04C-1935DDDFC7FF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{70E0315A-565A-47FE-8010-5F5CED239581}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{71B96DCE-454F-4B08-94A1-DD38C049103C}" = lport=23033 | protocol=17 | dir=in | name=bitcomet 23033 udp |
"{781FA270-2A5B-45C8-9BFA-2F8718B63B78}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97C38F20-7D99-48F6-ADC0-B7FBCB7A458E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{97DC8A92-914D-494F-87F6-1FD17FAD0AF8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C834683-3513-416D-B168-58BEA6A125BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F571232-F219-4930-B30B-39A7FD51D25D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A46CAF25-0370-48A9-95AB-825A897899C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A7F6CD7D-D08E-4506-8A4B-7BCBF1FC8031}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD8FC950-D7A9-4AE1-90DC-C06726DFFBA0}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{B798DB8F-0BFE-49E5-93EF-AC1D71FA0B19}" = lport=6500 | protocol=17 | dir=in | name=star wars®: empire at war™: forces of corruption™ |
"{BAD75AAD-B152-4945-B970-A607917B1944}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C5749C11-E917-41DA-B49A-09BF7F1C32DE}" = lport=13139 | protocol=17 | dir=in | name=star wars®: empire at war™: forces of corruption™ |
"{CE1D4C6B-8E21-4DA0-A427-CF59994CCBE3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{CE816EC4-A023-467F-9DB6-3461B71AF5F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0D49A73-C97F-4BCD-81C4-D01F89BDF037}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D79500F4-8BE2-44E4-96AB-D36817921C51}" = lport=16567 | protocol=17 | dir=in | name=punkbuster |
"{D9B2AC9A-5267-4671-A42F-CBA82316FBF0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DCDD7831-259E-4850-BA58-35B9552743A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{DE55A1C4-AA41-49CC-9EE0-A68A7E9FDA68}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{DE7E0182-00F8-48C4-8E45-AEA61365684E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DEFA553D-F5AA-41E8-BC2D-75B1A0F4077C}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{E9ACFEBD-E09B-4D27-962C-E0684E2A7EBD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F3321E73-EFCB-471F-8A3B-B061D9BE61D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F420CC6F-1A61-4414-8173-55658C8A8D64}" = lport=445 | protocol=6 | dir=in | app=system |
"{F69B1D70-5917-49E8-B258-A4F737F1A7D0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6E7536F-8B2D-40D3-A1F1-A851A41B711B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FAF31C97-5252-4F1C-9644-6E0AE4638E9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD22AE5E-4E09-4A45-AB69-C0ADED2E5025}" = lport=23033 | protocol=6 | dir=in | name=bitcomet 23033 tcp |
"{FF8C59B5-5A56-4D50-900E-0D827263A0FA}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A459DC-FD49-4E65-AA23-1EF7818DFF85}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{0DF50926-E926-424F-AA42-58A218EC368E}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{0E31F700-E8C6-434D-90CE-86423B912658}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{1423BE4F-9262-4987-830A-335D7D8B2A76}" = dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat |
"{14F04681-1DA8-45E5-9357-ECBC4166C924}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{152BDEB2-BA88-4206-8917-9BDE2E8ADEE2}" = protocol=6 | dir=in | app=c:\program files\microsoft games\shadowrun\shadowrun.exe |
"{1637F139-861B-44F6-B068-830E5733451C}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{16871D59-7281-43CB-9864-00F1794B99EC}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{1C2B0DA0-AAF5-4242-93E5-E72B30AA849E}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{1C7E2D2B-617D-4679-A83F-B081C1AB1517}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1C89B355-A07C-47CE-B064-5D24551E1824}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{222E0764-6C74-4B34-B356-7530CD490809}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23FE9AA9-5742-4965-BB21-0161150B6005}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{24D2E777-0126-48BC-ABED-E4093DD1A1DB}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{2502CDDF-E9BA-4DA5-9BEF-3FD2F1AF03E0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{2A08064B-0CA3-460F-B725-34C9F8AB5A76}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{2F97F170-8492-4EDB-8924-06836F965452}" = protocol=17 | dir=in | app=c:\program files\microsoft games\shadowrun\shadowrun.exe |
"{3417644E-27EC-498B-BE0F-1AB0BEC1E287}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{357CC29A-2191-46A4-A08A-37A24A9F5002}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{366E0A14-466F-4364-8BB4-3BEA829E6481}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{3C20BF16-87DE-450D-B712-8836A23D0B59}" = protocol=6 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{3FE32EF8-3300-4CE1-8F26-0758C6EE1BC6}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{42D149DF-93A0-4269-89DB-E414CC97E843}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{4559C770-2B3A-48FD-97BD-ACD6029CAD0B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4612C14C-FA3D-4001-8F44-625C8C13EC07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4740D74F-DD24-4B43-BFC7-78B47DAF318E}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{475170B2-0C15-4E54-951C-B4E6CA099770}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2 dedicated server\h2server.exe |
"{4CFC95CF-564C-4CC1-B563-6EB6360CDC5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52B7FA95-8F62-4ECF-9833-7956C52117DF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{52D2B39B-D18F-48A2-9B80-5E78F7160A50}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\mediamanager\pmsmanager.exe |
"{584CF6C4-F1B5-484A-A1FE-98DEEF3AE674}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{59855C3E-4989-4687-A71B-9503BB38D483}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{59DE4FB7-9DF3-4870-81D0-0B585332F115}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{5B733395-929A-4DF0-BB16-1F4DDFC5EC1B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{5D2A1E75-7881-404B-8EB5-48ACC250DCD1}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{613EF002-9114-409D-B2DB-000E3247BDD0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{64FD4C90-D2B1-4122-BC3E-040AEC9A5117}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{67B6BD31-461F-48DB-AF6B-1CA3D39BE6A7}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{6A2B2F63-9199-4482-9AA1-DBCF0306176B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{6ADCDEBD-878B-4790-A1F6-2ADEE147A910}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{6E3BF4E4-64F8-455A-A6F5-C005A62B2980}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{78E30087-6A53-4EB5-849D-A775F7FC1561}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{79A656AA-FE71-4030-91CA-EED21E16B8A9}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{7A8AFBA2-C69D-43C2-B31B-B182476A22B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E3A2111-60B1-4C98-96C7-B3EF7EFDF375}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{80732D50-42D7-4D65-ACE0-104E06D910F8}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{80A76036-AB79-4340-9221-696C085DBC10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82A88E5A-0B81-4421-8B80-CDDBCFAD2A30}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{83D43CB5-CA92-4037-A9D2-614E6760E416}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{89A3B915-A7DA-4C89-8023-C77694FBF51E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D304EAC-5300-4BCC-AE22-91D6954E9898}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8FE8CF76-9C48-49C9-B76A-4660C7CF3F0B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{942E5CE6-A31B-4D90-8A07-17169F7E420A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9687DFF1-F32C-4E12-A202-1DB3C0C9604A}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{A2412C0C-E4D9-4F6B-BF2F-278DC2EBE3B7}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{AB40AA98-E5FA-4099-B231-C317F93E0227}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{ABC28BB0-867E-4155-B7FF-CC03D5EB7B99}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe |
"{B478B27D-9BE1-4672-B562-B84B47F982C8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B93F034C-D473-427A-913F-E1E0970EA235}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B9B04612-33D9-460D-9056-5E325297BEFF}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{BDC4EEB5-B268-4071-9BCB-BFE657FE4A7A}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{C0F5736A-09D3-447A-B139-3C41B3E357FD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C34E3D21-9F0E-4443-8474-5833CF051B7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C389F934-BD27-412B-BD25-D22780E73226}" = protocol=17 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{C3FA3704-440F-4F78-AF48-FF902E7A7C32}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{CC6C1C30-E71A-4D2C-9CD3-10B293CAA005}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe |
"{CCBBEF53-0016-46A0-907D-B13663E3A552}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\mediamanager\pmsmanager.exe |
"{CD26B8CF-32FA-475A-AD4C-0E44E6B8B8D4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CDF667B2-0F61-44AC-A40B-566D195350C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D160E745-5964-49AE-AD83-785163BA5DE1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D2741264-7326-4696-96C9-FD7C930B4EAD}" = protocol=6 | dir=out | app=system |
"{D63CC149-48E9-4C9D-8ECC-34B9B9FAD863}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{D656340F-138D-460F-980D-EBABCC95AA77}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{D95EF244-1D43-4A29-A315-6A1E039B7EDD}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{DC2FC7E7-8D4D-4C55-A09F-0821A0AD0330}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DEB85894-DE98-41DF-B6F4-DFDFD858F853}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{DEE74785-DBB4-4343-B128-79F47BE59B0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E13CB2A8-F927-432D-A202-0D941947F07C}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{E5BF254D-A18A-42EE-A994-AE360044B779}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EC9BD8A3-6264-44F0-80F2-EB21AA31BD56}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1FB9981-934D-4EA6-9B1E-C84B50A15BBE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F71932FC-C699-4CD5-9C40-845AE24CC537}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F80BD57E-335D-45C1-AD21-5E937F6E849A}" = protocol=6 | dir=out | app=system |
"{F849F4EC-2938-495D-8868-3A8070466716}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{F955A3A2-ECAB-4FC1-85D3-A7A1741B1D1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA415F04-98AB-4FD9-8199-3E592CD105A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA8EE7ED-1A9D-4131-8ACC-7F141C5A0338}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{FBB6CE69-378B-4E67-9193-2D80ECC69157}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2 dedicated server\h2server.exe |
"{FEEF411D-412B-4AF2-B7BD-3497307D5F1C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{016D3A1B-C98C-4DEE-AF21-E79EF1BE42CC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{024F14E1-B4E5-4357-B221-C4FD74E9BC66}C:\program files\steam\steamapps\llbarcode\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\llbarcode\source sdk base\hl2.exe |
"TCP Query User{026DB50D-8EA5-4526-AEAB-6761C9833340}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{02D2A875-E8AD-4FD0-8555-DDC17EDEC254}C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"TCP Query User{053342DD-5940-4F53-B698-61F0CAFC8DD1}C:\users\decker\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\decker\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{0D3900F4-8AF6-4E18-A202-6F39F45B3BD3}C:\program files\steam\steamapps\llbarcode\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\llbarcode\source sdk base\hl2.exe |
"TCP Query User{1947B45C-48E4-4A96-8427-AB496E4CB86C}C:\program files\steam\steamapps\llbarcode\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\llbarcode\counter-strike source\hl2.exe |
"TCP Query User{1A6BBFAC-E8B5-4FB7-9D4D-3560EB8B821F}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"TCP Query User{1D3873FA-7EDE-42A1-A687-7B34D991B13E}C:\program files\microsoft games\halo 2\halo2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"TCP Query User{334B33AB-3742-4BF2-8C6F-1F746FF31044}C:\users\administrator\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{4B561469-06D7-481E-9B22-B3F0754C31BD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4C204379-EB7F-497B-A549-27616859BCBB}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{5201073C-C64A-4A35-B76C-574993010AC3}Z:\bleep\rhapsody.exe" = protocol=6 | dir=in | app=z:\bleep\rhapsody.exe |
"TCP Query User{530431F1-024F-4035-8C7C-3696AF85E00B}C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"TCP Query User{5737355F-CE7E-4470-975B-2DFC5FC76424}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{688FD272-1E2D-4A4B-BD1F-07DDCDEBD73F}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{69A1092D-BB48-4BFF-B152-B500A1E1D52C}C:\users\administrator\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{6B9AA84B-D3D4-44B9-BD6A-F75AFC0BD969}C:\program files\tencent\qq games\qqgames.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"TCP Query User{6D96847D-1DA4-4F0F-A184-A5A751C6F0BF}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{74FEFDD3-8223-4DC8-AD70-4F4962B0321B}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{7505DD72-E796-4ED5-9914-54AE0AC434EE}C:\program files\steam\steamapps\xscandalousx\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xscandalousx\counter-strike source\hl2.exe |
"TCP Query User{793109C9-38B0-4C80-BCA6-FDF72184CA8E}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{93B3EB66-272D-4D2B-819A-4096521CF1CE}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{9610068F-EF99-449C-82FE-F7472541FFE6}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{ABC35763-B8F0-471B-BB21-D2CE7F5282B3}C:\program files\steam\steamapps\darkhiro\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\darkhiro\counter-strike source\hl2.exe |
"TCP Query User{B2DF251E-A659-4923-97A4-439EF32EFF8D}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{B35C43ED-5595-4091-9F79-A2F43A9F5E19}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{B9985F30-7EBF-4B59-94E7-E68745CF4E3B}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{EAE03663-D721-4264-884B-BCE5C0D34BF4}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"TCP Query User{FD048623-1287-4680-8829-8D904E73A4CD}C:\program files\steam\steamapps\llbarcode\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\llbarcode\counter-strike source\hl2.exe |
"TCP Query User{FF3DB589-B479-4EA8-B451-07D1E1034B7E}C:\program files\xbc\nexbc.exe" = protocol=6 | dir=in | app=c:\program files\xbc\nexbc.exe |
"UDP Query User{02D8F3DE-603F-4700-8D48-CB0CCFC684B9}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{093F616F-4D3E-45A5-A2CF-BE14AB5ECFF9}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"UDP Query User{16C4DFF9-036C-4779-86F3-CFF2CC813432}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{242A63E0-1155-4AE7-9195-BFA00E1C34EF}C:\users\decker\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\decker\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{2A26BC80-7F86-42EF-993D-83ABB8E6048A}C:\program files\tencent\qq games\qqgames.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"UDP Query User{2C5FA67E-D07C-4182-A865-E100D94FE800}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"UDP Query User{2CF4714A-76A5-4FC0-B102-7D17405A2A87}C:\program files\steam\steamapps\llbarcode\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\llbarcode\source sdk base\hl2.exe |
"UDP Query User{30302BF2-46E9-4120-9812-A862B1239C29}C:\program files\microsoft games\halo 2\halo2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"UDP Query User{349BAD8F-7479-45D5-A460-B2F0DA3302A8}C:\users\administrator\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{391B179A-3CB6-4AF8-B283-F5DB6E4AE70C}C:\program files\steam\steamapps\llbarcode\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\llbarcode\counter-strike source\hl2.exe |
"UDP Query User{3B9DCB19-8985-45ED-894D-CBB5C81901E6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{44F1A9E1-2E2E-4D9F-B1E4-A6D7F0A3BA84}C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"UDP Query User{4D5CD789-5734-4158-9B92-42C614D888AB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4DE6A3B0-423B-470F-B0E3-870562B0921B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{50C4A024-807D-4C95-91EF-13C6BBB22D5D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{57BEFD36-5CA1-492C-AE95-AFBCE27909AE}C:\program files\steam\steamapps\llbarcode\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\llbarcode\source sdk base\hl2.exe |
"UDP Query User{593338CE-6421-485C-984E-7B798F107E61}C:\program files\steam\steamapps\llbarcode\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\llbarcode\counter-strike source\hl2.exe |
"UDP Query User{59EA3B58-6B90-4496-9D48-0472E61A41ED}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{61679F9E-3270-4914-AEAF-44577B2BD286}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{80893926-19DD-4F6E-8496-53A3D1F0B392}C:\program files\xbc\nexbc.exe" = protocol=17 | dir=in | app=c:\program files\xbc\nexbc.exe |
"UDP Query User{9315A9BE-C4E8-4ACA-899B-C6D3333B54D3}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"UDP Query User{B149B383-8C4D-47D8-9043-FCC0D0E96DE3}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{BBEFAB6F-A0CD-467A-A9C1-955ADA7C74DE}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C0574904-E8BB-4C00-9F41-E9AF64331510}C:\program files\steam\steamapps\darkhiro\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\darkhiro\counter-strike source\hl2.exe |
"UDP Query User{C809410B-FE44-4FEC-839F-1BDDA33EF6FC}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{CB5D47B4-EB41-48EF-AADB-ADD02770496A}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{CB91FEA1-2856-4CA6-B4D2-CDA341D08ACC}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{D8361259-421E-4C5A-8E1B-05D0D0489D01}C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"UDP Query User{E9F70068-985B-43AD-9B51-BB510BF4A5EB}Z:\bleep\rhapsody.exe" = protocol=17 | dir=in | app=z:\bleep\rhapsody.exe |
"UDP Query User{F018A213-DF57-4562-90F7-E5FB2A49ED91}C:\users\administrator\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{F463CB2E-BAFE-49A0-BA50-71BC9A2E4610}C:\program files\steam\steamapps\xscandalousx\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xscandalousx\counter-strike source\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1E875C1C-7BFF-47D6-8A01-E9C93A244B41}" = Star Wars Empire at War Demo
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FB418AB-562D-43B4-BA0D-9282AAD8C207}" = Logitech G-series Keyboard Software
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3796E3A3-1EE5-40E7-9E82-EE035C94393B}" = Studio 11
"{3C270DBE-12FE-4FC0-B4B5-99BE45BB03F6}" = RegistrySmart
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{460CE8B9-6EC2-458A-90D4-691631ECE9D9}" = Pinnacle MediaServer
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Advanced Decoder Patch
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
"{4F68B605-2F2B-42A8-8689-0CA7E67797B0}" = Sony Vegas 6.0d
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{54CD52E0-6660-416C-94CC-FC77875FF226}" = Halo 2 Map Editor
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{5770C6BC-EC01-42DA-A8E0-62C869DB50FD}" = Star Wars Galaxies: 14-Day Trial
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5AA34489-5159-42C9-A6C0-911052982EEA}" = MobiTV PPC
"{5B257C09-6A05-4308-9A6D-E8A2CAE21EA9}" = Star Wars Galaxies: The Total Experience
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{689404D2-1C94-44B3-9203-BEC5594FDA7A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F6B46DC-4289-454E-8FFD-80CE597F403B}" = Microsoft Xbox 360 Accessories 1.1
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74602099-9B8D-4799-B349-928B8BDE6E06}" = Microsoft DirectX SDK (December 2006)
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9C0ADF96-20E7-4671-88D2-39B5A307E2A2}" = Pinnacle USB device drivers
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B13F5727-F12F-4253-B6AD-26AFA880B709}" = Sony Media Manager 2.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D5A3BDAF-542A-43DF-B530-23DD0148ED1B}" = Halo 2 Dedicated Server
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E48CF750-2431-42AF-887C-C12240FF8079}" = Halocal Tray
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe After Effects 7.0" = Adobe After Effects 7.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AudioCS" = Creative Audio Console
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitTorrent" = BitTorrent 5.0.9
"CreativEase DEMO for Sony Vegas" = CreativEase DEMO for Sony Vegas
"FL Studio 7" = FL Studio 7
"Google Chrome" = Google Chrome
"Halo" = Microsoft Halo
"Halo 2" = Halo 2 for Windows Vista
"Halo CE" = Microsoft Halo Custom Edition
"IL Download Manager" = IL Download Manager
"Inkscape" = Inkscape 0.45.1
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{54CD52E0-6660-416C-94CC-FC77875FF226}" = Halo 2 Map Editor
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{D5A3BDAF-542A-43DF-B530-23DD0148ED1B}" = Halo 2 Dedicated Server
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InsurgencyMod" = Insurgency Mod
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee SecurityCenter
"MySpaceIM" = MySpaceIM
"Network MagicUninstall" = Network Magic
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PHANTASY STAR UNIVERSE Ambition of the Illuminus_is1" = PHANTASY STAR UNIVERSE Ambition of the Illuminus
"PHANTASY STAR UNIVERSE_is1" = PHANTASY STAR UNIVERSE
"PunkBusterSvc" = PunkBuster Services
"RealVNC_is1" = VNC Free Edition 4.1.3
"Record Smart 1.0" = Record Smart 1.0
"Red Alert 2" = Command & Conquer Red Alert 2
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Renegade" = Command & Conquer Renegade
"ResetDRM" = Windows Media DRM Reset
"Rhapsody" = Rhapsody
"Ricochet Lost Worlds_is1" = Ricochet Lost Worlds
"Riva Producer Lite_is1" = Riva Producer Lite
"Royal Circus Casino" = Royal Circus Casino
"SP6" = Logitech SetPoint 6.15
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"Tiberian Sun" = Command & Conquer Tiberian Sun
"VLC media player" = VLC media player 0.9.8a
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WOLAPI" = Westwood Shared Internet Components
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3675457954-1021812892-3195178605-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/21/2010 9:17:58 PM | Computer Name = AlansXPS | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043c from line 45 of d:\vistartm\com\complus\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/21/2010 9:18:30 PM | Computer Name = AlansXPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Logitech\SetPointP\SetPoint.exe".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/21/2010 9:18:30 PM | Computer Name = AlansXPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Logitech\SetPointP\SetPoint.exe".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/21/2010 9:18:32 PM | Computer Name = AlansXPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
Ovi Suite\NokiaOviSuite.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/21/2010 9:18:37 PM | Computer Name = AlansXPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/28/2010 9:31:48 PM | Computer Name = AlansXPS | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043c from line 45 of d:\vistartm\com\complus\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/28/2010 9:32:22 PM | Computer Name = AlansXPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Logitech\SetPointP\SetPoint.exe".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/28/2010 9:32:22 PM | Computer Name = AlansXPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Logitech\SetPointP\SetPoint.exe".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/28/2010 9:32:28 PM | Computer Name = AlansXPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
Ovi Suite\NokiaOviSuite.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/28/2010 9:32:37 PM | Computer Name = AlansXPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 4/18/2008 7:16:23 AM | Computer Name = AlansXPS | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/25/2008 3:31:20 PM | Computer Name = AlansXPS | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/27/2008 12:01:24 AM | Computer Name = AlansXPS | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 5:14:11 PM | Computer Name = AlansXPS | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 12:28:38 AM | Computer Name = AlansXPS | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/4/2008 4:42:08 AM | Computer Name = AlansXPS | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 1/10/2009 8:52:18 PM | Computer Name = AlansXPS | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/28/2010 9:29:22 PM | Computer Name = AlansXPS | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
24, function 0. Please contact your system vendor for technical assistance.

Error - 9/28/2010 9:30:58 PM | Computer Name = AlansXPS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service TermService
with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

Error - 9/28/2010 9:30:58 PM | Computer Name = AlansXPS | Source = LSM | ID = 1048
Description =

Error - 9/28/2010 9:31:15 PM | Computer Name = AlansXPS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/28/2010 9:31:15 PM | Computer Name = AlansXPS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IsDrv122 mfehidk PCLEPCI SASDIFSV SASKUTIL spldr Wanarpv6

Error - 9/28/2010 9:31:26 PM | Computer Name = AlansXPS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service ShellHWDetection
with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Error - 9/28/2010 9:31:48 PM | Computer Name = AlansXPS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/28/2010 9:31:52 PM | Computer Name = AlansXPS | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service fdPHost with
arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

Error - 9/28/2010 9:32:00 PM | Computer Name = AlansXPS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Error - 9/28/2010 9:50:55 PM | Computer Name = AlansXPS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:16 AM

Posted 29 September 2010 - 03:53 AM

Hi,

you attached and posted the Extras.txt, please also provide the OTl.txt smile.gif Have you tried to reinstall the mouse in safe mode as well?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 29 September 2010 - 08:35 PM

The OTL report is pasted in the last reply. I'll try to install the mouse in safe mode right now.

EDIT:

I just remembered that I tried that first thing and it didn't work; however, a different mouse works completely once I plugged it in.

Edited by Captain Meeeee, 29 September 2010 - 08:38 PM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:16 AM

Posted 30 September 2010 - 04:11 AM

Hi,

you said you would paste otl.txt and attach extras.txt however you attached extras.txt and pasted extras.txt. I need to see the content of otl.txt too.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 30 September 2010 - 07:03 PM

My apologies, I originally pasted both reports, and I accidentally deleted the OTL report. To avoid confusion, I've attached both reports to this reply.

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:16 AM

Posted 01 October 2010 - 04:46 AM

Hi,

the logs are looking pretty clean. When you reinstalled the driver did you previously uninstall it?

Could you get hold of a second mouse to use in normal mode on the PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 02 October 2010 - 01:11 AM

Yes I did, and yes I did. The other mouse works in normal mode, but my cousin still wants to use his original mouse.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:16 AM

Posted 04 October 2010 - 06:50 AM

Hi,

with that other mouse, could you please run a scan with Rootkit Unhooker from normal mode:
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 09 October 2010 - 12:50 AM

My cousin and I have recently gotten Windows 7, and upon installation the mouse worked again and he is no longer having any problems. I appreciate the help you've given us, and thank you very much thumbup.gif

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:16 AM

Posted 11 October 2010 - 04:54 AM

Happy to hear that!
Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users