Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"WindowsSecurityCentre_Disabled" - Help!


  • This topic is locked This topic is locked
22 replies to this topic

#1 amo1000

amo1000

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 18 November 2010 - 02:50 PM

Hi guys,
So my PC's infected with this "WindowsSecurityCentre_Disabled" thing which I found when i ran spybot. When i tried to remove it using Spybot, it would always come back every time i rebooted the PC. Im currently using Kaspersky 2011 trial as a temporary anti virus since AVG/Windows Defender/Microsoft Security Essentials are all unable to work.

Here's me DDS log:


DDS (Ver_10-11-10.01) - NTFSx86
Run by A & W at 19:24:00.86 on 18/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3325.1773 [GMT 0:00]

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\AERTSrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\A & W\Downloads\Defogger.exe
C:\Windows\System32\mobsync.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\A & W\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No File
TB: {851552F5-B878-4B03-904F-2AD6A4CC8994} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PoivY] "c:\program files\poivy.com\poivy\PoivY.exe" -nosplash -minimized
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
StartupFolder: c:\users\a&w~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-29 176128]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-7-1 352976]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b4904edd5c30;Google Update Service (gupdate1c9b4904edd5c30);c:\program files\google\update\GoogleUpdate.exe [2009-4-3 133104]
S2 TSUSVC;Tencent Software Update Service;"c:\program files\tencent\qqsoftmgr\1.0.375.203\tencentupdatesvc.exe" -run --> c:\program files\tencent\qqsoftmgr\1.0.375.203\TencentUpdateSvc.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-6-10 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-1 30192]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
S3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [2010-9-30 103680]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VVRUSB;VVRUSB Device;c:\windows\system32\drivers\VVRUSB.sys [2009-4-10 38479]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-16 19:57:02 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{99c756da-ef61-4fde-bc47-4e4c206e82c7}\mpengine.dll
2010-11-14 13:31:45 -------- d-----w- c:\program files\STOPzilla!
2010-11-10 17:32:18 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-11-10 17:32:16 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-11-10 17:32:16 452048 ----a-r- c:\windows\system32\SZBase5.dll
2010-11-10 17:32:16 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-11-10 17:32:16 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-11-10 17:32:16 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-11-10 17:32:14 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-11-10 17:32:14 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-11-10 17:32:14 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-11-10 17:32:14 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-11-10 17:32:14 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2010-11-10 17:32:12 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-11-09 23:54:17 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-11-07 13:58:55 97545 ----a-w- c:\windows\system32\drivers\klick.dat
2010-11-07 13:58:55 115465 ----a-w- c:\windows\system32\drivers\klin.dat
2010-11-07 13:55:43 -------- d-----w- c:\program files\Kaspersky Lab
2010-11-07 13:55:43 -------- d-----w- c:\progra~2\Kaspersky Lab
2010-11-07 13:44:06 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2010-11-07 13:40:19 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-07 13:27:33 -------- d-----w- c:\users\a&w~1\appdata\roaming\BitDefender
2010-11-07 13:27:22 -------- d-----w- c:\program files\BitDefender
2010-11-07 13:27:07 -------- d-----w- c:\program files\common files\BitDefender
2010-11-07 10:06:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-07 10:06:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-07 10:06:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-07 09:44:42 -------- d-----w- c:\users\a&w~1\appdata\roaming\AVG10
2010-11-07 08:50:26 -------- d-----w- c:\program files\CCleaner
2010-11-06 18:08:29 -------- d--h--w- c:\progra~2\Common Files
2010-11-06 18:07:17 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-06 18:07:16 -------- d-----w- c:\progra~2\AVG10
2010-11-06 18:06:32 -------- d-----w- c:\program files\AVG
2010-11-06 17:56:44 -------- d-----w- c:\progra~2\MFAData
2010-11-06 12:03:42 105984 --sha-r- c:\windows\system32\XAudio2_36.dll
2010-10-27 14:30:23 469256 ----a-w- c:\program files\common files\windows live\.cache\796021e11cb75e309\InstallManager_WLE_WLE.exe
2010-10-27 14:30:12 94040 ----a-w- c:\program files\common files\windows live\.cache\760cd8311cb75e308\DSETUP.dll
2010-10-27 14:30:12 525656 ----a-w- c:\program files\common files\windows live\.cache\760cd8311cb75e308\DXSETUP.exe
2010-10-27 14:30:12 1691480 ----a-w- c:\program files\common files\windows live\.cache\760cd8311cb75e308\dsetup32.dll
2010-10-27 14:30:09 94040 ----a-w- c:\program files\common files\windows live\.cache\742d1bb11cb75e307\DSETUP.dll
2010-10-27 14:30:09 525656 ----a-w- c:\program files\common files\windows live\.cache\742d1bb11cb75e307\DXSETUP.exe
2010-10-27 14:30:09 1691480 ----a-w- c:\program files\common files\windows live\.cache\742d1bb11cb75e307\dsetup32.dll
2010-10-27 14:29:33 -------- d-----w- c:\users\a&w~1\appdata\local\Windows Live
2010-10-27 14:25:35 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-27 13:05:21 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 13:05:20 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 13:05:20 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-25 18:09:30 876824 ----a-w- c:\users\a&w~1\appdata\roaming\DivXInstaller.exe

==================== Find3M ====================

2010-11-07 13:36:30 81984 ----a-w- c:\windows\system32\bdod.bin
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 21:43:34 9232 ----a-w- c:\users\a & w\mqdmmdfl.sys
2010-09-06 21:43:34 92064 ----a-w- c:\users\a & w\mqdmmdm.sys
2010-09-06 21:43:34 79328 ----a-w- c:\users\a & w\mqdmserd.sys
2010-09-06 21:43:34 66656 ----a-w- c:\users\a & w\mqdmbus.sys
2010-09-06 21:43:34 6208 ----a-w- c:\users\a & w\mqdmcmnt.sys
2010-09-06 21:43:34 5936 ----a-w- c:\users\a & w\mqdmwhnt.sys
2010-09-06 21:43:34 4048 ----a-w- c:\users\a & w\mqdmcr.sys
2010-09-06 21:43:34 25600 ----a-w- c:\users\a & w\usbsermptxp.sys
2010-09-06 21:43:34 22768 ----a-w- c:\users\a & w\usbsermpt.sys
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-23 15:55:14 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll

============= FINISH: 19:26:44.43 ===============




When I ran GMER, my computer crashed and went blue screened after it scanned for like 5-10 seconds, should i attempt to run it again or not?

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:26 AM

Posted 28 November 2010 - 01:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:06:26 AM

Posted 03 December 2010 - 10:51 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me a PM.

This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#4 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:06:26 AM

Posted 03 December 2010 - 02:20 PM

Topic reopened upon users request.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 AM

Posted 03 December 2010 - 08:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run RKill

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • Please post the resulting log in your next reply.

Now please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 AM

Posted 08 December 2010 - 08:20 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 AM

Posted 09 December 2010 - 08:16 PM

Reopened at user's request

-----------------------------------------

Please carry out the instructions for Combofix above :)
Posted Image
m0le is a proud member of UNITE

#8 amo1000

amo1000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 10 December 2010 - 04:16 PM

Right so I dont think RKill worked for me, it just came up with this:
Posted Image

And when i tried running combofix, it wouldnt let me continue since i had AVG installed, but i cannot uninstall it! It keeps popping up with this message when i tried to uninstall:
Posted Image

To remove AVG could i just manually delete the files from "Program Files" etc?

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 AM

Posted 10 December 2010 - 07:31 PM

No, you need to use the AVG uninstaller

32 bit machine

http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

64 bit machine

http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe
Posted Image
m0le is a proud member of UNITE

#10 amo1000

amo1000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 13 December 2010 - 06:08 PM

Hmm it uninstalled parts of it, but some of the AVG program is still there :\

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 AM

Posted 13 December 2010 - 06:22 PM

Is it still stopping Combofix then?

Please run OTL, we may have to manually remove whatever is left of AVG to run Combofix and that's a last resort.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#12 amo1000

amo1000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 15 December 2010 - 12:09 PM

Yeah, Combofix still wont run after running the avg remover.
Here are the OTL scans:


OTL.Txt
OTL logfile created on: 15/12/2010 17:02:22 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\A & W\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.10 Gb Total Space | 362.64 Gb Free Space | 61.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.22 Gb Free Space | 52.21% Space Free | Partition Type: NTFS

Computer Name: WEZNAMO-PC | User Name: A & W | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\A & W\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\A & W\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)


========== Win32 Services (SafeList) ==========

SRV - (TSUSVC) -- C:\Program Files\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll ()
SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (dlbt_device) -- C:\Windows\System32\dlbtcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\phyvtsrr\catchme.sys File not found
DRV - (BDRsDrv) -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys File not found
DRV - (BDFsDrv) -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys File not found
DRV - (AVGIDSShim) -- C:\Windows\System32\DRIVERS\AVGIDSShim.Sys File not found
DRV - (AVGIDSFilter) -- C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys File not found
DRV - (AVGIDSEH) -- C:\Windows\System32\DRIVERS\AVGIDSEH.Sys File not found
DRV - (AVGIDSDriver) -- C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys File not found
DRV - (RapportCerberus_19917) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (szkgfs) -- C:\Windows\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (szkg5) -- C:\Windows\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\Windows\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (S2usbser) -- C:\Windows\System32\drivers\S2usbser.sys (AMOI Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (VVRUSB) -- C:\Windows\System32\drivers\VVRUSB.sys (OLYMPUS OPTICAL CO.,LTD.)
DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 22:19:34 | 000,000,000 | ---D | M]

[2009/10/20 23:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/02 12:23:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2010/11/14 13:32:36 | 000,000,042 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PoivY] C:\Program Files\PoivY.com\PoivY\PoivY.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\A & W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\A & W\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\A & W\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19351053-ccb3-11df-b79d-0021701ff467}\Shell - "" = AutoRun
O33 - MountPoints2\{19351053-ccb3-11df-b79d-0021701ff467}\Shell\AutoRun\command - "" = K:\AutoInstall.exe -- File not found
O33 - MountPoints2\{19351061-ccb3-11df-b79d-0021701ff467}\Shell - "" = AutoRun
O33 - MountPoints2\{19351061-ccb3-11df-b79d-0021701ff467}\Shell\AutoRun\command - "" = K:\AutoInstall.exe -- File not found
O33 - MountPoints2\{30bcf26d-8faf-11dd-857f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{30bcf26d-8faf-11dd-857f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{6f6163c1-adeb-11dd-a428-0021701ff467}\Shell - "" = AutoRun
O33 - MountPoints2\{6f6163c1-adeb-11dd-a428-0021701ff467}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/15 17:00:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\A & W\Desktop\OTL.exe
[2010/12/14 18:17:10 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/14 18:17:09 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/14 18:17:09 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/14 18:17:09 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/14 18:17:08 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/14 18:17:06 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/14 18:17:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/14 18:17:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/14 18:17:03 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/14 18:17:02 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/14 18:17:02 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/14 18:17:02 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/14 18:17:02 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/14 18:17:02 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/14 18:17:02 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/14 18:17:02 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/14 18:17:02 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/14 18:17:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/14 18:17:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/14 18:17:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/14 18:17:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/14 18:17:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/14 18:17:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/14 18:17:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/14 18:17:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/14 18:16:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/11 18:48:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\avg
[2010/12/10 10:19:39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/11/22 16:18:36 | 000,000,000 | ---D | C] -- C:\Users\A & W\AppData\Roaming\Audacity
[2010/10/25 18:09:30 | 000,876,824 | ---- | C] (DivX, Inc. ) -- C:\Users\A & W\AppData\Roaming\DivXInstaller.exe
[2009/11/19 16:23:34 | 008,293,568 | ---- | C] (Dell, Inc. ) -- C:\Users\A & W\AppData\Roaming\DataSafeDotNet.exe
[2009/10/20 20:34:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\A & W\AppData\Roaming\pcouffin.sys
[2007/01/30 14:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
[2007/01/30 14:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
[2007/01/30 14:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
[2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2007/01/30 14:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
[2007/01/30 14:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
[2007/01/30 14:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
[2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2007/01/30 14:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
[2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll
[2004/03/16 20:33:48 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/15 17:01:02 | 000,000,256 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/12/15 17:00:59 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CD774523-2E0B-40C6-9E66-430964D9AF17}.job
[2010/12/15 17:00:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\A & W\Desktop\OTL.exe
[2010/12/15 17:00:03 | 000,000,117 | ---- | M] () -- C:\Users\A & W\jagex_runescape_preferences2.dat
[2010/12/15 17:00:03 | 000,000,046 | ---- | M] () -- C:\Users\A & W\jagex_runescape_preferences.dat
[2010/12/15 17:00:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CA1E6459-1F28-4C64-AE38-77350D6AA2E9}.job
[2010/12/15 16:59:04 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6B5644D0-449C-4B71-823D-ADFAD488B7FB}.job
[2010/12/15 16:57:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/15 16:57:07 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/12/15 16:43:11 | 000,000,318 | -HS- | M] () -- C:\Windows\tasks\APRCN.job
[2010/12/15 16:43:02 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/15 16:43:02 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/15 16:42:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/15 14:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/15 13:35:32 | 003,939,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/11 18:49:32 | 068,816,742 | ---- | M] () -- C:\Windows\System32\drivers\avg\incavi.avm
[2010/12/11 18:49:32 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\avg\iavichjw.avm
[2010/12/10 21:40:59 | 346,299,085 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/10 20:53:39 | 000,049,817 | ---- | M] () -- C:\Users\A & W\Desktop\RKill Failed.jpg
[2010/12/10 20:51:31 | 000,000,680 | ---- | M] () -- C:\Users\A & W\AppData\Local\d3d9caps.dat
[2010/12/10 20:50:57 | 000,024,750 | ---- | M] () -- C:\Users\A & W\Desktop\AVG Failed.jpg
[2010/12/10 14:29:01 | 000,471,654 | ---- | M] () -- C:\Users\A & W\Desktop\the-shawshank-redemption-original.jpg
[2010/12/09 15:15:38 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/09 14:45:23 | 003,987,287 | R--- | M] () -- C:\Users\A & W\Desktop\comfix.exe.exe
[2010/11/28 23:33:08 | 000,011,264 | ---- | M] () -- C:\Users\A & W\Desktop\New Microsoft Word Document.doc
[2010/11/27 10:45:28 | 000,001,951 | ---- | M] () -- C:\Users\A & W\Desktop\Google Chrome.lnk
[2010/11/25 21:51:23 | 000,604,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/25 21:51:23 | 000,107,392 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/20 17:23:53 | 000,046,080 | ---- | M] () -- C:\Users\A & W\Desktop\Wesley Xu's Attendance Form (UCAS 1052404123).doc
[2010/11/20 17:22:20 | 000,046,080 | ---- | M] () -- C:\Users\A & W\Desktop\attendance-form.doc
[2010/11/18 19:21:41 | 000,000,000 | ---- | M] () -- C:\Users\A & W\defogger_reenable
[2010/11/17 01:02:46 | 000,032,768 | ---- | M] () -- C:\Users\A & W\Desktop\CD34.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/15 17:01:02 | 000,000,256 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/12/11 18:49:32 | 068,816,742 | ---- | C] () -- C:\Windows\System32\drivers\avg\incavi.avm
[2010/12/11 18:49:32 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\avg\iavichjw.avm
[2010/12/10 20:53:39 | 000,049,817 | ---- | C] () -- C:\Users\A & W\Desktop\RKill Failed.jpg
[2010/12/10 20:50:57 | 000,024,750 | ---- | C] () -- C:\Users\A & W\Desktop\AVG Failed.jpg
[2010/12/10 14:23:09 | 000,471,654 | ---- | C] () -- C:\Users\A & W\Desktop\the-shawshank-redemption-original.jpg
[2010/12/09 15:15:38 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/09 14:45:11 | 003,987,287 | R--- | C] () -- C:\Users\A & W\Desktop\comfix.exe.exe
[2010/11/28 23:33:07 | 000,011,264 | ---- | C] () -- C:\Users\A & W\Desktop\New Microsoft Word Document.doc
[2010/11/27 10:45:28 | 000,001,951 | ---- | C] () -- C:\Users\A & W\Desktop\Google Chrome.lnk
[2010/11/20 17:23:53 | 000,046,080 | ---- | C] () -- C:\Users\A & W\Desktop\Wesley Xu's Attendance Form (UCAS 1052404123).doc
[2010/11/20 17:22:20 | 000,046,080 | ---- | C] () -- C:\Users\A & W\Desktop\attendance-form.doc
[2010/11/18 19:21:41 | 000,000,000 | ---- | C] () -- C:\Users\A & W\defogger_reenable
[2010/11/16 18:21:46 | 000,032,768 | ---- | C] () -- C:\Users\A & W\Desktop\CD34.doc
[2010/11/07 10:03:57 | 000,000,036 | ---- | C] () -- C:\Users\A & W\AppData\Local\housecall.guid.cache
[2010/10/18 16:35:55 | 000,000,000 | ---- | C] () -- C:\Windows\checkbsm.ini
[2010/10/07 12:13:16 | 000,000,000 | ---- | C] () -- C:\Users\A & W\AppData\Roaming\wklnhst.dat
[2010/09/30 21:49:03 | 000,000,023 | ---- | C] () -- C:\Windows\System32\PCSuiteConfigFile.ini
[2010/09/30 21:49:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\PCSuiteShareFile.ini
[2010/09/30 21:49:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\PCSuiteParamFile.ini
[2010/07/18 11:00:40 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2009/12/05 17:15:13 | 000,000,242 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/10/20 20:34:49 | 000,007,887 | ---- | C] () -- C:\Users\A & W\AppData\Roaming\pcouffin.cat
[2009/10/20 20:34:49 | 000,001,144 | ---- | C] () -- C:\Users\A & W\AppData\Roaming\pcouffin.inf
[2009/10/20 20:34:49 | 000,000,033 | ---- | C] () -- C:\Users\A & W\AppData\Roaming\pcouffin.log
[2009/09/21 17:35:37 | 000,000,680 | ---- | C] () -- C:\Users\A & W\AppData\Local\d3d9caps.dat
[2009/09/21 13:51:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/15 12:25:40 | 000,119,296 | ---- | C] () -- C:\Users\A & W\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/03 20:30:31 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2009/06/15 22:18:37 | 000,163,840 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/06/15 22:18:36 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/06/15 22:18:36 | 000,564,224 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/06/15 22:18:36 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/06/15 22:18:35 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/06/15 22:18:35 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/12/11 11:30:19 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2008/12/11 11:30:19 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2008/10/27 17:25:03 | 000,126,976 | ---- | C] () -- C:\Windows\System32\dlbtsnls.dll
[2008/10/23 13:21:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/07 16:30:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/01 19:48:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/10/01 19:48:18 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2007/02/19 07:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2007/02/19 07:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2007/02/19 07:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2007/02/19 07:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2007/02/19 07:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2007/02/19 07:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2007/02/19 07:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2007/02/19 07:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2007/02/07 17:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2007/01/22 07:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/25 13:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll
[2003/10/08 14:09:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/03/17 00:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000106.DLL

========== LOP Check ==========

[2009/10/22 13:02:31 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Amazon
[2010/11/22 16:39:41 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Audacity
[2009/10/25 23:38:29 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Autograph
[2010/11/07 09:44:42 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\AVG10
[2010/07/06 16:03:04 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/11/07 13:27:33 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\BitDefender
[2010/10/13 22:05:56 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\LimeWire
[2009/08/19 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\MoveFab
[2009/08/15 11:19:00 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Opera
[2009/09/29 16:03:00 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\pdf995
[2010/08/23 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\QQMusicUpdate
[2010/07/07 18:27:20 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Sports Interactive
[2010/12/10 21:35:06 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Spotify
[2010/09/06 20:02:42 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/08/19 15:24:11 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Systweak
[2010/10/07 12:13:17 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Template
[2010/08/23 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Tencent
[2010/07/29 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Trusteer
[2010/09/26 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\TS3Client
[2010/12/15 16:57:28 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\uTorrent
[2009/08/25 15:57:42 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\VoipDiscount
[2009/08/25 15:48:39 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\VoipZoom
[2009/10/20 22:56:35 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Vso
[2009/10/20 22:54:49 | 000,000,000 | ---D | M] -- C:\Users\A & W\AppData\Roaming\Windows Live Writer
[2010/12/15 16:43:11 | 000,000,318 | -HS- | M] () -- C:\Windows\Tasks\APRCN.job
[2010/12/15 16:57:07 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010/12/15 14:57:03 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/15 16:59:04 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6B5644D0-449C-4B71-823D-ADFAD488B7FB}.job
[2010/12/15 17:00:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CA1E6459-1F28-4C64-AE38-77350D6AA2E9}.job
[2010/12/15 17:00:59 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CD774523-2E0B-40C6-9E66-430964D9AF17}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/08/26 17:35:18 | 000,001,998 | ---- | M] ()(C:\Users\A & W\Desktop\??QQ2010.lnk) -- C:\Users\A & W\Desktop\腾讯QQ2010.lnk
[2010/08/26 17:35:18 | 000,001,998 | ---- | C] ()(C:\Users\A & W\Desktop\??QQ2010.lnk) -- C:\Users\A & W\Desktop\腾讯QQ2010.lnk

< End of report >

#13 amo1000

amo1000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 15 December 2010 - 12:10 PM

Extras.Txt:
OTL Extras logfile created on: 15/12/2010 17:02:22 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\A & W\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.10 Gb Total Space | 362.64 Gb Free Space | 61.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.22 Gb Free Space | 52.21% Space Free | Partition Type: NTFS

Computer Name: WEZNAMO-PC | User Name: A & W | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2035811709-2703977829-3145470800-1002]
"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001CCE6B-0829-4AFE-BAE2-767A794AA67A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{003AC666-5399-4792-B9DC-7DE3093A1DA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{013237A9-1C14-4F5C-9C13-946470E28CAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{01F73BA6-95C9-42AD-BC1F-635C8F963267}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{02E51F41-8893-4A9D-BCBA-E9942B01426F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{02FC1FE3-60B2-4234-A34F-69A300285C20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{032C6DC5-4DD4-47CA-85F0-3C6B7F20565C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{03CDBA01-7242-4FEB-8194-136394C4CE05}" = lport=2869 | protocol=6 | dir=in | app=system |
"{043B78A0-C718-4FA2-9A88-28493D0DAB4C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0500F40D-575C-4F2D-A2D9-BDE98A1F3AD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{06A01FA8-5DA7-41FD-A763-CC7187D41D45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{07B03BAF-A3A3-42E7-B643-5B046AE98A91}" = lport=2869 | protocol=6 | dir=in | app=system |
"{07B87A08-8CBD-4925-8B35-D81A818EB467}" = lport=2869 | protocol=6 | dir=in | app=system |
"{084896A4-D7CC-4524-B74B-83F293EC23CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{087466E2-D9FD-4FCC-B50A-C7DEF52FEC1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{087F9EF5-13AE-446F-9D29-1188A8173F5A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{089E3333-7475-47DA-AA7C-C41D4F83AD3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08F328F4-C0F5-4F44-8E5B-BAC0EBB256A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08FFDD45-E875-475E-9CCA-003429C9711E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{09823A2A-28F8-4D3C-BAA4-ED212A97AFBC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0B8CF35F-56E2-46F0-BC39-29EFB63AEA4C}" = rport=445 | protocol=6 | dir=out | app=system |
"{0D0ED65B-5479-4773-AB1F-F38FA8364D30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0DE89FC1-F54C-4A5B-B625-DD742ED06110}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E30AB99-12AE-43BE-89E6-78697BABBEBB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0EE01365-2BEC-4005-92D0-F7DD4BB807CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0F5BFBA4-142E-4EB4-BE60-8EFE40E16934}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0FB86AC2-6FEF-4D7F-9E8E-36E596ED4C51}" = lport=2869 | protocol=6 | dir=in | app=system |
"{11280C6A-B6D0-4C25-AD67-E8A9E5D62C0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1171B268-AADF-429C-A6C6-2493EBA2CDC1}" = lport=137 | protocol=17 | dir=in | app=system |
"{118A632E-7516-484F-AA38-A3C72B31F942}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{11B566E9-47A3-402B-8156-BA20D7CE4FCC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{11D77FDC-5BD7-40D8-AE25-67CF08C5F3A3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1239040A-2291-4DC8-B102-3B559F65FC3F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{123FEF0C-E7D2-4E08-B294-65EFB12CEE88}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{12452270-2C60-482B-A05C-A53531F02E16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{136CCB46-D2D9-479A-B69B-C63940E39E4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{13F28768-8BAC-4DF5-80A9-6B1AC3F041C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{148D7DB2-7D27-4BB9-927E-F04601F711A5}" = rport=137 | protocol=17 | dir=out | app=system |
"{16F674B9-292B-436C-A984-87FA0DFA4D64}" = lport=2869 | protocol=6 | dir=in | app=system |
"{170D30A3-7FA5-4F99-9B22-046BA7A2CAAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17E87743-6968-4B22-9E4E-D28611D00D70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1856FBE2-3062-482D-9AD8-637362DF9179}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{187F4F1C-8B40-4FF7-93D5-1709C0407973}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{18C06CCD-F02B-47CA-A2C8-1FCE955471D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{19D335AA-B64C-4449-A458-D9F5EEA642E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1AB48349-5CB2-4C30-816D-F7589E6688E1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1BD8CA0E-4C0D-45A8-976F-AA552F4683BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C748AC1-D902-4AE2-9651-C656AD2316F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1CF41E6E-A916-49C2-857F-A575F742CE94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1D59A3E2-1338-4C0B-97DA-29AA45C15788}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1E22DF8C-F84A-45CB-8700-87E5AD0B4169}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1E2A7A32-0998-4DE4-9746-BEFD8A2BA90B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1EF00DD2-4EB0-4C30-A0E4-EB1CCCF74C74}" = rport=138 | protocol=17 | dir=out | app=system |
"{1F50C89D-2005-4F38-9A22-653CCF80E9E0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{20B8D915-2382-4A2A-ADF1-403A5566CCBB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{21E0C738-60DB-4E22-8E8D-A40F0C199DEA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{222F863B-2E8A-4B74-A58B-0DB391D10CAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{224997EA-6C38-45DC-8605-3CC7996B6D68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22A0A8ED-6F46-4BA8-947C-705B810966DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{22D14304-CB64-4A46-A2CB-3CFB2DABF6CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{248532B6-6D2E-4836-8D32-A22B9BC17823}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{27D2C710-1A72-416B-AACB-BAA460135A43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{28423F8F-D7C8-48A9-A7BC-F14A6655C95A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{288AF597-2C1C-4159-9A1E-573A577A0FD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{29FCDFFC-98E2-44E5-9D11-2ABA6730953B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A7ECBF7-01CB-4534-8A45-348DDA1A68CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2CA46C1F-900D-4805-A1EB-67CCEC11503D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2D1C52EC-60FF-4030-920F-D5F9038BA547}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2E8EDE29-28CE-4A45-B1C6-D0C3EE9A4974}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2EA586AB-E5FF-43F3-9AC9-FF9ABC521485}" = lport=2869 | protocol=6 | dir=in | app=system |
"{303E69AF-9C70-403C-BA75-47686FC7D862}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3137F8A6-C410-4673-81D9-291DF1B28728}" = lport=2869 | protocol=6 | dir=in | app=system |
"{325598D4-156F-4BF2-ACD1-010A0FC5ECE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3384F64E-E62A-47B1-9F64-76B21DD8526E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{341C8B18-B842-484A-97FD-41AECA2A484A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{34694B4B-4923-4A03-89F1-643A4B0CE704}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{34B516EC-74A9-4B3E-920E-9C29EE4F1F63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{34CE2EF5-1625-44D4-BA40-926AA97A66CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{376EA98B-354E-48B0-9A5D-469962F0390E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{38063CAC-3B8B-4BBE-8A7C-2E5440133EEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{38179737-832C-4B27-AF5A-CEC78BBF98F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{386AC339-2B65-4DB8-AA8B-9C92EDC34870}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{39843E87-1F86-46D6-AECB-2935AB1CD9F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3A66708B-99EA-46E8-BC12-6723EB2690AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3A974522-C97F-47EF-A895-93E1AA7B6CDE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B5018D3-7AD3-428E-A680-379FF979835F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B85260C-2B1F-41AB-8547-F4B2FFAA61C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3C21890C-31FF-4015-9769-DC74BF668D2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3DFE0B67-8396-4086-85C3-4AA32EFB68E8}" = lport=139 | protocol=6 | dir=in | app=system |
"{3F1C5A29-F2D7-42B2-9C25-8CD53CD85D79}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4047C817-6DD3-447C-80C5-98F89769906D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{409A4B97-5003-4212-A95E-0B55C2725804}" = lport=2869 | protocol=6 | dir=in | app=system |
"{42AC3192-DBA5-44C6-AF75-476F874BD708}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4323DA89-6356-45FD-B545-BF90E0F78909}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4354A66C-EBC4-4CD8-8CFB-0F991A92DCE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{43C9DEA8-0698-4664-BE58-0F9FB07C0DEA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{44798BC3-B20D-4F0F-A0CC-254C46D0C461}" = lport=2869 | protocol=6 | dir=in | app=system |
"{45D27092-3702-442E-BD52-2E4D6CF37208}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4629C5AB-6E8B-435D-B5F2-B87B80A9C2DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{473B9590-77E5-4D96-B9EC-FF4FDE42097A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{479CBDB3-F065-4CAA-B9AA-C09DA3D262BB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4857450B-1EF4-4DDB-A54C-EF43A42A282B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4A0A9461-7FE9-48BB-9756-E20C05FB3031}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4B09DE65-3CFB-4AB1-B385-72555F382952}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4C770B17-0940-43B7-9343-75BE9900B007}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DA27B3F-0AD6-496F-9E66-33EBAEA2E7F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4DCEB930-7E08-404A-8521-8D4CFF56293C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DE0C5BE-1571-416E-AF1D-6AD67763816E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4E0249F2-5A46-4D33-BF82-F456EE81AAB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4E7AE4D0-486F-422B-B492-DE15FF3AFD0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4F042AFC-DD2B-4621-82D3-8A47D96BEE59}" = lport=2869 | protocol=6 | dir=in | app=system |
"{50761FD6-4FA3-4243-AB33-E1AC9992C55A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5114BAB2-572D-4669-9CB2-A6193EF25038}" = lport=2869 | protocol=6 | dir=in | app=system |
"{519EF994-8AF1-46C5-B7D0-F20DE4283B4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{51D45731-E605-4F6A-B09A-C1A19B60E258}" = lport=2869 | protocol=6 | dir=in | app=system |
"{533FAB41-2444-415D-B038-D747EEBDC4AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5377543B-70EE-47A6-9647-0CFBAB246E48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53A7B44E-9311-4B2F-AF6A-16CBA01A1C0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{53F1D242-23ED-436A-9318-9DA99E30163F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{54F84173-9EB6-4F98-88BE-BC4E78FD35BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{557793D3-A225-4C3F-9FB4-CE04DC61DB25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{566EEDDC-56ED-4EAA-9FA4-A8C8AE2B43BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{56CFB0FF-C5EA-435D-914C-7D9A8C56B67E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{59ADDD7F-914A-4B1A-8C58-DA0DFAE027E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B1292B4-9BC1-4353-8F00-32C9400AB1D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5B173469-FFFD-4355-B733-74685F31A1F3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B9F0567-881A-401A-9B77-AFDC26D2AAF8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C4AA8CA-C2C2-4337-A2D8-693643816054}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5D0D0F47-9505-4FB3-9CD9-5BD853128FB0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D5BA4D3-76B1-4AE5-92FF-DCF316AFE682}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D8235CB-8885-4DE9-AD6E-DC7DE34EA3FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6138C298-ABA1-429B-9D77-2757B382ACE5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{614455A1-7CBA-4894-B6CC-0D46F5B4BA61}" = lport=2869 | protocol=6 | dir=in | app=system |
"{628F9D4E-F1F9-465E-9A5D-98DEDCE6DE1D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62D41671-94A3-47AF-A46F-743DF0D5C4A5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{62FA1A2B-C290-4F12-B346-FEE6A86932CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6528FD35-A5FF-4108-BACD-0FB86063736B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{659BE24B-5A42-4911-86C5-F220EE9FF0D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{661B6ECA-19F4-41E5-9245-9B7F91E65BB7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6641587F-ED23-40CD-B300-2118D2FB252E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{668350B8-FE80-402C-A8D6-783F22871C84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{66DBBBB4-74C2-4577-9450-90421033D4E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{679F6E92-ED03-45EF-AB81-8DD16E9FE3BB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69ED420E-43EB-4416-98DB-7C4C0B80B2F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6B0C367C-0C3E-4D33-BE5E-638DA972D022}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C3ACFDC-C247-48F2-B829-CF7E7770A07B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D78DCD9-5B79-4862-91AC-FC02EEDBD0FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6EBBB4D1-67D8-45B8-A6B8-6433D1F39DBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{70B5C849-A629-4698-9C3F-FCC1287B72CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70CFF916-4216-440F-9799-6EEAF2657D42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70FA9938-F9AF-4F0F-A3BA-73E757F7D6C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71FB7462-521A-46B8-A76A-D5F3BCDD3A4D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{734A0829-B97E-4CC8-93B0-1E4A815C4631}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73B11E91-0D9D-4267-B225-095D05BEA250}" = lport=2869 | protocol=6 | dir=in | app=system |
"{762DB2FA-5779-4ABF-B8BE-7D58ABA93E56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{764AABFB-98B4-4755-8C26-680A62BD5588}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{785432FD-D5E4-43FF-9A04-1C73036EB733}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79410417-01CA-4586-9B9B-B4C8D541E117}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{79C88A2B-C80E-4DC5-90D2-CD13436B9662}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7B578B01-9CAF-483A-8BAD-5833096919CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7B96A0DE-0C96-4DAB-9BDE-9E1B3FBDF645}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7B98CF10-A4E9-4D9A-ADE4-57B6BB7901DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BE7599E-A3E1-48F5-B922-88FC55883B12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7C6D6270-B224-4BC5-A03D-31A32FFC250A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7C6F372C-FFBD-44FD-B92C-0B9330C0BE66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7C9C9041-DE58-402B-9C5B-6FEF6797D9EC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7CEC090E-78D6-4144-B7A2-A102D39D1042}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7DF6D8F0-1A30-45EF-A5B1-E12AC5472399}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7DFE92AD-14E9-438E-B02D-28A4EB2DDCE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7E3E38D2-F694-44DE-B979-06FE7BF9E0C5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E415B3B-FF57-4B8D-8740-8A5B66FC4F70}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FBA6F8E-A725-4A83-8886-24242D957F83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FCA19F4-D12D-411C-B356-09AB777A5EEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FCC0430-75FF-4976-A826-BB615F3C1547}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{80349C07-F353-4D0F-9322-A242F27F9BEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8127C9D8-F19E-469A-837E-C3E393E9F134}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8199D20A-FCFC-4D0A-BF5E-25DD875FC928}" = lport=2869 | protocol=6 | dir=in | app=system |
"{81F01284-B84D-4C86-B9E4-FECA0BB58AA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{821AFFC7-C9B2-4DE0-B880-9FF90BA460CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8241234C-A5F6-40C8-816C-08244F2E4B30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8374B4DD-E83C-4C03-B23A-9A14C82DC04A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{840451E3-F5CF-417B-A774-61A780D27317}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8446873C-7AD2-46CF-8BDA-62B6D8CBA339}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{845D2A13-D950-4C30-ABA7-3DFEDB0284D9}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{8558F9E1-525E-4C33-8335-041BB0591336}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8589CD91-B604-43A7-AE91-479B4ACB41D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{859B864D-FBC0-47B8-9E50-D2BEFF171617}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8727EDF0-12FB-44FC-ABF4-C643953AE3AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{873F841F-5E29-4F27-9DB3-D322979B155F}" = rport=139 | protocol=6 | dir=out | app=system |
"{876E57AA-8B30-48ED-9135-3B1E00560B66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87E6F9EB-8F79-44C5-A658-9B72C813BB27}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{87F660EA-1896-47D8-A84E-2DAAEE2C3B90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{89F4E5CC-46C2-452F-A8DC-0A2BC800C7A1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A4CEC93-1C63-4236-AA88-180AF02404A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8ABAC7E7-10EA-4292-9F59-5A105DB99EDD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8B41C139-EFB4-4D2B-9AD2-2E55DDB3528D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8B66C2C4-AE98-4D68-84BE-7AC9FDAC134C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8BD3AF58-18B5-4EA4-A01F-DC2EF89774B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8BD580A9-2CC9-41BB-9B4E-428B18CD71BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8CCB3E9A-6BD6-4018-A5C4-25395383D3A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8D420318-7E5D-45C5-8C7D-48B1196AF99E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8D6EBFE5-6475-4FE7-AF7C-DAF580416545}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8DBE971A-6E5A-4EC9-8B11-0DBFB693C0BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8F67687C-E1AC-4C0F-B981-5296BC49DC35}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90582726-F881-498B-98CE-4E75EF95940C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{915150C1-18AE-48EF-941F-F439B1141791}" = lport=2869 | protocol=6 | dir=in | app=system |
"{929A6105-BECE-4E0B-A87B-5BDCB9FB197D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{929DAC49-96BC-4B3F-9943-B75D2C923EB2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93CDEE09-09BF-4EDA-8EA3-3E937B3BAD87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{95F1F50F-DC90-4312-A896-C091C8345A73}" = lport=2869 | protocol=6 | dir=in | app=system |
"{961A79F1-5EF1-42A5-9958-B9DE8129BFC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{96B59150-16C6-415F-AFC8-687F7567CF11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{986C4782-455F-4D8C-B49F-CE7FB248CFB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9A55594B-A786-46C4-8224-210D0B230A55}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B0CA0B2-62AA-44E1-85E2-3B89CCFE8B4B}" = lport=138 | protocol=17 | dir=in | app=system |
"{9B5F5505-E453-4862-A710-E3F712004EDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B79B451-2B42-4621-9BE5-B5B30F8E39E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D4E0ED1-D003-40A1-B41C-FD358AC0EE79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9DBAB3E2-9BF2-43C4-87BB-4004DAB0BE97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A0B1B177-16A3-4F10-B458-D6E666B7FC1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A2A3C774-03E0-4088-8FD7-2697F59C74D2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2E1E7DA-B822-4201-B82B-D9610951AB0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A43E44C6-3102-4D74-9F41-1D6D972F1C02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A62500D5-AD4E-406E-B81A-0CA1779B7530}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A749C547-18D4-46A4-83A9-F4BBCB5EF747}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A7FD55DB-B40E-47F0-B88A-C983BAA6DB3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A8195865-FB04-44EA-99A5-D2C6B3BFD086}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A85A69BE-FBED-4461-B4F9-F21C31563F83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A8F914B3-B088-40F5-930D-CF7C86B700D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AA05FBA2-9A23-46E5-A9CC-0806306F8265}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD38A762-FBC4-469E-8E5C-6F015DEA6129}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AE7E5607-754E-4E64-9250-AF0105DE5DC4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AEC4C9AC-D33E-4DBC-9381-0C7F90627F33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AEFA6D17-779E-491E-A883-2CB587F1AC9B}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF83FE44-B24C-49B6-AE2D-F04E6478F018}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B00E80AB-0BB1-4627-8F8D-E66DC087857D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0ABE1A2-CF3E-422D-A923-DEFEC3667E0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0AC7E0D-EEBB-4496-9B7E-933499BD5DFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B1678C79-C085-46D7-AA6F-D8F09292DEAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B1B854A1-4F83-48AA-B20A-C137659735A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B1EB7C4A-4FC7-410C-8407-85E39E563305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B1FE2713-A325-4FF1-BAE5-2097CA7338EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2C462F1-2E95-4A0B-B752-10E9C3D9D439}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B2EEE2A8-87C2-4696-B12F-7E68014672C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B3203A7F-A1BB-4FED-8662-3301BECEB415}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{B5986313-CD95-4F41-B706-AF79FE3E5FDA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5D6EABB-6EC5-45B4-B13E-A5F1E957299C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B74F25F4-5F23-40E6-AB8E-6AF918A24C79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B76DCB4B-0AB8-44BF-9CBF-6C565D35EF7F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B7C0BF3C-C78A-4BC8-9440-8972E61C7BB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B84D04F9-D9EE-40C1-B4C0-09CD17A09138}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BA3AB634-8F8A-4018-A067-B5E31986DD83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA81CEF8-DA6F-4779-B51E-D2AC3C39B5E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BB4E4088-E5D7-4406-8371-333016636D81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BBA97C6F-E9B2-4597-A0EA-50F1A061C878}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BC01CAE5-6FD5-4603-989F-B19A2EC2DA11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BC206A58-3209-4578-8A21-B042EB2B03B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BDFE5196-B230-4D35-AAF4-6F7D6DF14648}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BE4A5D3B-6BBD-403F-B27E-4F846307A713}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BF0A967D-DCB7-40C0-B617-6EF4E6EA808B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF6A6D04-5765-4FE5-A54B-AD86F0C1BD53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C0085ACE-C873-49C1-B327-9885E82A7382}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C03B41BA-D28E-4838-B031-A12C77861956}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C0DD2709-97CA-4735-8FA7-8BC7DFEA3873}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C289F1B0-C81F-49E6-81F5-F87512CE49C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C33364AE-4843-482A-9B09-1777645136B9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C442A58C-FE16-4179-B737-997C65858F07}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C448A2BC-E8C8-444F-96E9-E8891E8B2643}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C44FAD90-CD84-4183-B518-1F02589EB3A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C45EB19B-DA51-4B06-872F-601E70AEADE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C4691B16-E22D-4577-9017-D87DFC0B3C47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C4CBF26F-0151-4CBA-B5D9-53A4A2ABA8F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C543C709-380B-4EC1-A36E-1A35F2F637A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C62934C0-0C44-4D28-AD89-516FCAFF11F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C757C148-BFD4-4AFC-A55F-CC3C30B2B9F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C78E4DD9-56DA-493C-B51B-44839ABE51D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C84AA49D-218D-43F5-9B25-8469A57697DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C8CE5304-BF89-4ED6-8137-81D63834D540}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9453DA8-4BA6-4EBA-A168-3C5E67820C34}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB6E0130-C1DE-4AB1-9C60-14F4DA4A3579}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CC1D451E-21E7-40CD-BC24-893B51AEAC52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CCCC212E-FB36-4BEF-AF50-5C9CDD944678}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CD383769-C1F9-4AE8-8DE2-A271A3819596}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE7FBC35-0590-4BF5-BCE6-71AE99F11F3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CF52A936-E637-474B-8AF3-28B70BA2ABE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CF690C61-11D0-4EE5-9483-A6B6B2C04BB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D02E756B-3A19-4B65-AAB1-7B21C102B09C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D0CDE23E-8DEC-41A2-AE10-2DAA2DF42919}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D144AAFA-AE6A-4AFA-9DE4-077E3E175ED5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2045948-4448-4E98-9C3E-B859CC3F1946}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D2C93EF2-64F5-4B8F-9EA1-4CF7BEBBCE9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D44E58E8-AD30-4D97-B64B-E3BCDB554E64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D49D451A-404F-4232-9C25-8BEAF8519E85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5A2AB79-783B-4CC0-896D-E061298586BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D71DF8EC-AC9B-4A27-A0B6-4FA48F3112F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D842ACA8-9822-4F2B-A37A-7327309ED1AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D865C1B6-709F-4038-9AA5-42E203DDFE6B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D8DB593D-7137-405D-BC28-6833C3E7418E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D9155543-2BBA-4D5E-B5E1-7FEB475CC423}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DAA911C7-3BC9-4061-9E1B-A00FDF32DF0F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB48787A-B7E3-4DC5-80A7-D9E29BBE4776}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DBAFD28A-0A74-4814-9DB9-03D3C3C905E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DCA2AEA1-1668-40B2-8F8E-BD002E5CF37D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD0F7982-E886-4808-8EF6-E74086B2C676}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE190AC1-4498-40DE-BA03-6759E44E9FE3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DEEBD9EC-605B-4B32-BBF2-C641BF6A7819}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF2CAEF0-6D31-4674-BF45-2B4787AE007F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DF7E0E43-CD7C-49F4-9DE1-8CC511AE3E0D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E14FE409-39E3-4539-9A2E-55D0A652F4B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E15F3A9B-A9AC-4311-9814-9CB0C7BCE9AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1AA3618-3686-4550-B7E5-8636D69C0C07}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E209FC4A-AEDC-4C55-A421-FF64075579F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E20EF690-0FA5-4FBE-A1AF-D7B478917A9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E221877F-60B6-4CFC-A3AB-7C9603125033}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E2D298DC-1165-4D48-A7D5-87BBFC8EEA56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E2E2C842-C70A-4449-AE79-8D1DC6311362}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E3ECF220-C25C-458F-B942-DCA0416CF940}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E44BD43F-3093-4281-AE6D-230A1C3ACBDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E505B047-81F0-4812-959C-248BAF56EE29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E60DFC4F-13D5-403C-A84F-C0482549D86F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E660B0B5-AF5F-42FF-8F50-D3351FE647A8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E715C2D3-2982-432B-AD94-3E6279C6E5D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E7C45D61-07CD-4256-B76C-65EBE512B171}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E8D56EAC-B929-43FD-A31F-C80731E9FE9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E95188CA-75ED-4619-BF21-513EC13FAA5E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E9CF1CA6-10F5-47FD-BC31-269299DD8C80}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EAA3F352-13B4-4116-9C59-DB941ECE6DF4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB02F4C0-CDAD-4C6A-B1D0-CD344D21D3C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED9E1D30-19BC-4243-AC54-6625473DB59A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EDC35FE7-C7A4-40F0-97AA-3B821C7192F3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE32121B-0958-47BE-8CF0-AABBE6B5F31F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EEA303F9-C64C-4F06-BBC4-AF3E283A61CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EEE8570A-48D6-49BE-BC7C-9CB98C1F1320}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EFDE3CFF-E39D-4DD9-8BCD-36C47EF600D8}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{EFEAC25E-F103-44D5-927D-2E147C7733DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F0622751-87EA-4E3D-99F3-B170A9E47453}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F24A322D-C6E3-4663-B260-7D867011C333}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F280B599-2464-4265-A415-14AD4306DFA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F31E6582-8AED-4046-A00B-4F2A6FDF8C23}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F37A7407-EC17-4F7C-B33A-F770401C915E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F43F5CCE-CB75-479E-B3C7-74CEB6993D00}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F441FDF0-749B-427C-9FFF-2C52AA6CECDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F4777C82-E877-48E2-962D-39E88EEC9676}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F4CD834E-9A14-4DCB-B424-422BE405D2DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5665D56-29D4-44AE-98FF-2BFC2258614E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F6D3B308-0F99-4A44-8C1A-02BBF7A077EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F7B26315-C8E6-40D7-8692-EF2CD411C831}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F83E558E-4446-470D-B4E3-1D436A3AEAFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F87C78CB-921A-4CE3-9117-6187F738A1A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F8CF767F-E03E-446D-A882-D0CBC8020A51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F8E2AC47-DA95-4C21-85AD-0FC398C834EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FA273E17-7BD2-4E9C-9235-6E29AEC7D224}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FAAAE113-66CA-4A77-8378-8E605446175E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBD746C8-7BA0-4A27-B077-8CADD6993125}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FCD9F05D-5FA9-4926-BE27-03D818DFE814}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FCFD6073-4F00-45D9-ACBA-46AB2378C15C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FDFD9F2E-53CD-4E6F-B1C1-E7AAE1B98451}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE36B689-DC27-44D5-BE1A-D0265A9C0221}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FEB57BA2-E1E2-41D0-AD4C-76AC8D21E2BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF060853-D30F-44DC-B66A-D1352C860A4F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFDEA98C-FF9B-4C8D-A3E6-F95CC0FB9B39}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFE07B97-DFF9-496D-9300-C179BC3EBBFA}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B2674A-20D8-4C91-90E0-FAC73E361F60}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{020DC315-2E42-48A3-8C78-18F6CD819DDB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{04A9C842-34EF-4F7E-8232-B962E0D95106}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{05373CB5-8366-4C1A-83C3-01164FBBF36D}" = protocol=6 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\tencentupdatesvc.exe |
"{0539E606-3C78-464F-BC79-27DAB08B5A04}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{07DE07A8-6FE2-4652-A7D9-3DA190C2FFDF}" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"{081ED7A7-20B7-4CD1-8334-FBAA9CB1FE7E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0866670D-B279-4E2D-BC64-536D4BBAFCDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{091EFE32-6ED9-49D4-B415-72C0D8F14D14}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{093B3AC1-E083-46BF-BEA6-77D236A88535}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{09A4675D-6E0E-48BD-AF80-2DA6076FA1D6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0C046948-E8C3-4950-9AE3-A190E6EFDBC8}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0C61A91C-486F-4E9E-A8D4-F7EA7EEBCB09}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0CBD280F-D734-4506-A80F-54D150FF11E8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{0CBEE844-0A8E-4551-8C09-3DD7F78F5D4B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{0DCCE93D-5DCA-4487-961D-344223226478}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0DF28217-4BFF-4103-AD07-C82D1A2D067D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{0E9FA63F-23F5-4174-A856-3CD4E1DAD2FB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{0F82CBEA-C37B-421E-A697-78160CB04AC6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0FB3DD91-5686-4A53-86CE-678123B12908}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{11442698-B9B7-4013-895B-4656C0D352A2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1334AFE4-7A73-46B2-9A0B-CD65C385FBC0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{14FE2288-9FE5-4AFF-BA46-49BEFE64A1CB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{15423E7D-3686-48B1-8924-6A5DED757449}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1566C5A3-A76E-49F8-94EF-F1873D3ADC9A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{15F97629-5733-4557-A11F-A180C22633D7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{162F8E02-3A08-44EF-BFAC-D745B0E2ABD3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1639EC32-5E43-4ABB-AACB-0A46B623AB27}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{16CA6944-0AF1-459B-86C6-69B63DF5528C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{16E15F50-694E-4587-8E0B-7DA06C7C35A6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{17507C29-B26C-4648-A80F-0226BBABB30F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{19AFB3DC-9549-4D0F-BA59-55E740A7DF7A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{19B4BB4F-DE43-4F00-A913-F68E81F1545F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1A4071CF-CB08-4B3A-89BD-C73ED9AFCA4D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{1A7893D7-4BF3-4A7A-939C-89AE4548A43B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1A9A5893-E747-418D-896C-FCE9FC698050}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{1AD64245-90F9-47D9-ACE8-0ACFFB318B66}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{1AE917A5-B60C-4D67-8167-B3CE730424A4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1C05535D-FBFC-4732-824B-6CE60636C4DB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{1C676612-D64B-492F-88C4-745D5F0E2236}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1FBD355E-DEF8-40A6-BB68-91D134D6FAEF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2049B2CC-62DD-4605-A4EE-5AC27985D3FE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2053B68D-B20E-46B6-86F9-12801D8255D8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{20FD1F9C-D093-4EF9-A3D4-3E9AB8EF06CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2164D872-BDAF-42D8-AF46-B8FC4876980D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{21E0B328-34CE-402B-8E0F-135DB92CF5EB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{21E8709C-1EF0-409C-8BBE-4609257FDA71}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{21F50613-A15C-4187-A0E1-AD487B7EC752}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{228025AE-C0D0-409A-A6EA-5666C6783226}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{22E41299-FB39-4FA1-8DF5-64B837D031F1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{237D6105-9B87-45A9-B6F1-3E7E489E7814}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{240660AE-CA7F-4398-BADE-E000B2C49127}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{24D1AF70-D915-49AC-AB7B-2955DD1CC241}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{26471C5D-F696-4ACD-8656-00DCB72404EA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{266048CB-D5F2-4E1C-A1CB-FF429F6A1B8B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{266EE600-429B-4329-A993-BBBA9F4D2A58}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{26A3604F-0FC5-4DAB-81C3-F6588191BFB2}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{270E8B13-62F7-4232-9089-EB337581539D}" = protocol=17 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
"{273BFADA-BB08-4888-A1A5-D5FBC5C67CC6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{27804F4C-F412-4772-AB95-7D5FFD216CB9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{28260DF9-4A00-4530-A04F-D8CE37765E87}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{28560E6A-666C-4651-BD07-CAE5C402710C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2924DAD4-D402-4450-AC24-182864F90A62}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2A47EF39-2F0C-4E5B-A3E5-BEBAB7694FFA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2A8C8B65-22E1-436A-BC80-7373E78150CD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2B523536-6A9B-46AE-862D-6EEA7901B6AD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2B6561FD-9C29-42BB-A2FC-D05CA9492976}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2B8666BC-AD19-428A-9A55-0B883FA97356}" = protocol=6 | dir=in | app=c:\users\a & w\desktop\steam\steam.exe |
"{2CE0755A-3319-48F2-81AD-1F0D794CE035}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2D283E9B-484C-4C38-8219-6961986FF857}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{2FA8F88D-5F32-41B1-9607-EA4AFDC2198E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{31075F35-82E2-4E8A-A8E8-00F23205D01F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{314CAC96-30E8-4BBA-BBA3-BCAFF3BF209B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{316CF1D6-0821-4345-94FC-770BF4B16245}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{31AB856A-9E4D-426A-A49F-BE827F74D8FF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3242E875-34D5-4BD9-A7C3-82B313CA234E}" = protocol=6 | dir=in | app=c:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe |
"{32C8CF02-7134-48D1-A426-D391DA182AB2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{33C12945-14D8-475F-A4A6-37EF27914D9B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{33DF303D-ED2F-4679-AB67-AED43B8BDDCE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3437509A-FBAD-4A4D-8D5E-112C50BD435B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{345822B0-3736-46E9-AB53-DF18A7B4C7F9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{35024795-8882-40CD-BE6A-479F63CAB651}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{35415389-50FC-4C15-B2FE-AF5E1CF4DAAB}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{35BA154F-725C-4E4D-8528-225D62E42A5F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3A74BB63-080E-40A4-B5D5-8FB763CBF840}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3A9C8D25-5C6A-4B0C-80CC-01CEEDF7ADF0}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{3B8B717F-7888-4377-B3E0-CFE16088368F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3BAC8562-B7F5-480F-A0E0-769B3E59EF51}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3BFC8226-0242-48C3-9D8D-49C4D9CAE854}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3C6EB7E1-AAB8-4CDE-8B30-8FA05768D316}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{3C833F47-169D-4957-9A21-68F9927B5733}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3DBBA87E-3481-43A5-87C3-48A646543DDA}" = protocol=6 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
"{3F128FD0-AC8D-4A99-8380-94295AB87987}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3F2B0F02-6CEE-4E6E-A290-5027BCFFA91B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3F40EE4D-F6DB-4B9E-B66E-C99452D2D4A4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3F628F3F-27A7-49C6-BACD-F9AA25009A90}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3FB77F1C-9A22-4DC7-A9C8-2E18B872D085}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{40260265-2D60-4536-A584-1A31FE4D26C0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{40536C57-1F41-4096-9346-4F4006CA4A30}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{40CA04A7-4941-48C6-9769-CE47ED612910}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{422D85A7-68FC-4EEF-8B53-C7C0256F68F1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{428317D0-04F6-4D6F-8CF0-B37EC9ED1CC8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{42C6EDFA-D783-4818-BF65-9E9DE08167BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{436FD855-8F01-41FC-A307-F59AE1E56BEA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{438E4B02-3DE6-439C-8BF9-50E055135981}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{43931B05-770E-4ED7-9BCE-910E5E08DFA4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{440FC478-4A07-453B-BBF6-F011F2385878}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{446232F2-D27C-400C-8FC3-9C1FC0A8B140}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{44DB3031-EE13-4A6B-8F56-A2CC5237EEFE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{451EF6DF-CF3C-4937-83A0-5EA280945EA9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{45744A65-FCB9-48E3-8B23-7C91EC78DF22}" = protocol=17 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\qqsoftmgr.exe |
"{46669335-D861-4B59-8C76-C89F17DF0683}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{46823A6F-DF93-40B2-B484-9E85587CD39D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{46934454-FAC1-45F2-8DDA-6FADA9993701}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{46B5B3B3-2E30-48FA-98F5-85C7221FBFB5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{473DEFA5-1499-4F4D-A8CA-C6F440A12FBA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{47B0229D-259B-4F98-875B-812A70153EAD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4914AA89-58DB-4C2A-92DC-D0887935BF39}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{49F2343A-B318-4618-82C1-8815A534256E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4B08352C-9096-4D78-A8F8-1F84EA151AEC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4B5B9238-92AE-4FF8-95B3-57B4FB89E5F7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4BCCC623-F802-4C31-AFF7-1BBFF072A1D9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4CE886A2-5AF8-461A-B6ED-CE2F8BA732B1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4D89C5EB-C26E-467B-B544-1F1FC5C945F3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4E29D555-44C0-4B4B-9F66-CEEC12ABC6B1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4EF30915-BA4C-4972-8EF1-8AABD9344374}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4F1187AA-1E5F-4537-8145-1E3ACA1A32E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4F302E17-0A2B-4D2D-BAAB-47F7D8536EE6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4F348BAF-8C95-4AEC-85C3-DCBD0DCCCA40}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4F66F3C6-8A05-44CC-A875-B514EB600B28}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4F817188-347C-4D87-8E8A-B6A303EF3BDC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{51179412-570A-4771-95D1-83028891AA19}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{51924B90-129D-4F5C-9332-B1B883B685A5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{51FF961B-AE13-4713-A682-691FDA2D7E93}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{521829E8-7DC9-4FBD-8F3D-2FBBB0F23510}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{523533AE-0396-49CC-9847-CAE36763F91E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{524EC743-0A3B-4B8C-ADA6-7E53F1072A11}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52DE7696-61AE-4123-8BEB-E78D5E12101C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{53766D62-FD62-4983-A12D-430038A47D38}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{549AED6B-38B3-4E81-90EE-2EE2A2E427CD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{558C1DD8-1452-4BBE-9D6B-CEEBAB549D5B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{56272171-0E17-47D1-BCF4-B6CF6129A302}" = protocol=17 | dir=in | app=c:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe |
"{57C0BA64-265D-4214-9895-0F232561DE91}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{591ABBDE-4568-4D8C-9473-51B66805AE40}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5A04A6A6-96E5-4292-9F3C-1717A616F058}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5B499C96-C597-4181-969D-970DF950C5CF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5D5D00DA-A8DB-48DE-A280-00962E69D883}" = protocol=6 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\qqsoftmgr.exe |
"{5DEDCA3F-325D-4629-A742-7FEEF3A71A75}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5F1B73D8-3DF0-420F-9773-C0CA66694312}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5F674BAB-668D-480C-87A1-6E082F4C922A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5F717D41-4767-4D2A-90CA-9422ABA2D5B5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5F796D62-42C6-4155-9615-4DE98BDE0D16}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5FE273E8-767A-4228-94DD-CADC9CB7FB4C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6058FD2E-2B14-4DEE-B6D5-67BD63B08444}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{60DB308E-D6A0-4354-8D6D-9C94FA522AA2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{61185CD2-DB50-4DE8-AA94-0C8D74AE28F8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{61F7C4A8-E42D-4553-BE97-80C94C5115EA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{63BBFFFA-A88F-4518-BF6B-F2EACD021875}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{63DF490E-1E71-463D-B8F7-67F7B8F9D6EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6515B5D3-DCF8-4CBE-947A-B9B046184D42}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{67194EFB-1B65-4F70-8BB2-82530DE95278}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6789AC1C-B86E-464B-B913-C3B4F9A672CC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6A50962D-1A72-407B-8195-DDCADF72BB35}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6A6CDCA1-851E-4DA7-94D8-EF5F8A44F7AD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6B1FA8E3-FE17-4D9A-9DA6-19ED6E7E39CB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6BA29B2A-BB64-4854-8374-B5A92F641B7F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6BC16990-C1F2-4D77-9A19-A9918D19B6A0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6C0A2661-CD83-41A8-893D-F09391EF941E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6C1211A3-B38F-4C2B-BA50-8472D39F4AD0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6CB6E67D-1119-479D-B81B-032BB7E1306E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6D8E3B0E-3AEB-4731-A703-3C8E3322EC41}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6E1A8220-019B-4292-8476-70686C17DBD2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6E915628-C65C-49E8-8B36-CB3BCFF06C63}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6EB9B4D8-9FF3-42A2-BB93-FC89BE4DE7FE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6F650B72-6E75-469F-A5BD-8D5D458AE06A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{70380528-7E9B-4E82-83BF-B44EB21C3242}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{70970029-80F2-4B9F-88E4-7DE9AF954DDA}" = protocol=17 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\tencentupdatesvc.exe |
"{70D3BF9A-EB50-4684-AF8D-8611F8FE4331}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{72176CC0-6766-4D3D-B5AB-B44BA9C2CA07}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{729B1C35-A7BE-40AD-B1CB-0ADB22532E14}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7368B1C6-5DFE-4FCB-B34A-CF0C9978FB9B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{73FDDD14-BF22-43AA-A8E6-77C3B36190FA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{74743E47-8586-462C-B487-515B182F63F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{75D2407C-F6DA-4D39-960B-D684F59434C8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7700D9EC-B35A-4B1C-80E7-B42B33611BCA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{77688CDA-E824-4D81-8C04-33DC29AF0D0C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{77A0D264-1058-486B-B23F-1268D56B37E1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{77AA6642-BC8A-4617-80FA-FAF2ED347BF4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7ACB9C97-7B95-4347-A59A-F8C231FAE64A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7B1897CE-80A7-4DF0-B52B-9DB4F24DABE9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7B9AD88C-252E-4E95-87C5-DD8461BBCE51}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7C7FACCD-B935-409A-BF00-E1D448F86B3F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7D0146C5-5591-430C-8930-53E80647FA44}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7E4E5302-3AA9-4D21-A208-CAE96C584A4D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7ECF85A4-9B31-4802-8652-2E181A294FD0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7F4F1923-DB91-43FC-BE4E-AFF661D65368}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7FB83B0C-6F72-496A-99FF-B4AB3ED04474}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{81096088-3C66-48DC-9770-D5180DF4A738}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{818A6D7F-58FE-4B4A-B224-BAF0AA2CCA6D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{819B47B6-F9A4-48D0-859A-C29AF68B953C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{81D983E5-CD78-467E-A0B6-10C5D88E1F03}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{82E3E36E-B54E-4263-88C3-EF187CDB952A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{83137359-ED09-4A5E-9AF6-B771A7AD4F8B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{842F5D45-1658-42A2-84CE-176F4C781462}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{857C931D-514F-485C-A481-397F24CCEE1B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{85B0D016-64B9-4476-8C47-64CD82571FC1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{85E3EE37-45F8-4FC3-86F5-3DE2DDF9C4D4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{86E8DF8A-9C66-4542-A1D1-CC03FDF80D0D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8765EC0F-80E2-4B82-B538-C3064BB200E5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{883DC135-0CA2-4795-B81D-0C35DC839030}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8A267D6E-1DFC-4C88-A750-FE97D6877F71}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8B77CEBA-CAB0-419B-9665-CEA0E2A43A00}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8BBFF3E1-69D2-4166-BB99-DF37EEA78FAB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8CD2B16A-03A0-4E08-8BF6-FC3BD36A5809}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8CFF331A-7C2E-4E8C-A241-F554A023B6EA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8D0CC8CA-B9CE-46F6-923F-3FF43579432D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8D20314B-DD35-40CD-A8E0-40A3561C508E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8EC8819D-7042-4BB2-8C86-88AB4DF95F0D}" = protocol=17 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
"{8F17C201-8933-4229-863E-CDD3D079CC28}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8F558EE1-E4D3-407F-B303-22DCA7257D09}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9175A777-B583-4445-BDD4-DA8D3AE8A0D2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{920FEC21-37F6-45AF-8B0C-E43E4840CDBC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9280B9A2-F8E0-4F46-B3AB-DE18AEB20BB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{933B0987-7883-4BC5-9F20-41C759F2935F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{94D1DD60-0909-4DAB-8EA0-9783AE61C259}" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"{95344B02-2BE3-431A-8884-1982DEE390EA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{95811A24-52AA-461F-8F2C-03C0A6523A8F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{95AEACE4-28DB-498D-B78F-BFFBF6AADD15}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{98646511-5272-485A-A1BB-F206FEE87DF1}" = protocol=6 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
"{98FEB621-983C-4C26-92DF-99BD8AB76F2B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{993534FF-1E5D-4E39-87A4-8C1B6087A3E4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{995C0CEE-A9F5-4383-A205-9874B47A6D8E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9988EFBA-36EF-490E-B932-29B643D5BB1E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9CD24638-3FB0-450F-A871-9F05E13D16E2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9D5841E8-35FE-4623-B396-0F89D95E4FF2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9E21B83F-A7D3-47AF-91E6-40736E6AA4C2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9E376699-640E-409F-99F4-AF4F5DE1685C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9E7BBE24-E8F2-449D-9C28-E859E3DFEBAD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9F46AA7A-5758-4BAD-8D5E-A9CA9B11BAA3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9F533E84-E4DF-4232-8C18-B1EB6D7A725C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9F650B5B-9AFF-4832-9AD9-D8DF44E48E4D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9F8434DA-9A13-4A57-ADED-015251EC6BC5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9FBF2E57-BBFC-47CB-BD32-4102BD1B1371}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A2C1C114-6F72-40BA-9ECB-3264A30CD9FD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A2C58988-26DB-43D2-9FC9-15172CB7BCC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A2E222BF-C4FF-46B1-91CD-DF4EFA35BEAE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A467AA15-300A-48DA-B21C-091B18CCC7B8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A568A5C1-BE6B-4C26-BEC7-9B5627308E4F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A5928DF4-E38C-41FB-8252-0FB7AE0D48E5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A63BC50F-2688-481C-A86C-4C32AF3A1866}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A7289295-3E8C-45CF-BD24-DBF53BF08027}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A7651345-42EA-42AF-93E4-A97A6228A046}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A830C32E-F048-415F-A604-C84C28AE8321}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A88E8FC6-0798-4B8C-8BF7-96975C7F91F3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A9E3834A-34EF-4081-8866-9D29C772A134}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A9F7E345-25BD-4B2E-A5D7-79BA08323D1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AAF159EE-B0FA-4923-A44B-C2BA260D4E58}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AB89AD1B-8328-4136-82B6-70E7925D2BDA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AB9C4A7E-06FA-44AD-8949-6EE121B5C4F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{ABCFE1AF-3556-4C67-87CC-B815FC81A905}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AC6B7E6E-85B0-44B7-A973-B88B24827481}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AE330D99-590B-4511-BC3A-010FE299CF24}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AE8A0C35-5C14-48BC-A7E7-1B5C9D6B9188}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B0BB3FAB-4568-4040-BA92-7F63CB204E24}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B10ABB14-5BAB-4F11-AE4F-048EE15700D6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B178548C-B15C-4982-9FCC-D2CAC6A9E7A8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B260C555-56CC-4678-8E31-851F24856657}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B2DF8AD2-73CF-4EB6-81AA-576B801415ED}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B3228B15-D1FA-43DF-AA2D-7CF4A6190E5D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{B370C4AB-C2C1-4501-AFFF-FE63E19626C3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B370FA7E-7FFF-45B3-961C-9F8A862D9F85}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B6BE36AA-3F0F-400C-BEF1-E46AC42778A7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B8C12716-7A82-44D5-AFFF-5AB77F38B4A0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B91D1407-124E-4D83-B51F-BB4AE5733171}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{BBB9FA9B-4F9E-4A7E-B641-2452B31D9D0B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{BBBE6C46-3DD3-44FE-BA6A-FD241F6424BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BBFEB50A-7216-476E-A603-A97A9F1C4A3B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD63A8AD-1915-457F-98C0-83911F35C53D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BD7E7A8B-3E89-4027-9F69-6272B66F9C98}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{BD98E4DE-3F48-41B7-8364-5FBC18A6FE75}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BDBE5EC4-9FCD-4A8A-870C-EC3D61995129}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BE4CA801-1A11-4AAD-8807-2EA8C16FD9EC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BF35A9DF-5A73-49DD-AC68-E3C418EE3F2C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BFC73ADA-1297-4865-9A18-681D8EF4E6C4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C01E57F9-C92F-4D3F-B5EB-E2B72D4CA9A3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C0E6B5C3-F9B3-43CC-A943-A2ECDB741192}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C1858B66-73E6-4688-89C0-CB72B3BB263D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C1AD1B7E-7121-4260-9546-7311EF44454E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C2073716-2859-43CB-B126-FE918FC4821E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C35DCB56-6316-45AE-A946-122CE6C5D01E}" = protocol=6 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\qqsoftmgrupdater.exe |
"{C4B3E1E7-38A5-4A79-8AE1-7C89201A44D1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C524228D-B9F7-4C20-9DCB-378378726A8C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C526D281-591C-4997-B2C9-3F3DCBF42242}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C5A060AA-202F-4D53-BAD9-B2152E1A6E7C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C5C26B91-B804-4E91-8F13-3E4FCF4FACAD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C5E82ABE-09DF-41A3-AF84-03B043CD7789}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C785316D-0238-4A5D-A293-B15023F4E729}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C7970574-5D27-4B73-97FF-8E0F8EDD7854}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C86A2DB3-D6ED-4CFC-BBCA-435188D1E7CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C8827141-9202-4686-8AC2-1A1B63AA7B59}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C9099DAE-2158-4078-BEEC-87E39F6DE200}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C93849E3-A523-4E83-BC48-DFB4B6A1409E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C9AF1EA6-2E58-4B07-BBB0-D39AE5918EA9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C9D6D1F6-FF96-4AA0-B2C1-DA20A321771A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CD87975E-8D00-49C5-AE41-D233BF1B33C7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CE5301BF-BDA0-4E11-9449-83A37FDCC979}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CF1B4A5B-4F27-47E3-B6DD-0253BFA2E3E4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CF69F2E1-54E6-4087-A5FB-E3988C96632B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D058F029-D8C8-4691-BE99-21932A1CD960}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D068E654-92B8-4207-A255-66478810A135}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D0B6A46E-5C7D-43D6-96EB-280A495BAE2D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D16173F7-ED0D-4474-80CA-415837869DE2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D16C827B-FBC0-4C63-BDA5-783BB5210D1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D1A52D3A-397E-4FFC-B3D2-D1C80BB3A182}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D1B609A4-A4D4-4F14-A955-B0DE743BB8CA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D1E1B41A-5D34-48E2-8974-780029559885}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D23A7C42-2C5D-4AB5-B7A2-F277A4614B7E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D25C440B-1EC4-43FC-8988-C273E79F9272}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D27A5D49-8303-4F00-AFEE-9D0F27BDFEB3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D29AC2E4-1745-4B3B-B076-94C20B8324B4}" = protocol=17 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\qqsoftmgrupdater.exe |
"{D2F52A43-3648-4D5C-92F8-DFDA5F86C5ED}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D446F7E7-BE97-4CF3-BA8A-4085C60690D4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D49A85DE-2869-42B2-ABDA-074ABEFFF16D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D4A5E4EE-F6A0-4330-907F-0A1A67780722}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D4D2BE27-41F1-4BFE-834D-1BC072321136}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D4EC5A08-CAF0-4878-B6D5-B02503D15CE3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D51AFFF6-A33A-4B7A-B533-95BF9C545B22}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D5E3A9D1-4F18-4EAF-B9A2-7B31BCF5B781}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D6330EB4-1860-4EE2-8895-0652133C8FCE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D70CE105-2697-4326-B143-DF7C174BF715}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D778C189-7B1C-4F2D-B418-94F06E80B545}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D7BA6CDB-823C-45BB-8487-91CBA0E260F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D82005E6-E156-4DA8-9655-EDF0196F8561}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D9CB6B22-27FB-4291-B87F-50E40A5352CB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D9EC6599-BE76-44B8-955B-59E432B9E648}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DAAE698C-8D2C-40F4-BAB4-654B36FD4C0D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DC2CCC4C-8697-484D-A05C-1678D67B19B1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DD5A6957-D696-4DDF-B2F7-795AEB8D762F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DE70A934-3996-4ED9-9C49-038523647EE4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DE953E8D-DCD1-4379-8706-535FC45D150B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DF1F22C7-CC56-4910-B91E-978341C2BEFA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E06122A7-8483-4D34-A89E-D30C7D2C735A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E185E7EF-7B08-4631-848D-380506261285}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E4398A20-D453-431A-B124-55CBF849A2A2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E44A6B0B-CC49-4378-8B04-3E79A674AED2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E62B77E4-7ED4-41D6-8051-036FAE78DB6D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E666B360-96BB-42A1-9270-A69D148E50EB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E66AA56D-3037-41BF-898B-835D60FD9DD4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E699AE05-492E-42AD-BB9D-C258B0B674C8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E7724887-76E8-4824-8CC6-371BAEFC695B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EA039567-FF59-4721-A2DD-95E6D7796339}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EA3EB2CF-163D-4DC4-8268-332E24AA2889}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{ECC03A9E-9F20-460F-93AD-12D33615385B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{ECF9A178-4563-44FB-AC09-940B6FC77EA3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{ED1BA5D9-4423-46EC-B639-93A8CA3F46B1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{ED427D94-F23E-4531-A7B0-C56854696B21}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{EECFBFD1-718D-4507-BBB9-27D48D24E0DE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{EF0BB2AE-881F-479C-A1F2-D8844399A675}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{EF343BFD-9139-4CD6-A9EE-EE2C29DC27CD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{EF6DFF27-BCF5-47DE-B81A-728567277AEA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EFA96813-FAEC-4418-BFD8-3BE047923969}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F0789944-BB8D-4BDC-9DF8-B475743F2EB9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F07EB833-956A-4D78-AC31-7AABF99ADEDE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F1E557F2-6F7D-4888-933E-F3008CC50CC0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F20AEB48-60B0-41B7-ABEC-95B36AF45AA2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F248DA08-4E25-41E3-A09F-392BD3EF28AF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F38FA306-3C0B-4DD5-AA54-35ED4F2B09B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F469739A-0626-4B70-AC09-EAAFAB2CCC6F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F5BBA0C2-C612-41CA-8E3B-DED575113B95}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F5DF6B03-785C-467C-BD70-EEAD78755BE7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F619886A-98E9-4AF1-BE04-2EE5DCA6DE61}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F62F462C-7485-449A-ABCA-ECFF904D7D88}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F63E9A3A-3346-46AD-B3B1-43DDB164E300}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F6760620-5496-4ED7-8897-E49B79C68F64}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F6B84ACB-9A20-485B-B8D8-67D02CB30C96}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F724D047-4056-4931-84F7-7F941A9CE242}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F8099528-374C-4AF3-95CB-8CFF2DB7CB7F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F8FA9E7E-D3AA-4908-B77F-C471C6D5F628}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F8FEEAA7-11F0-4B28-97D0-3A53AEC80900}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F9BE43BA-574D-46FE-A818-433BA724919C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FAD7F4D2-DEAF-4C63-8867-F2597425DEF2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FB3785BC-62D5-454B-A62A-DF984BA26E4B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FC2F0004-F1A1-4224-850C-803171869675}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDFF4645-2C43-42EA-B6A7-A8163759E898}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FE31702E-A898-47D8-8223-33A231FCD7C6}" = protocol=17 | dir=in | app=c:\users\a & w\desktop\steam\steam.exe |
"{FE5315AF-891D-4A76-9099-4498B74F7542}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"TCP Query User{02596F9C-1B6B-44FB-AA0F-6C932542C8E3}C:\program files\live-player\live-player.exe" = protocol=6 | dir=in | app=c:\program files\live-player\live-player.exe |
"TCP Query User{053C97DF-FC89-47FB-B064-F10F682819DF}C:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe" = protocol=6 | dir=in | app=c:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe |
"TCP Query User{1D784C74-1F19-450D-844F-B9EFD0913F7D}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"TCP Query User{2587E273-D986-4DD1-B68F-18B71EA2459B}C:\program files\poivy.com\poivy\poivy.exe" = protocol=6 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
"TCP Query User{2D60F881-1816-4E39-942D-72386FC04491}C:\program files\tencent\qq\plugin\com.tencent.qqmusic\bin\qqmusic\qzonemusic.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq\plugin\com.tencent.qqmusic\bin\qqmusic\qzonemusic.exe |
"TCP Query User{2E2528FD-A5F6-4146-802B-30E4EA18C460}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{355F749A-3F0D-45C4-82B6-FDDE95C8E923}C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
"TCP Query User{3FBF130C-7E71-46A0-AF7F-120F69E9DAAD}C:\users\guest\desktop\age of empires 2\empires2.exe" = protocol=6 | dir=in | app=c:\users\guest\desktop\age of empires 2\empires2.exe |
"TCP Query User{54B98D87-DE76-422E-80A0-F7E1C915CA33}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{5A2F399C-AF12-4327-B1BA-8771CDC37687}C:\users\guest\desktop\age of empires 2\age of empires ii.exe" = protocol=6 | dir=in | app=c:\users\guest\desktop\age of empires 2\age of empires ii.exe |
"TCP Query User{5B143E7C-4C8A-4949-88EA-11654B1342C0}C:\program files\voipzoom.com\voipzoom\voipzoom.exe" = protocol=6 | dir=in | app=c:\program files\voipzoom.com\voipzoom\voipzoom.exe |
"TCP Query User{5E59DFC1-A4CF-4BEE-896B-152156905F51}C:\program files\tencent\qq\bin\auclt.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
"TCP Query User{609014AD-3ABC-49DA-84DA-DDD7C7DFBFB1}C:\program files\tencent\qqmusic\qzonemusic.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic.exe |
"TCP Query User{6739F3C0-F252-4C0E-8507-7D174AA071F6}C:\users\w & a\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\w & a\program files\dna\btdna.exe |
"TCP Query User{6D4F7759-B0F2-464F-AC54-F3B2DCF53234}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{73FB9F53-CC9F-40F6-A7BB-D38B361933F7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7F5A3F74-43C0-4FCC-85CC-1ECFF71F535A}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"TCP Query User{84DB2911-0431-4CDE-B9AF-8F396C2B5862}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{89A0BD82-522A-4B61-BB33-C16584A6E05A}C:\program files\webcalldirect.com\webcalldirect\webcalldirect.exe" = protocol=6 | dir=in | app=c:\program files\webcalldirect.com\webcalldirect\webcalldirect.exe |
"TCP Query User{8C4AB2C5-7896-4FE8-8EF9-AE6203DE015D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8D1EC9A5-E18A-4B16-A3EB-BA675561B7E6}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{9190350E-6C80-4DE5-9484-0784E525141F}C:\users\public\age of empires 2\age of empires ii.exe" = protocol=6 | dir=in | app=c:\users\public\age of empires 2\age of empires ii.exe |
"TCP Query User{AA0E14FA-1A38-41FA-94EB-A5B3ACBBB2D9}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{B4B4DAFB-067F-42F8-B1C4-B62D8949CC37}C:\users\a & w\desktop\amo's docs\age of empires 2\age of empires ii.exe" = protocol=6 | dir=in | app=c:\users\a & w\desktop\amo's docs\age of empires 2\age of empires ii.exe |
"TCP Query User{C2F7F949-F0D8-4534-8AC6-49F4EB43A3B8}C:\program files\tencent\qq\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"TCP Query User{C9393560-5AEB-4DAD-A2C1-D4585EF98D6B}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{CC332964-F818-4619-8B06-ED6FB72F083D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D2673169-DA70-4157-B351-2B6DB701DA2B}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{E1BE98E7-B02C-4C47-977E-41BA67C70288}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{E8FC3FAC-C655-4D05-A5C2-268EC9BFBA5B}C:\program files\voipzoom.com\voipzoom\voipzoom.exe" = protocol=6 | dir=in | app=c:\program files\voipzoom.com\voipzoom\voipzoom.exe |
"TCP Query User{EB3BE5D2-612C-4A07-8B59-5C937DA81B51}C:\program files\the times\revision guides\launcher.exe" = protocol=6 | dir=in | app=c:\program files\the times\revision guides\launcher.exe |
"TCP Query User{EFFA0E7A-8EE6-4DF9-9415-2D6E09638ED8}C:\users\w & a\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\w & a\program files\dna\btdna.exe |
"TCP Query User{EFFAD230-EB69-46D8-B6E0-9C7A1F17FEE1}C:\users\public\age of empires 2\age of empires ii.exe" = protocol=6 | dir=in | app=c:\users\public\age of empires 2\age of empires ii.exe |
"TCP Query User{FAEC36A8-CF67-49A3-8C41-953CAA079ADC}C:\program files\thunder network\thunder\program\thunder5.exe" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunder5.exe |
"UDP Query User{0A120F25-CAC9-49F0-8751-CE70C28BFEC9}C:\users\w & a\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\w & a\program files\dna\btdna.exe |
"UDP Query User{0CB643DC-E31E-4A2D-AF6C-BF19C498B118}C:\program files\thunder network\thunder\program\thunder5.exe" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunder5.exe |
"UDP Query User{0EAE0D68-7FB1-4B1A-8662-C7B65071EB73}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{136886C2-B569-436C-B539-195A16479A83}C:\users\w & a\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\w & a\program files\dna\btdna.exe |
"UDP Query User{1C63BB3C-12E1-4791-B1AB-A82F37E41585}C:\program files\tencent\qqmusic\qzonemusic.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic.exe |
"UDP Query User{227D4685-214A-4B3F-B2E8-ED681535765B}C:\program files\tencent\qq\plugin\com.tencent.qqmusic\bin\qqmusic\qzonemusic.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq\plugin\com.tencent.qqmusic\bin\qqmusic\qzonemusic.exe |
"UDP Query User{2C685664-7EE0-49A0-9166-D09A2A893A70}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{2D8E7DFB-25B2-4326-B479-C83E148CF17C}C:\program files\live-player\live-player.exe" = protocol=17 | dir=in | app=c:\program files\live-player\live-player.exe |
"UDP Query User{305E93F6-5DD9-4729-9B53-BDF0D875F2D9}C:\users\guest\desktop\age of empires 2\age of empires ii.exe" = protocol=17 | dir=in | app=c:\users\guest\desktop\age of empires 2\age of empires ii.exe |
"UDP Query User{3CE152B8-D835-4751-846D-F146E09ADEF8}C:\program files\voipzoom.com\voipzoom\voipzoom.exe" = protocol=17 | dir=in | app=c:\program files\voipzoom.com\voipzoom\voipzoom.exe |
"UDP Query User{46834913-9216-4E1A-BFD2-61FF517FBAEF}C:\users\a & w\desktop\amo's docs\age of empires 2\age of empires ii.exe" = protocol=17 | dir=in | app=c:\users\a & w\desktop\amo's docs\age of empires 2\age of empires ii.exe |
"UDP Query User{526AF228-0F4A-4808-9367-6A4B7282A442}C:\program files\webcalldirect.com\webcalldirect\webcalldirect.exe" = protocol=17 | dir=in | app=c:\program files\webcalldirect.com\webcalldirect\webcalldirect.exe |
"UDP Query User{636AFCCE-6174-4FF8-9D6B-7787BBB47AC5}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{65230B56-B3F2-4CBC-8776-32BDC4612EAD}C:\program files\voipzoom.com\voipzoom\voipzoom.exe" = protocol=17 | dir=in | app=c:\program files\voipzoom.com\voipzoom\voipzoom.exe |
"UDP Query User{66B4B367-1CE3-413C-A9EA-998F7B2561C3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6FB59452-F76B-4FCF-9074-41C8DB955604}C:\program files\tencent\qq\bin\auclt.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
"UDP Query User{7D4CEE20-F313-467E-A204-5C53EB2F1562}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8CC31F8E-04F0-4FF9-BAB6-F54774B5ED36}C:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe" = protocol=17 | dir=in | app=c:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe |
"UDP Query User{90F30A77-10D1-4B01-8851-5D8946C1ED56}C:\users\public\age of empires 2\age of empires ii.exe" = protocol=17 | dir=in | app=c:\users\public\age of empires 2\age of empires ii.exe |
"UDP Query User{9419A546-FB84-4D8A-80EA-EA0D73F19442}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{97D0E45A-F2B5-46E0-82D3-02742EDFF11B}C:\program files\poivy.com\poivy\poivy.exe" = protocol=17 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
"UDP Query User{9FA5209E-B26C-4931-A5EF-D86891D58D50}C:\users\guest\desktop\age of empires 2\empires2.exe" = protocol=17 | dir=in | app=c:\users\guest\desktop\age of empires 2\empires2.exe |
"UDP Query User{A80E455F-CC38-4DBE-BAB1-E017C7A99F75}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A9E0B5C6-9634-4E67-9F6C-7CE0877B3C55}C:\program files\tencent\qq\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"UDP Query User{AB5073B3-CFD7-425D-8F4B-5D8F8FACB8D0}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{B4F79068-68B5-4DF9-B7FE-111E3DAED1D0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{BFA987F3-D574-4FC2-AEED-924186F36EA9}C:\users\public\age of empires 2\age of empires ii.exe" = protocol=17 | dir=in | app=c:\users\public\age of empires 2\age of empires ii.exe |
"UDP Query User{C083F2DB-2487-4AF4-A48B-2F513524EAE8}C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
"UDP Query User{CC61B2AC-E2A2-489D-BB45-F7F772688A94}C:\program files\the times\revision guides\launcher.exe" = protocol=17 | dir=in | app=c:\program files\the times\revision guides\launcher.exe |
"UDP Query User{D029D2B9-7591-48E7-93A9-06DD7B3D8B39}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"UDP Query User{D8C9F260-C875-4261-B319-D48B528A9108}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{DF0F9B1D-1401-414E-A6DF-718F46FE504D}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"UDP Query User{E2C4C339-B9DA-434C-89C5-344D6B176EF4}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00CD9341-46BF-C386-1D4C-4D980B615549}" = Catalyst Control Center Localization Chinese Standard
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 腾讯QQ2010
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F81061C-661C-D357-F79C-31B1D78609F9}" = Catalyst Control Center Localization Spanish
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16CD4E04-BBD5-47DC-978D-C3A65B5DD00C}" = Motorola Phone Tools
"{170715E4-3235-8999-C05D-54156AC3F163}" = CCC Help German
"{174C89F3-EBA7-17AB-2FCA-82AE6AF7C8C5}" = CCC Help Japanese
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D9C9979-7B3D-0EBA-06B5-1A648DE8ECFC}" = Skins
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250AD9EB-E6A4-FEE1-AAAF-66EB69E96060}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{2B64ACEB-703E-6D90-5CBE-140B9A66C85B}" = Catalyst Control Center Localization Portuguese
"{2CADE3B6-6B69-2050-7B7C-2E6BB1183458}" = Catalyst Control Center Localization Thai
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{304B576D-A16E-4983-A5E5-53E40806DFB5}" = STOPzilla
"{30C042F8-B207-313E-F932-3599ADF24651}" = CCC Help Korean
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3AE375B7-4C1A-8954-D87B-126990CA06ED}" = Catalyst Control Center Localization Turkish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42DB15D5-DAAD-A187-252F-80B669BFC970}" = CCC Help Turkish
"{44F70E24-C55E-4C6E-29F1-573C03BDFB9D}" = CCC Help Chinese Traditional
"{4517895C-2CCB-9CA7-D24A-E74559551426}" = Catalyst Control Center Localization Chinese Traditional
"{49041980-E77D-DCAD-8365-F22688D3A8AE}" = Catalyst Control Center Localization Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{569F35EF-9A3E-7EA6-3817-01F7A142E608}" = CCC Help Thai
"{57E08EAC-F4FA-E453-6516-CA4D8AF4BD6D}" = CCC Help English
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{5D9748ED-2EC3-E694-68E7-14AE077AA686}" = Catalyst Control Center Core Implementation
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6FC963A4-D7C2-743E-4634-0BE6893D2D30}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7484FF63-DFD5-4703-5D5A-7B197CBC6AF7}" = CCC Help Hungarian
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79D4609A-AE25-B8CA-9FD2-9DC5A919414E}" = ccc-core-static
"{7C977DE7-EC85-46E1-A7D9-52C04EB52AE6}" = S2 Mobile Modem
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F19855D-DB03-2435-858D-8CD809994A3F}" = Catalyst Control Center Localization Korean
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8958DFF1-3103-8A70-9108-40D7D359D8C6}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E3A5EA8-DE6D-9333-0DB4-55FB9B6EED46}" = CCC Help Chinese Standard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90CA0C98-4E23-8B12-29EC-FCEB49983E7E}" = Catalyst Control Center Localization Japanese
"{919955B0-50EB-45DD-9165-C3BCFBF6B2D1}" = S2 PCSync
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A57F3E7-F32D-FD92-124C-B9C9D7231C20}" = Catalyst Control Center Graphics Light
"{9B97F3A0-993F-4453-BCA8-E0DAFBE57845}" = Pass! with BSM
"{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BB22EB20-70C4-32D9-CAE5-816E24F458CA}" = Catalyst Control Center Graphics Full Existing
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0FB18FC-326C-4D1F-B72B-8C68BC862C9A}" = UKCAT Practice Tests
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C3A0F1A3-7AD3-F7E3-D81A-0A5EC68F0397}" = Catalyst Control Center Localization Polish
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD65BFB7-291F-9D67-760B-4FD16337FCB9}" = CCC Help Italian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB98F489-0D1B-0244-2B95-24F4C9D6A5BD}" = CCC Help Spanish
"{DC0D3295-0697-808C-4F1F-44E58330C3E8}" = Catalyst Control Center Localization German
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E79066AE-9AF1-9C3C-6F3A-95BC4A3C3E33}" = Catalyst Control Center Graphics Previews Common
"{E87B8271-8225-31ED-95BE-0C7DB1813F7C}" = CCC Help French
"{E87FE5BA-2E1B-A6F2-F40E-9D6865ADF886}" = Catalyst Control Center Localization French
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18E39EE-5306-6765-9EE3-CD3ECFE9678F}" = Catalyst Control Center Graphics Previews Vista
"{F318B83E-27E2-2EFF-12EE-667C02A062D9}" = CCC Help Portuguese
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDBE9CF-CFB4-2260-8F84-09B6F7FD9A87}" = Catalyst Control Center Localization Italian
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Presenter 7" = Adobe Presenter 7
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"Ask Toolbar_is1" = Ask Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DivX Setup.divx.com" = DivX Setup
"Football Manager 2008" = Football Manager 2008
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.5 Full
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NJStar Chinese WP" = NJStar Chinese WP
"Pdf995" = Pdf995
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"QQSoftMgr" = QQ软件管理1.0 Beta3
"Rapport_msi" = Rapport
"RealPlayer 6.0" = RealPlayer
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tencent Browser Helper" = SOSO AddressBar Search
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.0
"VoipDiscount_is1" = VoipDiscount
"VoipZoom_is1" = VoipZoom
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/11/2009 10:21:39 | Computer Name = WeznAmo-PC | Source = RasClient | ID = 20227
Description =

Error - 05/11/2009 19:38:41 | Computer Name = WeznAmo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05/11/2009 20:06:20 | Computer Name = WeznAmo-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
exception code 0xc0000005, fault offset 0x001455e5, process id 0x1778, application
start time 0x01ca5e7430e56418.

Error - 05/11/2009 20:06:30 | Computer Name = WeznAmo-PC | Source = MsiInstaller | ID = 11730
Description =

Error - 05/11/2009 20:06:30 | Computer Name = WeznAmo-PC | Source = MsiInstaller | ID = 11730
Description =

Error - 06/11/2009 18:44:08 | Computer Name = WeznAmo-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00041e57, process id 0xc, application
start time 0x01ca5f32a4a8ea42.

Error - 06/11/2009 20:40:22 | Computer Name = WeznAmo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07/11/2009 07:37:37 | Computer Name = WeznAmo-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
exception code 0xc0000005, fault offset 0x0012bea9, process id 0x1a78, application
start time 0x01ca5f9eafc92534.

Error - 07/11/2009 10:03:21 | Computer Name = WeznAmo-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
exception code 0xc0000005, fault offset 0x0012bea9, process id 0x1688, application
start time 0x01ca5faa2b94b3c0.

Error - 07/11/2009 15:59:04 | Computer Name = WeznAmo-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
exception code 0xc0000005, fault offset 0x0012bea9, process id 0xe88, application
start time 0x01ca5fe3f4291f39.

[ Media Center Events ]
Error - 06/12/2008 15:12:27 | Computer Name = WeznAmo-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 15/08/2009 07:45:03 | Computer Name = WeznAmo-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 16/12/2009 15:01:29 | Computer Name = WeznAmo-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 14/12/2010 14:11:16 | Computer Name = WeznAmo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 15/12/2010 09:10:59 | Computer Name = WeznAmo-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/12/2010 09:10:59 | Computer Name = WeznAmo-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/12/2010 09:10:59 | Computer Name = WeznAmo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 15/12/2010 09:35:24 | Computer Name = WeznAmo-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/12/2010 09:35:24 | Computer Name = WeznAmo-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/12/2010 09:35:24 | Computer Name = WeznAmo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 15/12/2010 12:44:36 | Computer Name = WeznAmo-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/12/2010 12:44:36 | Computer Name = WeznAmo-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/12/2010 12:44:36 | Computer Name = WeznAmo-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 AM

Posted 15 December 2010 - 07:47 PM

AVG is still in the logs I see.


The Ask toolbar is not recommended. This toolbar enhances internet browsing and provides a direct link to the "ask.com" search engine. This program is not known to be bundled with spyware - The company strongly denies the toolbar as being malware.

Please read why it might be good to remove it here.

If you choose to remove it then follow the instructions below.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick (or right-click, if you are using Vista) the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":



AskBarDis



Additional instructions can be found here if needed.


Now open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [PoivY] C:\Program Files\PoivY.com\PoivY\PoivY.exe File not found
[2010/12/15 17:01:02 | 000,000,256 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/12/15 16:43:11 | 000,000,318 | -HS- | M] () -- C:\Windows\Tasks\APRCN.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#15 amo1000

amo1000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 16 December 2010 - 05:36 PM

Couldn't find any "AskBarDis" program, but i removed "Ask Toolbar" if that's helpful at all.

Here's the OTL log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PoivY deleted successfully.
C:\Windows\System32\drivers\kgpcpy.cfg moved successfully.
C:\Windows\Tasks\APRCN.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.17.3 log created on 12162010_223456

Running MBAM at the moment.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users