Antispyware software alert

Hello,

I'm running vista 64 bit. I got this virus, keep getting pop ups to purchase this antivirus software. My internet explorer has stopped working aswell. I can't open anything, keep getting a security warning " application cannot be execued. The file is infected do you want to activate your antivirus software now". I looks dodgy as the price is in dollars. I tried downloading malwarebytes, stopzilla & spyware doctor but I can't run the programs because this virus doesn't let me open anything. I can't even get into my restore point just doesn't open. The only thing that works is explorer in firefox mode. Can anyone help?

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

It let me run malwarebytes in safe mode last night. It took about an hour to scan my machine, the pop ups have stoped. It removed about 11 trojans & stuff. However my internet explorer still isn't working? it fine if I use firefox but not explorer? can you help?

here are two files you asked for:
OTS.txt
[code]
OTS logfile created on: 19/05/2010 19:40:43 - Run 3
OTS by OldTimer - Version 3.1.31.0 Folder = C:\Users\Ans\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 186.38 Gb Free Space | 40.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ICEMAN
Current User Name: Ans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Ans\Desktop\OTS.exe -> [2010/05/18 22:03:32 | 000,640,000 | ---- | M] (OldTimer Tools)
pctsauxs.exe -> C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -> [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools)
pctstray.exe -> C:\Program Files (x86)\Spyware Doctor\pctsTray.exe -> [2010/03/09 08:40:26 | 001,286,608 | ---- | M] (PC Tools)
realsched.exe -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe -> [2010/03/06 22:15:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.)
ssscheduler.exe -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe -> [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.)
googlequicksearchbox.exe -> C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe -> [2009/12/11 21:45:19 | 000,122,880 | ---- | M] (Google Inc.)
firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2009/12/02 15:20:19 | 000,908,248 | ---- | M] (Mozilla Corporation)
mcagent.exe -> c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
msksrver.exe -> C:\Program Files (x86)\McAfee\MSK\msksrver.exe -> [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
ieuser.exe -> C:\Program Files (x86)\Internet Explorer\ieuser.exe -> [2009/04/11 07:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation)
googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008/08/20 23:42:21 | 000,039,408 | ---- | M] (Google Inc.)
tbpanel.exe -> C:\Program Files (x86)\VDOTool\TBPANEL.exe -> [2008/06/04 11:37:52 | 002,157,096 | ---- | M] (Palit Microsystems, Inc.)
affinegyservice.exe -> C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe -> [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.)
spuvolumewatcher.exe -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe -> [2007/11/27 19:13:44 | 000,385,024 | ---- | M] (Sony Corporation)
mvraidsvc.exe -> C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe -> [2007/06/12 19:54:12 | 000,061,440 | ---- | M] ()
apache.exe -> C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe -> [2007/05/23 01:17:02 | 000,020,539 | ---- | M] (Apache Software Foundation)
ctcmsgou.exe -> C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe -> [2006/11/09 10:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd)

[Modules - Safe List]
ots.exe -> C:\Users\Ans\Desktop\OTS.exe -> [2010/05/18 22:03:32 | 000,640,000 | ---- | M] (OldTimer Tools)
wininet.dll -> C:\Windows\SysWOW64\wininet.dll -> [2010/03/09 16:42:17 | 000,834,048 | ---- | M] (Microsoft Corporation)
sahook.dll -> c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll -> [2009/12/23 17:11:18 | 000,015,056 | ---- | M] (McAfee, Inc.)
comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/04/11 07:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2008/01/21 03:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation)
normaliz.dll -> C:\Windows\SysWOW64\normaliz.dll -> [2006/11/02 09:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
64bit-(FontCache) [On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009/09/25 02:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation)
64bit-(McODS) [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,696,848 | ---- | M] (McAfee, Inc.)
64bit-(McShield) [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:15:32 | 000,155,456 | ---- | M] (McAfee, Inc.)
64bit-(UmRdpService) [On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2009/04/11 08:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation)
64bit-(CscService) [Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2009/04/11 08:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation)
64bit-(BthServ) [Auto | Running] -> C:\Windows\SysNative\bthserv.dll -> [2009/04/11 08:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation)
64bit-(wbengine) [On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2009/04/11 08:11:04 | 001,149,440 | ---- | M] (Microsoft Corporation)
64bit-(AppMgmt) [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2008/01/21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation)
64bit-(Fax) [On_Demand | Stopped] -> C:\Windows\SysNative\fxssvc.exe -> [2008/01/21 03:47:07 | 000,689,152 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/21 03:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation)
(sdAuxService) PC Tools Auxiliary Service [Auto | Running] -> C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -> [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools)
(McComponentHostService) McAfee Security Scan Component Host Service [On_Demand | Stopped] -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -> [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/23 16:57:18 | 000,110,312 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
(fsssvc) Windows Live Family Safety Service [On_Demand | Stopped] -> C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -> [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation)
(mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
(MSK80Service) McAfee Anti-Spam Service [Auto | Running] -> C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -> [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
(ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -> [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/03/30 05:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation)
(AffinegyService) AffinegyService [Auto | Running] -> C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe -> [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.)
(Marvell RAID) Marvell RAID Event Agent [Auto | Running] -> C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe -> [2007/06/12 19:54:12 | 000,061,440 | ---- | M] ()
(MRUWebService) MRU Web Service [Auto | Running] -> C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe -> [2007/05/23 01:17:02 | 000,020,539 | ---- | M] (Apache Software Foundation)
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2006/11/02 14:34:14 | 000,000,000 | ---D | M]
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 07:35:15 | 000,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 07:35:15 | 000,055,846 | ---- | M] ()

[Driver Services - Safe List]
64bit-(PCTCore) PCTools KDS [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\PCTCore64.sys -> [2010/03/29 10:06:06 | 000,233,488 | ---- | M] (PC Tools)
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation)
64bit-(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mfehidk.sys -> [2009/09/16 10:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.)
64bit-(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfeavfk.sys -> [2009/09/16 10:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.)
64bit-(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfesmfk.sys -> [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.)
64bit-(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mferkdk.sys -> [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.)
64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\fssfltr.sys -> [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation)
64bit-(fvevol) BitLocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\fvevol.sys -> [2009/04/11 08:15:30 | 000,160,744 | ---- | M] (Microsoft Corporation)
64bit-(BTHPORT) Bluetooth Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\BTHport.sys -> [2009/04/11 06:40:06 | 000,694,272 | ---- | M] (Microsoft Corporation)
64bit-(RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\rfcomm.sys -> [2009/04/11 06:39:57 | 000,178,176 | ---- | M] (Microsoft Corporation)
64bit-(BthEnum) Bluetooth Enumerator Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\BthEnum.sys -> [2009/04/11 06:39:55 | 000,026,112 | ---- | M] (Microsoft Corporation)
64bit-(BTHUSB) Bluetooth Radio USB Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\BTHUSB.sys -> [2009/04/11 06:39:53 | 000,034,816 | ---- | M] (Microsoft Corporation)
64bit-(usbser) USB Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbser.sys -> [2009/04/11 06:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation)
64bit-(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\csc.sys -> [2009/04/11 05:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation)
64bit-(MPFP) MPFP [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\Mpfp.sys -> [2009/04/09 14:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.)
64bit-(UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -> [2009/02/09 08:38:44 | 000,008,192 | ---- | M] (Nokia)
64bit-(nmwcdx64) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ccdcmbx64.sys -> [2009/02/09 08:38:34 | 000,018,944 | ---- | M] (Nokia)
64bit-(upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -> [2009/02/09 08:38:34 | 000,008,192 | ---- | M] (Nokia)
64bit-(nmwcdcx64) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ccdcmbox64.sys -> [2009/02/09 08:38:32 | 000,025,088 | ---- | M] (Nokia)
64bit-(ENTECH64) ENTECH64 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\ENTECH64.sys -> [2008/09/17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan)
64bit-(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -> [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia)
64bit-(BthAvrcp) Bluetooth AVRCP Profile [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\BthAvrcp.sys -> [2008/07/10 19:20:16 | 000,021,504 | ---- | M] (CSR, plc)
64bit-(716xBDA) 716xBDA service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\716xBDA.sys -> [2008/03/11 18:57:34 | 001,226,112 | ---- | M] (DTV-DVB)
64bit-(BthPan) Bluetooth Device (Personal Area Network) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\bthpan.sys -> [2008/01/21 03:46:10 | 000,115,712 | ---- | M] (Microsoft Corporation)
64bit-(AtcL001) NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\l160x64.sys -> [2007/12/17 20:32:00 | 000,056,832 | ---- | M] (Atheros Communications, Inc.)
64bit-(P17) SB Live! 24-bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\P17.sys -> [2007/11/16 11:11:08 | 001,276,928 | ---- | M] (Creative Technology Ltd.)
64bit-(716xHID) 716xHID - PCIe HID Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\716xHID.sys -> [2007/08/10 17:11:54 | 000,021,504 | ---- | M] (DTV-DVB)
64bit-(mv61xx) mv61xx [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\mv61xx.sys -> [2007/06/15 08:52:26 | 000,163,736 | ---- | M] (Marvell Semiconductor, Inc.)
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/02 06:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
64bit-(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\ASACPI.sys -> [2006/11/01 08:23:42 | 000,015,680 | ---- | M] ()
(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\CSC -> [2008/08/20 21:15:31 | 000,000,000 | ---D | M]
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 22:36:40 | 000,003,066 | ---- | M] ()
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 22:35:23 | 000,001,088 | ---- | M] ()

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{7c5c0f58-e061-457d-9033-77307f5ed00c}" [HKLM] -> C:\Program Files (x86)\TorrentMan\tbTor1.dll [TorrentMan Toolbar] -> File not found
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://google.com/ ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
64bit-HKEY_CURRENT_USER\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/12/23 16:59:04 | 000,305,000 | ---- | M] (McAfee, Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/12/23 16:59:04 | 000,251,416 | ---- | M] (McAfee, Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{7c5c0f58-e061-457d-9033-77307f5ed00c}" [HKLM] -> C:\Program Files (x86)\TorrentMan\tbTor1.dll [TorrentMan Toolbar] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 1 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> ->
HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:5555 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Ans\AppData\Roaming\Mozilla\FireFox\Profiles\vm2xwwws.default\prefs.js ->
browser.search.defaultenginename -> "Live Search" ->
browser.search.defaulturl -> "http://search.live.com/results.aspx?FORM=IEFM1&q=" ->
browser.search.selectedEngine -> "Live Search" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://go.microsoft.com/fwlink/?LinkId=69157" ->
extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1 ->
extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 ->
extensions.enabledItems -> {7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.39.0 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 ->
keyword.URL -> "http://search.live.com/results.aspx?FORM=IEFM1&q=" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c} -> C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [C:\PROGRAMDATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C}] -> [2009/12/10 00:34:43 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files (x86)\McAfee\SiteAdvisor [C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR] -> [2010/04/21 19:33:14 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com -> C:\PROGRAM FILES (X86)\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [C:\PROGRAM FILES (X86)\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\] -> [2009/06/20 21:00:18 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\Program Files (x86)\Real\RealPlayer\browserrecord [C:\PROGRAM FILES (X86)\REAL\REALPLAYER\BROWSERRECORD] -> [2010/03/06 22:16:12 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/06 22:16:05 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/03/16 19:59:20 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Ans\AppData\Roaming\mozilla\Extensions -> [2009/02/16 22:51:09 | 000,000,000 | ---D | M]
-> C:\Users\Ans\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org -> [2009/02/16 22:51:09 | 000,000,000 | ---D | M]
-> C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions -> [2010/05/18 20:53:07 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/08/31 10:56:01 | 000,000,000 | ---D | M]
Google Toolbar for Firefox -> C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2010/05/18 20:53:07 | 000,000,000 | ---D | M]
WOT -> C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2009/12/29 20:40:56 | 000,000,000 | ---D | M]
DownloadHelper -> C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2009/12/29 20:41:57 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
bing.xml -> C:\Users\Ans\AppData\Roaming\Mozilla\FireFox\Profiles\vm2xwwws.default\searchplugins\bing.xml -> [2009/08/31 10:55:29 | 000,001,957 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/03/30 21:59:44 | 000,000,000 | ---D | M]
TorrentMan Toolbar -> C:\Program Files (x86)\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c} -> [2008/11/26 20:38:13 | 000,000,000 | ---D | M]
-> C:\Program Files (x86)\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com -> [2008/08/20 23:42:43 | 000,000,000 | ---D | M]
< HOSTS File > ([2006/09/18 22:37:24 | 000,000,761 | ---- | M] - 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll [McAfee Phishing Filter] -> [2009/07/08 14:48:48 | 000,337,424 | ---- | M] ()
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2009/08/05 23:24:16 | 000,132,448 | ---- | M] (Microsoft Corporation)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 10:15:38 | 000,060,224 | ---- | M] (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2010/03/06 21:20:14 | 000,373,872 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll [Google Toolbar Notifier BHO] -> [2010/03/06 21:22:14 | 000,319,984 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/12/23 16:59:04 | 000,305,000 | ---- | M] (McAfee, Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files (x86)\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2009/07/08 14:48:48 | 000,246,800 | ---- | M] ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2010/03/06 22:16:11 | 000,312,928 | ---- | M] (RealPlayer)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll [BitComet Helper] -> [2009/01/16 10:02:24 | 000,656,696 | ---- | M] (BitComet)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{7c5c0f58-e061-457d-9033-77307f5ed00c} [HKLM] -> C:\Program Files (x86)\TorrentMan\tbTor1.dll [TorrentMan Toolbar] -> File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 10:22:16 | 000,062,784 | ---- | M] (McAfee, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 16:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/03/06 21:20:09 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/03/06 21:22:14 | 000,812,528 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/12/23 16:59:04 | 000,251,416 | ---- | M] (McAfee, Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Dictionary Compression sdch] -> File not found
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/12/23 16:59:04 | 000,305,000 | ---- | M] (McAfee, Inc.)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/03/06 21:20:14 | 000,373,872 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/12/23 16:59:04 | 000,251,416 | ---- | M] (McAfee, Inc.)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/03/06 21:20:09 | 000,279,664 | ---- | M] (Google Inc.)
"{7c5c0f58-e061-457d-9033-77307f5ed00c}" [HKLM] -> C:\Program Files (x86)\TorrentMan\tbTor1.dll [TorrentMan Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/03/06 21:20:14 | 000,373,872 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/03/06 21:20:09 | 000,279,664 | ---- | M] (Google Inc.)
WebBrowser\\"{7C5C0F58-E061-457D-9033-77307F5ED00C}" [HKLM] -> C:\Program Files (x86)\TorrentMan\tbTor1.dll [TorrentMan Toolbar] -> File not found
WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008/05/03 04:16:00 | 015,845,920 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\Windows\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/05/03 04:16:00 | 000,082,464 | ---- | M] (NVIDIA Corporation)
"RtHDVCpl" -> C:\Windows\RAVCpl64.exe [RAVCpl64.exe] -> [2007/03/23 20:04:00 | 005,055,488 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Windows\SkyTel.exe [Skytel.exe] -> [2007/03/16 16:06:54 | 001,822,720 | ---- | M] (Realtek Semiconductor Corp.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/21 03:46:39 | 001,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Google Quick Search Box" -> C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe ["C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun] -> [2009/12/11 21:45:19 | 000,122,880 | ---- | M] (Google Inc.)
"GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation)
"ISTray" -> C:\Program Files (x86)\Spyware Doctor\pctsTray.exe ["C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"] -> [2010/03/09 08:40:26 | 001,286,608 | ---- | M] (PC Tools)
"mcagent_exe" -> C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe ["C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
"McENUI" -> C:\Program Files (x86)\McAfee\MHN\McENUI.exe [C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide] -> [2009/07/07 21:02:26 | 001,176,808 | ---- | M] (McAfee, Inc.)
"NWEReboot" -> [] -> File not found
"P17RunE" -> C:\Windows\SysWow64\P17RunE.dll [RunDll32 P17RunE.dll,RunDLLEntry] -> [2007/04/09 02:40:00 | 000,014,848 | ---- | M] (Creative Technology Ltd.)
"TkBellExe" -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2010/03/06 22:15:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.)
"VolPanel" -> C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe ["C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r] -> [2007/02/28 17:50:50 | 000,180,224 | ---- | M] (Creative Technology Ltd)
"Wireless Manager" -> C:\Program Files (x86)\Virgin Broadband Wireless\Wireless Manager.exe ["C:\Program Files (x86)\Virgin Broadband Wireless\Wireless Manager.exe" startup] -> [2008/05/26 16:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Creative MediaSource Go" -> C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe ["C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB] -> [2006/11/09 10:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd)
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2008/08/20 23:42:21 | 000,039,408 | ---- | M] (Google Inc.)
"TBPanel" -> C:\Program Files (x86)\VDOTool\TBPanel.exe [C:\Program Files (x86)\VDOTool\TBPanel.exe /A] -> [2008/06/04 11:37:52 | 002,157,096 | ---- | M] (Palit Microsystems, Inc.)
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Shockwave Updater" -> C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 ( [C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Creative AutoUpdate v1.10.10)" -"http://www.lapoo.nl/search.php?keyword=bmw1&action=search"] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&D&ownload &with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] (www.BitComet.com)
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/03/06 21:20:47 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&D&ownload &with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet -> C:\Program Files (x86)\BitComet\BitComet.exe [res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm] -> [2009/01/20 07:37:40 | 002,523,960 | ---- | M] (www.BitComet.com)
Add to Windows &Live Favorites -> [http://favorites.live.com/quickadd.aspx] -> File not found
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/03/06 21:20:47 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}:res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 [HKLM] -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll [Button: BitComet] -> [2009/01/16 10:02:24 | 000,656,696 | ---- | M] (BitComet)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Marvell [:Range = 127.0.0.1] -> http = Local intranet | ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab [Java Plug-in 1.6.0_19] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab [Java Plug-in 1.6.0_19] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab [Java Plug-in 1.6.0_19] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{EDAF1010-7661-48C3-B844-F5D52837E327}\\DhcpNameServer -> 192.168.1.1 (Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications ->
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{0361C16E-3A26-467F-80FD-48698CDA19C2} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{08A09183-2EA4-4E2D-9CC0-53F8C57F189E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{0B875F51-B6E3-4E1B-BD7D-F73E5717F6F9} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{109F5C97-32F3-4C35-A8DB-90B71871D7AD} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{13951E4F-9405-4E3A-A229-4FC16C20069A} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{139A4B86-AF0B-4B58-81F8-F1F53F433C2E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{13BE065B-F99C-4CEE-AC08-711FC6E48448} -> lport=11202 | profile=public | protocol=17 | dir=in | action=allow | name=bitcomet 11202 udp |
{17C3B956-0F9A-4C1D-84CF-E5DF2318470F} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{18A738AB-D2EC-432B-9E6A-84DBE6862450} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{1B108FD4-BD98-4B25-B52E-2189D9B140A1} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{1C59E11C-F86F-4727-9048-F6C35F9F901E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{1FBACBAC-657B-4FE4-BA06-9D9D754ACEA5} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{1FBDAE0F-1592-4EB3-823E-001F215024ED} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{221E648C-3BDC-4A30-B8FF-C7B3D855D88A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{23EE8926-97F7-4A67-815C-118CE0E226B4} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{262C56A7-9159-4674-9583-C47C45886A12} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{2742733A-9202-4084-A88F-AEAC8FB0AA5F} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{276278D4-7BEA-4580-B3C7-66F233D1863C} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{2BFA98E4-3F04-4D80-83CC-FDC714BD994B} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{2D611F5B-99CF-464E-B99D-8CFCAA99AEEC} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{2E3E3337-1CCD-4175-8881-CE1F67A92AE0} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{2E5DEEF3-53EB-4E75-820B-C602BCB39ED7} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{2EB2531F-55EB-4FE3-8914-C814735D31B0} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3146FCF4-6A3D-4B2A-9501-8420A36B4A6D} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{31880F7E-F7FB-4457-8AE3-BD53E7FD590C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3664139F-E0C8-40A2-B9E7-3EC122FF2C5E} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3666C74C-6F2C-4661-85E9-596C49B9C6B5} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3869E370-3FF7-45C7-8872-7F954A70BCFC} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3A8FEFF6-CDF6-468A-B9C5-4C748C7A6120} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{3AA6FC7A-5B94-4098-9189-963E76254DC1} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{3B66B6ED-0AFC-4ED8-A10A-3F0AAF3BCBB1} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{3D12B99D-B7BA-4C64-9830-B56773528431} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{3D5C5A57-2199-4D07-BBDF-99A2B0FF3106} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{40084DB7-39C4-4F79-8453-094B27FE28AF} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{44E332B6-D42D-4E06-A749-C7C5FC6A1805} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{450E74E9-2BE0-4244-B088-C2497B854078} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{4EA8FA0F-8349-498F-AC99-88F1DEBE7DC0} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{52283CB8-9FEF-4252-8626-BAE12A71EC62} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{53C04F66-AE2A-473A-B099-DFE761D156E0} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{54B47797-7AEA-4850-81F0-FFC8DE86BAAD} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{58BF44EC-5651-439D-9BB4-59F74525257D} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{58DB0AB4-93A3-43AE-B730-CABEF5D40873} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{5DF48A1C-669A-4885-856C-4CF790C1E41C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{5FDE8010-F8B5-4467-8A74-9AD6C814B8CF} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{607C7B8B-CB55-43FD-A5A8-E8FA4575F1E0} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{60CC49CE-86EC-4808-86E0-C8DC729FFBDC} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{627511BE-6705-4DF1-8AA9-42AA455A92D5} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{6317C82D-E909-4D7C-B643-BBB4A3E6D22A} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{645FC600-4586-4195-AC27-DE37BA36471D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{6723B40A-E309-4123-A7FF-B1CFE897C31B} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{67C2017D-449D-4890-A63F-BF80E2ED68D6} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{68F00C20-8DA6-4D15-A87D-01ECD8978FB3} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{6A8CBB28-CF63-4D3D-A6E7-8A72E1D84EA6} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{6D52F856-D503-4EF1-AD95-1516555051FA} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{73F9FEC4-FA95-4D91-ADA2-165958B03D29} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{7753EFED-3408-49F2-B68F-1777153BB8EA} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{7AC17FD0-6B9C-4981-9874-C3EC7E8C66AD} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{7C514123-A7C1-4798-92C2-41FB79E55449} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{7E3C5259-117F-4978-BEC4-8530737E55DF} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{7EA99E76-DD94-40D9-ABA8-48B8D06D9B5C} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{80B69CCC-E6D9-42E5-BCAD-D121C1B7F4B5} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{828E5FF1-4DB7-48CD-B067-B74306D0FA11} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{85C34359-F3AA-439F-9B5E-6EB66DCA17C6} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{881B5ABB-D1F4-4B06-8353-87C5BE3AA0FB} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{89265673-2C7D-4DD7-BEDB-FBEEFAAB74D0} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{8A789DA3-0D8E-482B-B0F7-1F514150715A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{8BEACD69-F967-48EB-98FA-5A62F6014091} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{8C1EFED1-DE86-409B-AABF-FA1AD716D6E0} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{8F5BDE5A-6CD0-4F24-94AF-E25327BDB0F8} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{903BFC6A-B256-4DB1-B713-5460E4B78804} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{91345576-1E4F-4CF7-9116-45E7957DE2E5} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{94B3F2EC-F3F9-40EA-864C-2C5C31B20014} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{95EB06F7-B61F-40AC-B871-6F784FA6909D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{973DF149-560F-465E-BD2A-CC60F66565E2} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{979AE334-CFFD-4786-AFE1-A64A501FA582} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{9EB4B064-9085-41BB-9738-9C2D316C8E6A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{9EC1798C-532D-4487-8AD5-A573E5ECA32C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{A0FE45FB-C213-4555-92E2-50A757A7DB8A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{A13A31F2-30E2-4A6F-B8A6-DA63C471DA5D} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{A595AB48-96B2-4C8F-A480-E7F2B3B2280B} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{AD350750-480A-47E3-BA58-97967C5F904A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{AD7AE0AA-EDB6-4DBE-9746-61319F61C780} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{B3A8D968-89F9-4423-BD0B-8A29AFC19E75} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{B539DF17-7921-4C3A-9FBF-D9C723B5B154} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{B7F48F0A-AD17-406B-9B97-2EE0573DC2D0} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{BF66DB24-191A-4A7F-991F-EFCF2910B9DE} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{BFFF53D9-0085-41B7-9EA4-276187F48E6E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{C1F2F53F-1B7C-4A62-9722-50B491392626} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{C519E3BB-D355-43E3-91EB-B561E9E7E272} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |

{C799F33F-FBDD-4AAD-99C1-B5AAF5B21EB9} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{CB1F68A3-A623-4DBA-B1EC-1999DCDF9A06} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{CB227DEB-0C15-48B6-BB9C-2DDC6779CC84} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{CBBEC6DB-D0E8-407D-BF69-13A5FD650F82} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{CE395B04-0406-4A1D-A5F7-74399348364C} -> lport=11202 | profile=public | protocol=6 | dir=in | action=allow | name=bitcomet 11202 tcp |
{D03651A2-9C87-4762-A016-684373A79DCC} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D0E98139-5BFB-4AFC-9E0A-D6DAB04F2A9E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D2A54817-D8F1-44E2-988D-A04B86228370} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D2C5FE38-36A1-401D-AFA3-7EDB1F51CD58} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D449CB25-A251-410C-8E59-3F4720A16278} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D44F7DEA-D8DF-413B-89DA-B49F23044F73} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D5AAA37C-DA11-45FA-824A-015C76F4FB13} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D61D6F4C-6C1D-4783-92AB-9B80B3A60548} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{D67DBFE0-D6F0-44E3-A6EB-F4E064092284} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{D995E89F-0586-4411-B298-A6900B607BA7} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{D9C25FC2-0114-4747-A90D-2263D4A248F9} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{DE77A7F9-2C42-46CA-AA2F-5EB0DCD1D90B} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{E0976DC7-C4EB-47B1-A76C-ABF86AD316BC} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{E35074C5-77DB-4DDA-B881-55BC910A42C5} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{F284022E-AD77-45AC-87E7-4EB276086D9E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{F53F9CC9-3519-466B-A57A-CFF34CDBDF13} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{F57433B8-7979-443C-A369-25CFE8284EDE} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{F8524436-24D6-461D-9029-51C979855649} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{F8CE6310-05C0-4FD5-9794-E5E37713D31D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{FBDAD423-548A-4CDC-B6A6-DB1A79E9F514} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{FC0297A6-8C1E-48C3-AEE3-05DBB3453128} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{00935464-CC85-41ED-B8A8-0D97A032BE61} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{02D48B76-62B1-4CE5-B777-E59C31B5A52C} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{02DA050C-FDEC-4FEE-944F-DC62F68B1AD8} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{042C40C3-691B-4665-A4C4-6A7BF8A4F748} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{04AB1A8B-9CA7-419D-926B-68824743A41C} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{059650F5-18CE-475A-88DE-85FABF34457D} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{06796629-AAEC-4B64-9ED4-87540238F6A4} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{074AFF0F-066B-4B89-BFBA-BC53F6FC9F01} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{0BDFB63B-45AA-420D-94A4-344A920353A2} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{0BE3DA04-5B70-46B8-A9F1-5E32FF1969D6} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{0E20664D-0F0C-4C8C-B8E1-72EAA3A26ABA} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{120ED917-1E23-4B26-BB85-C430C934F13F} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{13F1C943-031E-4971-A0F5-2AB7C8A95C1D} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{15690EC4-91A9-474F-B7FD-430518CD34AA} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{165F2780-54B5-4D83-9809-19652930A9EF} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{19074BFF-30A2-4274-874B-4ADE648F64AD} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{190C2024-04BD-4C03-8B96-DCE349CA0B53} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{191FDE98-BF52-4A62-87B9-E2BEFC94769E} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{1ED79B9C-A7F5-4DB2-BC61-6EAAFCCBD1DF} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{204082AF-6A44-4C53-A3C2-7284EA494DA0} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{213B7DFD-52BF-49A1-98C4-BEFAFC76DC81} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{230D04F1-F095-4DED-9164-5907614765F4} -> profile=private | protocol=6 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
{233181EE-0198-48A1-A901-6FEBAB6A0A6C} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{2734063C-DF47-4F54-B9E2-D70D7307487B} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{2AC32713-8A7B-4640-9B05-A39CD9C7981C} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{2C036C61-574E-4D54-9C28-FADABE610BB0} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{2DC42473-7102-490E-A5C5-856AFF70340C} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{2E8159EB-CC7A-40C5-965D-44B0033EC53F} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{30E09B40-3E76-4DFA-B353-0C70E5181DC9} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{324F439F-012B-4B23-893E-B6D0B7243D09} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{33E99D7F-F8D4-4D9F-838B-5023492A59DA} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{34A3A752-991C-4F64-B0BF-E9A838DF065D} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{354BD128-06A1-4B24-8F84-163CE1234DF7} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{3733A1DA-D518-4209-99BD-BEEE2F18B031} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
{37871CD5-7872-45C3-8388-E513550256B0} -> profile=domain | protocol=6 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
{37E99696-4471-4D92-8846-A059B9A6B2E2} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{3A09EF43-25CA-4AA0-8D7E-DB622FD857F5} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{3BAAB933-34C4-4D64-BB0D-CE5608467FDA} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{3CF4B04B-D1FD-42D0-B1A4-9D8ADF4AB957} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{3D5AADAF-8370-4B3C-B65A-83BAD1DC0309} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{3EACF80B-0276-482E-8D28-CA7B2FA5E9BE} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{41D8B957-DE6C-492F-A976-F49EBAA31945} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{45D76E44-21FE-4DDB-AB0A-E7072FE29EF4} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{478A9CCE-EC25-4AD0-AFA6-FA6471847065} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{506A18AD-B5A2-494A-8A42-29C87E058DEA} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{50999627-83D1-4406-9CD7-284C0999B350} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{538A3A90-2027-490C-93BD-121554364540} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{573C78D6-7183-459F-AA0A-014F2F8D9C5E} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{59083E02-A72A-43DB-AED2-C59F760E8538} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5A2D4085-0488-434D-9C18-3E4FAFFFC468} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5AB43B7C-150A-47F4-ABE0-62B355A7DC1F} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5D611A98-4DAE-4FDD-A6F1-40C6465D0324} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5E325EF8-336D-496B-B640-C614BD26EBA4} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{5E50ED77-FF29-439C-A787-5CC7F4A10A41} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5EE4AF61-5F65-49C8-81B6-8CBE8D11335D} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{5F4B1057-3582-4801-BAF9-6ABCFB259FA5} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{648865BD-C006-4D0F-97E2-881805771752} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{64D0C009-60E3-40E7-8E1B-1EDF6B966A3F} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{6787A5EE-ED9A-4E65-9D7D-B2AF8DF08047} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{69E4B5E6-28F0-4FEA-BB46-20C309C0DB5D} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{6A44C262-0011-4EEF-B410-55F5AE839C18} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{6C233F39-3E5C-4FD5-8B7A-B4308F1B93A0} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{6C7013BE-6F8B-4BF1-BD56-3327461B8B60} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{70287535-9F4F-4AF4-923C-2EAA496B83D6} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{70AD91C2-7EFB-4B6B-8009-05675579EC21} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{73039C32-97AB-4F02-9AC7-831F05C50B7F} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{737AABB6-8D5B-4717-ACD8-239027D6AACA} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{75BCABFE-04A2-431D-B74C-589D988F5327} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{76159027-0B1F-45C7-9CAE-BAD252301D27} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{775D4BD4-F674-4C47-90C2-9F6CD1FA7115} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{77D40C22-77AD-41BE-9B00-25D9CFE64EA5} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{79134C7B-7FAE-4D82-8B04-2D6FC8C38554} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{7982DF1D-652B-47AE-B3B4-AB85B15CACB8} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{7D095CCC-5EC8-42AA-94BE-8C24DC2F8269} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{7DC62AD9-4F36-4F4D-BB1C-089DA05FD1B7} -> profile=domain | protocol=17 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
{7E515211-13DE-4DA7-B2B9-C4A1D6EB4278} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{83539781-CACE-4AC1-9EC2-A132006A820E} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{851EDBF7-AED4-4C15-B121-BAB10E45452F} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{85201872-6659-40DD-BAD0-42C2CA2C778B} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{896323A1-122F-4CC4-AAAB-9413E9FCAE22} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{8B2BB861-1B7F-4ACC-99BD-6ACE84F039C3} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{8D6B59A0-9681-4678-B7E7-08BC7DF08042} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{8F837A3E-DAE9-4E6E-8663-BF11CC1DB39D} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{901D40D0-0E86-4265-8449-22F2ABFAAAE3} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{9BE003D7-CFD6-4F31-88B9-3A7CD1A7FD83} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{A58B9F22-B0A6-49A7-B853-EE6AD046CE8E} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{A6379EF5-59CD-418C-86C7-1F473E1A2AAF} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{A6382A61-F13D-4E44-AD1D-87D4B4568D33} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{A81EDA25-639B-4180-8F42-CC1D6B3B448F} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{A92BC841-F0E7-401B-8B5B-6640704030B0} -> profile=domain | dir=in | action=allow | name=mcafee network agent | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
{ABE1E35E-0E70-4FC6-B71F-04D081DB03D3} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{B180C1EE-64F3-4FF5-A3DF-C66BE06894AA} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{B4E602E6-54B8-4822-929C-158F611FE5B9} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{B71D866B-6B04-45EC-A0D4-C2A68E614160} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{B8C2739D-1CF8-43D6-B027-1C21AB516A56} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{BC398307-DE3D-47F5-8767-C06433B6DE52} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{BE3F839D-717C-41C6-83A6-6F8ADF895F5C} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{C0222B88-94DE-46B4-A370-C6A036B42093} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{C08A3DF9-DE1B-4ABD-9BF4-F491EFBA3768} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{C4AF8342-DB45-4826-9909-AB1D87039255} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{C65FEC9D-6860-4E97-99DB-EF9DF63B550A} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{C6E29172-0623-4F46-ADF5-9C8EC55D8CF6} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{C75FF31B-C57C-4732-9C02-902E64AA0459} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{CAB21DA7-89C3-4452-B052-0D6420339C0A} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{CAD0F65B-CC9D-4730-A050-D820E06B5843} -> profile=public | protocol=6 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
{CB82DCD5-9992-465F-A38B-7C1127C5FF5D} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{CCDC06D7-8A66-44AC-8635-B42FACD10503} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{CE16AD5E-4620-4C03-95B9-43B2B5D2FA37} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{DD0F4EDA-2707-431A-820A-945C676B4100} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{DE07286B-D65A-4BF7-8291-DBFB7EF7D075} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{DE6DF3DA-CCFB-4086-99B3-9F47C26D45F7} -> profile=public | protocol=17 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
{DFFF724E-E08B-4013-A47A-F540D0150DC8} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{E25C2975-B43A-483A-88F8-311C06517FEB} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{E2E16AD7-0600-4A35-952F-233F68F57E2F} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{E882C34F-670C-4DB0-9078-0B85D142B7EA} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{EADC2336-BBA4-4F7A-B841-43C5D38BC323} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{EC890BE3-A452-4BF0-8302-5F58C3DB53BB} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{F0897AE8-C851-4AE0-B513-4698FD73DE77} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{F517D5CE-79B8-4237-8CA3-B0D4683B9A10} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{F6D0411A-DB65-4F83-BAE0-82659B49C310} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{FB900E2C-79A6-4AD4-9563-1EC67333757C} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{FC12152F-7064-4694-A9B0-1128A140808B} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{FF5DC479-0D19-4E10-A436-A003E5AD58F8} -> profile=private | protocol=17 | dir=in | action=allow | name=wireless manager | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
TCP Query User{03AD3CC6-C73F-40A0-9175-0C62BA748198}C:\program files (x86)\common files\ahead\nero web\setupx.exe -> profile=private | protocol=6 | dir=in | action=block | name=msi starter | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe |
TCP Query User{3878306E-09C5-4CA0-870B-56B33F2853CC}C:\program files (x86)\frostwire\frostwire.exe -> profile=private | protocol=6 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe |
TCP Query User{421C479D-A279-41F5-9528-2A26D71FA2D4}C:\program files (x86)\bitcomet\bitcomet.exe -> profile=private | protocol=6 | dir=in | action=allow | name=bitcomet - a bittorrent client | app=c:\program files (x86)\bitcomet\bitcomet.exe |
TCP Query User{46EF92E2-B348-4EAF-B7F8-79EFD821C8BE}C:\program files (x86)\limewire\limewire.exe -> profile=private | protocol=6 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
TCP Query User{4A855B5C-08E4-415B-A318-79D14DF41B00}C:\users\ans\appdata\local\temp\nero web\setupxu.exe -> profile=private | protocol=6 | dir=in | action=allow | name=setupxu.exe | app=c:\users\ans\appdata\local\temp\nero web\setupxu.exe |
TCP Query User{5015070E-09C2-488B-AFBB-271A8DAC7E8D}C:\program files (x86)\limewire\limewire.exe -> profile=public | protocol=6 | dir=in | action=block | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
TCP Query User{80DDDB99-E1BF-4E81-AD60-881C2F4AFE77}C:\program files (x86)\bitlord\bitlord.exe -> profile=private | protocol=6 | dir=in | action=allow | name=bitlord | app=c:\program files (x86)\bitlord\bitlord.exe |
TCP Query User{831A862B-385A-41AE-9377-94AE57343F26}C:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe -> profile=public | protocol=6 | dir=in | action=block | name=nero mediahome | app=c:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe |
TCP Query User{A5B38501-59D6-458F-9613-F81CD6574D08}C:\program files (x86)\bitcomet\bitcomet.exe -> profile=public | protocol=6 | dir=in | action=block | name=bitcomet - a bittorrent client | app=c:\program files (x86)\bitcomet\bitcomet.exe |
TCP Query User{A8C59A48-0B0A-418A-8161-93CBF642316C}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=6 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
TCP Query User{A9F6BDFD-A593-4EFC-8343-01663CA849E7}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe -> profile=public | protocol=6 | dir=in | action=allow | name=nokia service layer host process | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
TCP Query User{B3FBC116-5381-4811-A74D-C2B04DEC8655}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe -> profile=public | protocol=6 | dir=in | action=allow | name=nokia software updater | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
TCP Query User{C19A0DEF-DAE2-4A84-AACB-C3B9CDFEF22F}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
TCP Query User{CD34458D-CC9A-4161-9463-CF7145196972}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe -> profile=private | protocol=6 | dir=in | action=allow | name=nero home | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
TCP Query User{E3921F37-F1DE-4F3A-9CA8-8D0D1C57129B}C:\program files (x86)\marvell\61xx\apache2\bin\apache.exe -> profile=public | protocol=6 | dir=in | action=allow | name=apache http server | app=c:\program files (x86)\marvell\61xx\apache2\bin\apache.exe |
UDP Query User{1FA3594E-FD3B-48FE-848D-7697795A9732}C:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe -> profile=public | protocol=17 | dir=in | action=block | name=nero mediahome | app=c:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe |
UDP Query User{283039E8-F267-4697-8F0F-F453CF6E75C2}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe -> profile=private | protocol=17 | dir=in | action=allow | name=nero home | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
UDP Query User{38C51128-501B-4DF4-B859-BE865D31BA19}C:\program files (x86)\frostwire\frostwire.exe -> profile=private | protocol=17 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe |
UDP Query User{57038DA1-AEAD-4E91-B6E2-D358394325FF}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=17 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
UDP Query User{6DCF702D-79F4-42B7-8E45-EAA5E6FBF258}C:\program files (x86)\bitcomet\bitcomet.exe -> profile=public | protocol=17 | dir=in | action=block | name=bitcomet - a bittorrent client | app=c:\program files (x86)\bitcomet\bitcomet.exe |
UDP Query User{7025C8C1-30B7-47ED-8ED6-2579193CD64E}C:\program files (x86)\bitcomet\bitcomet.exe -> profile=private | protocol=17 | dir=in | action=allow | name=bitcomet - a bittorrent client | app=c:\program files (x86)\bitcomet\bitcomet.exe |
UDP Query User{7D6751CF-E96C-4E45-A3A9-120A72CBD51A}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
UDP Query User{8748EF7F-2530-4C5B-A28B-D174F60DCC6C}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe -> profile=public | protocol=17 | dir=in | action=allow | name=nokia software updater | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
UDP Query User{9723DB15-E61F-43E6-8B3E-DD4A42AB2831}C:\program files (x86)\marvell\61xx\apache2\bin\apache.exe -> profile=public | protocol=17 | dir=in | action=allow | name=apache http server | app=c:\program files (x86)\marvell\61xx\apache2\bin\apache.exe |
UDP Query User{C98D2A28-4688-4B9F-8209-3C1B4732695B}C:\program files (x86)\bitlord\bitlord.exe -> profile=private | protocol=17 | dir=in | action=allow | name=bitlord | app=c:\program files (x86)\bitlord\bitlord.exe |
UDP Query User{CB13B60D-CBDF-4695-B585-083F8D30988D}C:\users\ans\appdata\local\temp\nero web\setupxu.exe -> profile=private | protocol=17 | dir=in | action=allow | name=setupxu.exe | app=c:\users\ans\appdata\local\temp\nero web\setupxu.exe |
UDP Query User{E0B74478-E67A-45BA-BDEB-F4F6A6D35CB3}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe -> profile=public | protocol=17 | dir=in | action=allow | name=nokia service layer host process | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
UDP Query User{EF728F4D-9E3A-481B-96DF-A64E28ED4231}C:\program files (x86)\common files\ahead\nero web\setupx.exe -> profile=private | protocol=17 | dir=in | action=block | name=msi starter | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe |
UDP Query User{FD60AF72-48C6-444A-8021-62450FD3BA4E}C:\program files (x86)\limewire\limewire.exe -> profile=private | protocol=17 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
UDP Query User{FEF76B4C-833B-4EC9-A73D-6B34706BEEB0}C:\program files (x86)\limewire\limewire.exe -> profile=public | protocol=17 | dir=in | action=block | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/04/11 06:34:39 | 000,079,872 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{7262a896-0071-11df-920d-a394d49931db}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7262a896-0071-11df-920d-a394d49931db}\shell\AutoRun\command
\{7262a896-0071-11df-920d-a394d49931db}\shell\AutoRun\command\\"" -> F:\installer.exe [F:\installer.exe] -> File not found
\{7262a896-0071-11df-920d-a394d49931db}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7262a896-0071-11df-920d-a394d49931db}\shell\verb\command
\{7262a896-0071-11df-920d-a394d49931db}\shell\verb\command\\"" -> F:\installer.exe [F:\installer.exe] -> File not found
\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\shell
\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\shell\AutoRun\command
\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\shell\AutoRun\command\\"" -> D:\.\Bin\Assetup.exe [D:\.\Bin\Assetup.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
ComboFix.exe -> C:\Users\Ans\Desktop\ComboFix.exe -> File not found
OTS.exe -> C:\Users\Ans\Desktop\OTS.exe -> [2010/05/18 22:03:31 | 000,640,000 | ---- | C] (OldTimer Tools)
32788R22FWJFW -> C:\32788R22FWJFW -> [2010/05/18 21:59:21 | 000,000,000 | ---D | C]
pctgntdi64.sys -> C:\Windows\SysNative\drivers\pctgntdi64.sys -> [2010/05/18 21:02:26 | 000,306,648 | ---- | C] (PC Tools)
pctwfpfilter64.sys -> C:\Windows\SysNative\drivers\pctwfpfilter64.sys -> [2010/05/18 21:02:26 | 000,133,072 | ---- | C] (PC Tools)
PCTCore64.sys -> C:\Windows\SysNative\drivers\PCTCore64.sys -> [2010/05/18 21:02:24 | 000,233,488 | ---- | C] (PC Tools)
pctplsg64.sys -> C:\Windows\SysNative\drivers\pctplsg64.sys -> [2010/05/18 21:02:22 | 000,092,896 | ---- | C] (PC Tools)
Spyware Doctor -> C:\Program Files (x86)\Spyware Doctor -> [2010/05/18 21:02:19 | 000,000,000 | ---D | C]
PC Tools -> C:\Users\Ans\AppData\Roaming\PC Tools -> [2010/05/18 21:02:19 | 000,000,000 | ---D | C]
PC Tools -> C:\ProgramData\PC Tools -> [2010/05/18 21:02:19 | 000,000,000 | ---D | C]
PC Tools -> C:\Program Files (x86)\Common Files\PC Tools -> [2010/05/18 21:02:19 | 000,000,000 | ---D | C]
TEMP -> C:\ProgramData\TEMP -> [2010/05/18 21:01:58 | 000,000,000 | ---D | C]
sdasetup.exe -> C:\Users\Ans\Desktop\sdasetup.exe -> [2010/05/18 21:00:06 | 036,592,752 | ---- | C] (PC Tools )
STOPzilla_Setup.exe -> C:\Users\Ans\Desktop\STOPzilla_Setup.exe -> [2010/05/18 20:56:50 | 000,390,656 | ---- | C] (iS3, Inc.)
Malwarebytes -> C:\Users\Ans\AppData\Roaming\Malwarebytes -> [2010/05/18 20:47:28 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/05/18 20:47:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/05/18 20:47:20 | 000,024,664 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/05/18 20:47:20 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/05/18 20:47:20 | 000,000,000 | ---D | C]
mbam-setup-1.46.exe -> C:\Users\Ans\Desktop\mbam-setup-1.46.exe -> [2010/05/18 20:46:15 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
twutmhtys -> C:\Users\Ans\AppData\Local\twutmhtys -> [2010/05/18 20:06:18 | 000,000,000 | ---D | C]
YouTube Downloader -> C:\Program Files (x86)\YouTube Downloader -> [2010/05/01 18:30:40 | 000,000,000 | ---D | C]
1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp ->
1 C:\Users\Ans\AppData\Roaming\*.tmp files -> C:\Users\Ans\AppData\Roaming\*.tmp ->

[Files/Folders - Modified Within 30 Days]
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/05/19 19:41:59 | 011,329,652 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/05/19 19:41:58 | 005,571,970 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/05/19 19:41:56 | 000,004,888 | ---- | M] ()
NTUSER.DAT -> C:\Users\Ans\NTUSER.DAT -> [2010/05/19 19:40:44 | 005,242,880 | -HS- | M] ()
Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2010/05/19 19:38:18 | 000,000,880 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/05/19 19:37:32 | 000,000,896 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/05/19 19:37:01 | 000,000,892 | ---- | M] ()
Config.MPF -> C:\Windows\SysNative\Config.MPF -> [2010/05/19 19:36:46 | 000,012,581 | ---- | M] ()
61xx.xml -> C:\Windows\SysWow64\61xx.xml -> [2010/05/19 19:35:59 | 000,000,294 | ---- | M] ()
mvraidver.dat -> C:\Windows\mvraidver.dat -> [2010/05/19 19:35:56 | 000,000,009 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/19 19:35:53 | 000,003,760 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/19 19:35:53 | 000,003,760 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/05/19 19:35:48 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/05/19 19:35:47 | 000,067,584 | --S- | M] ()
GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000UA.job -> [2010/05/19 19:20:59 | 000,000,898 | ---- | M] ()
NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Ans\NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/19 18:26:46 | 000,524,288 | -HS- | M] ()
NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TM.blf -> C:\Users\Ans\NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TM.blf -> [2010/05/19 18:26:46 | 000,065,536 | -HS- | M] ()
bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2010/05/18 23:37:35 | 000,004,268 | ---- | M] ()
IconCache.db -> C:\Users\Ans\AppData\Local\IconCache.db -> [2010/05/18 23:37:27 | 002,772,129 | -H-- | M] ()
OTS.exe -> C:\Users\Ans\Desktop\OTS.exe -> [2010/05/18 22:03:32 | 000,640,000 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000Core.job -> [2010/05/18 21:21:00 | 000,000,846 | ---- | M] ()
Spyware Doctor.lnk -> C:\Users\Public\Desktop\Spyware Doctor.lnk -> [2010/05/18 21:02:23 | 000,001,813 | ---- | M] ()
sdasetup.exe -> C:\Users\Ans\Desktop\sdasetup.exe -> [2010/05/18 21:01:08 | 036,592,752 | ---- | M] (PC Tools )
STOPzilla_Setup.exe -> C:\Users\Ans\Desktop\STOPzilla_Setup.exe -> [2010/05/18 20:56:51 | 000,390,656 | ---- | M] (iS3, Inc.)
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/05/18 20:47:23 | 000,000,848 | ---- | M] ()
mbam-setup-1.46.exe -> C:\Users\Ans\Desktop\mbam-setup-1.46.exe -> [2010/05/18 20:46:17 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
syssvc.exe -> C:\Users\Ans\AppData\Local\syssvc.exe -> [2010/05/18 20:22:27 | 000,059,648 | ---- | M] ()
YouTube- Bismillah Sher Part 2.mp4 -> C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 2.mp4 -> [2010/05/12 21:28:30 | 020,609,470 | ---- | M] ()
YouTube- Bismillah Sher Part 1.mp4 -> C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 1.mp4 -> [2010/05/12 21:26:51 | 018,926,115 | ---- | M] ()
YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4 -> C:\Users\Ans\Documents\YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4 -> [2010/05/08 20:29:49 | 012,679,402 | ---- | M] ()
YouTube- 2pac-Tupac Heartz Of Men.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Tupac Heartz Of Men.mp4 -> [2010/05/03 14:40:14 | 007,519,060 | ---- | M] ()
YouTube- 2Pac - Until The End Of Time.mp4 -> C:\Users\Ans\Documents\YouTube- 2Pac - Until The End Of Time.mp4 -> [2010/05/03 14:35:04 | 013,845,607 | ---- | M] ()
YouTube- 2pac-Tupac Only God Can Judge Me.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Tupac Only God Can Judge Me.mp4 -> [2010/05/03 14:31:00 | 007,928,213 | ---- | M] ()
YouTube- 2pac-Only Fear Of Death.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Only Fear Of Death.mp4 -> [2010/05/03 14:21:52 | 023,604,917 | ---- | M] ()
YouTube- IMRAN KHAN BEWAFA.mp4 -> C:\Users\Ans\Documents\YouTube- IMRAN KHAN BEWAFA.mp4 -> [2010/05/01 18:54:17 | 060,631,356 | ---- | M] ()
YouTube- tere liye atif aslam song of (prince ).mp4 -> C:\Users\Ans\Documents\YouTube- tere liye atif aslam song of (prince ).mp4 -> [2010/05/01 18:48:10 | 005,416,651 | ---- | M] ()
YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4 -> C:\Users\Ans\Documents\YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4 -> [2010/05/01 18:43:44 | 007,855,114 | ---- | M] ()
YouTube- The Game, 50 Cent - Hate It Or Love It.mp4 -> C:\Users\Ans\Documents\YouTube- The Game, 50 Cent - Hate It Or Love It.mp4 -> [2010/05/01 18:34:56 | 016,050,451 | ---- | M] ()
YouTube Downloader.lnk -> C:\Users\Ans\Desktop\YouTube Downloader.lnk -> [2010/05/01 18:30:40 | 000,000,961 | ---- | M] ()
Google Chrome.lnk -> C:\Users\Ans\Desktop\Google Chrome.lnk -> [2010/04/30 20:21:32 | 000,002,032 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/04/29 17:35:45 | 000,381,848 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation)
diagwrn.xml -> C:\Windows\diagwrn.xml -> [2010/04/28 21:04:57 | 000,001,908 | ---- | M] ()
diagerr.xml -> C:\Windows\diagerr.xml -> [2010/04/28 21:04:57 | 000,001,908 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Ans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/04/20 21:11:16 | 000,065,024 | ---- | M] ()
14 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp ->
1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp ->
1 C:\Users\Ans\AppData\Roaming\*.tmp files -> C:\Users\Ans\AppData\Roaming\*.tmp ->

[Files - No Company Name]
pctgntdi64.cat -> C:\Windows\SysNative\drivers\pctgntdi64.cat -> [2010/05/18 21:02:26 | 000,007,357 | ---- | C] ()
pctcore64.cat -> C:\Windows\SysNative\drivers\pctcore64.cat -> [2010/05/18 21:02:24 | 000,007,353 | ---- | C] ()
Spyware Doctor.lnk -> C:\Users\Public\Desktop\Spyware Doctor.lnk -> [2010/05/18 21:02:23 | 000,001,813 | ---- | C] ()
pctplsg64.cat -> C:\Windows\SysNative\drivers\pctplsg64.cat -> [2010/05/18 21:02:22 | 000,007,353 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/05/18 20:47:23 | 000,000,848 | ---- | C] ()
syssvc.exe -> C:\Users\Ans\AppData\Local\syssvc.exe -> [2010/05/18 20:22:27 | 000,059,648 | ---- | C] ()
YouTube- Bismillah Sher Part 2.mp4 -> C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 2.mp4 -> [2010/05/12 21:28:30 | 020,609,470 | ---- | C] ()
YouTube- Bismillah Sher Part 1.mp4 -> C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 1.mp4 -> [2010/05/12 21:26:50 | 018,926,115 | ---- | C] ()
YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4 -> C:\Users\Ans\Documents\YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4 -> [2010/05/08 20:29:49 | 012,679,402 | ---- | C] ()
YouTube- 2pac-Tupac Heartz Of Men.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Tupac Heartz Of Men.mp4 -> [2010/05/03 14:40:14 | 007,519,060 | ---- | C] ()
YouTube- 2Pac - Until The End Of Time.mp4 -> C:\Users\Ans\Documents\YouTube- 2Pac - Until The End Of Time.mp4 -> [2010/05/03 14:35:03 | 013,845,607 | ---- | C] ()
YouTube- 2pac-Tupac Only God Can Judge Me.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Tupac Only God Can Judge Me.mp4 -> [2010/05/03 14:30:59 | 007,928,213 | ---- | C] ()
YouTube- 2pac-Only Fear Of Death.mp4 -> C:\Users\Ans\Documents\YouTube- 2pac-Only Fear Of Death.mp4 -> [2010/05/03 14:21:51 | 023,604,917 | ---- | C] ()
YouTube- IMRAN KHAN BEWAFA.mp4 -> C:\Users\Ans\Documents\YouTube- IMRAN KHAN BEWAFA.mp4 -> [2010/05/01 18:54:16 | 060,631,356 | ---- | C] ()
YouTube- tere liye atif aslam song of (prince ).mp4 -> C:\Users\Ans\Documents\YouTube- tere liye atif aslam song of (prince ).mp4 -> [2010/05/01 18:48:10 | 005,416,651 | ---- | C] ()
YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4 -> C:\Users\Ans\Documents\YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4 -> [2010/05/01 18:43:44 | 007,855,114 | ---- | C] ()
YouTube- The Game, 50 Cent - Hate It Or Love It.mp4 -> C:\Users\Ans\Documents\YouTube- The Game, 50 Cent - Hate It Or Love It.mp4 -> [2010/05/01 18:34:55 | 016,050,451 | ---- | C] ()
YouTube Downloader.lnk -> C:\Users\Ans\Desktop\YouTube Downloader.lnk -> [2010/05/01 18:30:40 | 000,000,961 | ---- | C] ()
diagwrn.xml -> C:\Windows\diagwrn.xml -> [2010/04/28 20:57:46 | 000,001,908 | ---- | C] ()
diagerr.xml -> C:\Windows\diagerr.xml -> [2010/04/28 20:57:46 | 000,001,908 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\SysWow64\EhStorAuthn.dll -> [2009/09/24 18:18:33 | 000,117,248 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/09/24 18:16:56 | 000,368,640 | ---- | C] ()
Days5.ini -> C:\Windows\SysWow64\Days5.ini -> [2009/03/05 23:06:46 | 000,000,031 | ---- | C] ()
AudioDrv.ini -> C:\Windows\SysWow64\AudioDrv.ini -> [2008/08/21 01:03:33 | 000,003,118 | ---- | C] ()
OemSpiE.dll -> C:\Windows\SysWow64\OemSpiE.dll -> [2008/08/21 01:02:37 | 000,148,480 | ---- | C] ()
ludap17.ini -> C:\Windows\SysWow64\ludap17.ini -> [2008/08/21 01:02:34 | 000,003,348 | R--- | C] ()
ctzapxx.ini -> C:\Windows\SysWow64\ctzapxx.ini -> [2008/08/21 01:02:34 | 000,000,078 | R--- | C] ()
APOMngr.DLL -> C:\Windows\SysWow64\APOMngr.DLL -> [2008/08/21 01:02:30 | 000,108,544 | ---- | C] ()
CmdRtr.DLL -> C:\Windows\SysWow64\CmdRtr.DLL -> [2008/08/21 01:02:30 | 000,069,120 | ---- | C] ()
Ascd_log.ini -> C:\Windows\Ascd_log.ini -> [2008/08/20 22:38:20 | 000,015,231 | ---- | C] ()
Ascd_tmp.ini -> C:\Windows\Ascd_tmp.ini -> [2008/08/20 22:37:54 | 000,014,915 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/21 03:49:10 | 000,060,124 | ---- | C] ()
P17EP.ini -> C:\Windows\P17EP.ini -> [2007/07/02 09:58:14 | 000,001,970 | ---- | C] ()
php.ini -> C:\Windows\php.ini -> [2007/05/23 01:17:30 | 000,047,395 | ---- | C] ()
zraidtray.ini -> C:\Windows\zraidtray.ini -> [2007/04/26 02:21:36 | 000,000,236 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 16:06:34 | 000,037,665 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 16:06:34 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 16:06:34 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 16:06:34 | 000,026,040 | ---- | C] ()
ASUSHWIO.SYS -> C:\Windows\SysWow64\drivers\ASUSHWIO.SYS -> [2006/10/11 12:33:58 | 000,010,288 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
[/code]

It didn't create a Extras.txt. on my desktop only a OTS.txt same as the one above?

Hello.
That is OTS you ran, not OTL.

Please read my instructions carefully.

Sorry dude

I have got my internet working aswell now, all seem fine but can just still check the below correct OTL files.
Oh yea & let me know where to post feedback as you guyz are relly good, keep it up.

OTL.txt

OTL logfile created on: 20/05/2010 18:54:50 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Ans\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 185.94 Gb Free Space | 39.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ICEMAN
Current User Name: Ans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/20 18:54:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Ans\Desktop\OTL.exe
PRC - [2010/03/06 22:15:56 | 000,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2010/03/06 22:15:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/11 21:45:19 | 000,122,880 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/12/02 15:20:19 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/08/20 23:42:21 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/04 11:37:52 | 002,157,096 | ---- | M] (Palit Microsystems, Inc.) -- C:\Program Files (x86)\VDOTool\TBPANEL.exe
PRC - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2007/11/27 19:13:44 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2007/10/26 16:28:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\PC-TV\WinManager\WinManager.exe
PRC - [2007/06/12 19:54:12 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe
PRC - [2007/05/23 01:17:02 | 000,020,539 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe
PRC - [2006/11/09 10:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe


========== Modules (SafeList) ==========

MOD - [2010/05/20 18:54:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Ans\Desktop\OTL.exe
MOD - [2009/12/23 17:11:18 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 07:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/21 03:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/25 02:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/09/16 11:23:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/09/16 10:15:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/04/11 08:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/04/11 08:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/04/11 08:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2009/04/11 08:11:04 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2008/01/21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/21 03:47:07 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2008/01/21 03:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 16:57:18 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 05:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2007/06/12 19:54:12 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2007/05/23 01:17:02 | 000,020,539 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe -- (MRUWebService)
SRV - [2006/11/02 14:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 07:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 07:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 10:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/09/16 10:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/04/11 08:15:30 | 000,160,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/04/11 06:40:06 | 000,694,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2009/04/11 06:39:57 | 000,178,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/04/11 06:39:55 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2009/04/11 06:39:53 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2009/04/11 06:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/04/11 05:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/04/09 14:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/02/09 08:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/02/09 08:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/02/09 08:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/02/09 08:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/09/17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/10 19:20:16 | 000,021,504 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2008/03/11 18:57:34 | 001,226,112 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\716xBDA.sys -- (716xBDA)
DRV:64bit: - [2008/01/21 03:46:10 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2007/12/17 20:32:00 | 000,056,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\l160x64.sys -- (AtcL001)
DRV:64bit: - [2007/11/16 11:11:08 | 001,276,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2007/08/10 17:11:54 | 000,021,504 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\716xHID.sys -- (716xHID)
DRV:64bit: - [2007/06/15 08:52:26 | 000,163,736 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2006/11/02 06:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/11/01 08:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2008/08/20 21:15:31 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2006/09/18 22:36:40 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 22:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.39.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/10 00:34:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/04/21 19:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/06/20 21:00:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord [2010/03/06 22:16:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/06 22:16:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/16 19:59:20 | 000,000,000 | ---D | M]

[2009/02/16 22:51:09 | 000,000,000 | ---D | M] -- C:\Users\Ans\AppData\Roaming\mozilla\Extensions
[2009/02/16 22:51:09 | 000,000,000 | ---D | M] -- C:\Users\Ans\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/05/19 20:48:48 | 000,000,000 | ---D | M] -- C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions
[2009/08/31 10:56:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 20:53:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/29 20:40:56 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/29 20:41:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ans\AppData\Roaming\mozilla\Firefox\Profiles\vm2xwwws.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/31 10:55:29 | 000,001,957 | ---- | M] () -- C:\Users\Ans\AppData\Roaming\Mozilla\FireFox\Profiles\vm2xwwws.default\searchplugins\bing.xml
[2010/03/30 21:59:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/11/26 20:38:13 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2008/08/20 23:42:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/12/02 09:11:44 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/02 09:11:44 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/02 09:11:44 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/02 09:11:44 | 000,000,831 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files (x86)\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files (x86)\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [Creative MediaSource Go] C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\VDOTool\TBPanel.exe (Palit Microsystems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\Ans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Marvell ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ans\Pictures\Merc SLR.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ans\Pictures\Merc SLR.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7262a896-0071-11df-920d-a394d49931db}\Shell\AutoRun\command - "" = F:\installer.exe -- File not found
O33 - MountPoints2\{7262a896-0071-11df-920d-a394d49931db}\Shell\verb\command - "" = F:\installer.exe -- File not found
O33 - MountPoints2\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7ecfd7a3-6ef4-11dd-9e03-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/20 18:54:21 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Ans\Desktop\OTL.exe
[2010/05/18 21:59:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/18 21:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/05/18 20:47:28 | 000,000,000 | ---D | C] -- C:\Users\Ans\AppData\Roaming\Malwarebytes
[2010/05/18 20:47:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/18 20:47:20 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/18 20:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/18 20:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/18 20:06:18 | 000,000,000 | ---D | C] -- C:\Users\Ans\AppData\Local\twutmhtys
[2010/05/01 18:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Ans\AppData\Roaming\*.tmp files -> C:\Users\Ans\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 18:58:13 | 005,242,880 | -HS- | M] () -- C:\Users\Ans\NTUSER.DAT
[2010/05/20 18:55:23 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/20 18:54:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Ans\Desktop\OTL.exe
[2010/05/20 18:49:36 | 011,366,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/20 18:49:36 | 005,590,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/20 18:49:35 | 000,004,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/20 18:46:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/20 18:45:02 | 000,013,079 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/05/20 18:44:18 | 000,000,294 | ---- | M] () -- C:\Windows\SysWow64\61xx.xml
[2010/05/20 18:44:16 | 000,000,009 | ---- | M] () -- C:\Windows\mvraidver.dat
[2010/05/20 18:44:01 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/20 18:44:01 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/20 18:43:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/20 18:43:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/19 22:42:10 | 000,524,288 | -HS- | M] () -- C:\Users\Ans\NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TMContainer00000000000000000001.regtrans-ms
[2010/05/19 22:42:10 | 000,065,536 | -HS- | M] () -- C:\Users\Ans\NTUSER.DAT{f6488ad2-9bd1-11de-a905-bfd175d3c5b8}.TM.blf
[2010/05/19 22:42:00 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/19 22:41:55 | 002,872,399 | -H-- | M] () -- C:\Users\Ans\AppData\Local\IconCache.db
[2010/05/19 22:37:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/19 22:21:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000UA.job
[2010/05/19 21:21:00 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3584055296-3703936577-1853140151-1000Core.job
[2010/05/19 21:19:00 | 000,002,651 | ---- | M] () -- C:\Users\Ans\Desktop\Microsoft Office Word 2007.lnk
[2010/05/18 20:47:23 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 20:22:27 | 000,059,648 | ---- | M] () -- C:\Users\Ans\AppData\Local\syssvc.exe
[2010/05/12 21:28:30 | 020,609,470 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 2.mp4
[2010/05/12 21:26:51 | 018,926,115 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 1.mp4
[2010/05/08 20:29:49 | 012,679,402 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4
[2010/05/03 14:40:14 | 007,519,060 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- 2pac-Tupac Heartz Of Men.mp4
[2010/05/03 14:35:04 | 013,845,607 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- 2Pac - Until The End Of Time.mp4
[2010/05/03 14:31:00 | 007,928,213 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- 2pac-Tupac Only God Can Judge Me.mp4
[2010/05/03 14:21:52 | 023,604,917 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- 2pac-Only Fear Of Death.mp4
[2010/05/01 18:54:17 | 060,631,356 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- IMRAN KHAN BEWAFA.mp4
[2010/05/01 18:48:10 | 005,416,651 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- tere liye atif aslam song of (prince ).mp4
[2010/05/01 18:43:44 | 007,855,114 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4
[2010/05/01 18:34:56 | 016,050,451 | ---- | M] () -- C:\Users\Ans\Documents\YouTube- The Game, 50 Cent - Hate It Or Love It.mp4
[2010/05/01 18:30:40 | 000,000,961 | ---- | M] () -- C:\Users\Ans\Desktop\YouTube Downloader.lnk
[2010/04/30 20:21:32 | 000,002,032 | ---- | M] () -- C:\Users\Ans\Desktop\Google Chrome.lnk
[2010/04/29 17:35:45 | 000,381,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/28 21:04:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/04/28 21:04:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/04/20 21:11:16 | 000,065,024 | ---- | M] () -- C:\Users\Ans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Ans\AppData\Roaming\*.tmp files -> C:\Users\Ans\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/19 20:34:54 | 000,010,610 | ---- | C] () -- C:\Users\Ans\AppData\Local\dd_vcredistUI34B0.txt
[2010/05/19 20:34:53 | 000,437,780 | ---- | C] () -- C:\Users\Ans\AppData\Local\dd_vcredistMSI34AD.txt
[2010/05/19 20:34:53 | 000,012,534 | ---- | C] () -- C:\Users\Ans\AppData\Local\dd_vcredistUI34AD.txt
[2010/05/18 20:47:23 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 20:22:27 | 000,059,648 | ---- | C] () -- C:\Users\Ans\AppData\Local\syssvc.exe
[2010/05/12 21:28:30 | 020,609,470 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 2.mp4
[2010/05/12 21:26:50 | 018,926,115 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- Bismillah Sher Part 1.mp4
[2010/05/08 20:29:49 | 012,679,402 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- Miss Pooja & Panjabi By Nature (PBN) - Aashiq.mp4
[2010/05/03 14:40:14 | 007,519,060 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- 2pac-Tupac Heartz Of Men.mp4
[2010/05/03 14:35:03 | 013,845,607 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- 2Pac - Until The End Of Time.mp4
[2010/05/03 14:30:59 | 007,928,213 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- 2pac-Tupac Only God Can Judge Me.mp4
[2010/05/03 14:21:51 | 023,604,917 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- 2pac-Only Fear Of Death.mp4
[2010/05/01 18:54:16 | 060,631,356 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- IMRAN KHAN BEWAFA.mp4
[2010/05/01 18:48:10 | 005,416,651 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- tere liye atif aslam song of (prince ).mp4
[2010/05/01 18:43:44 | 007,855,114 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- Tinie Tempah Pass Out (Lyrics In Description).mp4
[2010/05/01 18:34:55 | 016,050,451 | ---- | C] () -- C:\Users\Ans\Documents\YouTube- The Game, 50 Cent - Hate It Or Love It.mp4
[2010/05/01 18:30:40 | 000,000,961 | ---- | C] () -- C:\Users\Ans\Desktop\YouTube Downloader.lnk
[2010/04/28 20:57:46 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/04/28 20:57:46 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/09/24 18:18:33 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/24 18:16:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/05 23:06:46 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\Days5.ini
[2008/08/21 01:03:33 | 000,003,118 | ---- | C] () -- C:\Windows\SysWow64\AudioDrv.ini
[2008/08/21 01:02:37 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2008/08/21 01:02:34 | 000,003,348 | R--- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2008/08/21 01:02:34 | 000,000,078 | R--- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/08/21 01:02:30 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/08/21 01:02:30 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/08/20 22:38:20 | 000,015,231 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/08/20 22:37:54 | 000,014,915 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/01/21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/02 09:58:14 | 000,001,970 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/05/23 01:17:30 | 000,047,395 | ---- | C] () -- C:\Windows\php.ini
[2007/04/26 02:21:36 | 000,000,236 | ---- | C] () -- C:\Windows\zraidtray.ini
[2006/10/11 12:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

extras.txt

OTL Extras logfile created on: 20/05/2010 18:54:50 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Ans\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 185.94 Gb Free Space | 39.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ICEMAN
Current User Name: Ans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- C:\Users\Ans\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = F9 D6 8E F7 10 3E CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0361C16E-3A26-467F-80FD-48698CDA19C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08A09183-2EA4-4E2D-9CC0-53F8C57F189E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0B875F51-B6E3-4E1B-BD7D-F73E5717F6F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{109F5C97-32F3-4C35-A8DB-90B71871D7AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{13951E4F-9405-4E3A-A229-4FC16C20069A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{139A4B86-AF0B-4B58-81F8-F1F53F433C2E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{13BE065B-F99C-4CEE-AC08-711FC6E48448}" = lport=11202 | protocol=17 | dir=in | name=bitcomet 11202 udp |
"{17C3B956-0F9A-4C1D-84CF-E5DF2318470F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{18A738AB-D2EC-432B-9E6A-84DBE6862450}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B108FD4-BD98-4B25-B52E-2189D9B140A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1C59E11C-F86F-4727-9048-F6C35F9F901E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FBACBAC-657B-4FE4-BA06-9D9D754ACEA5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FBDAE0F-1592-4EB3-823E-001F215024ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{221E648C-3BDC-4A30-B8FF-C7B3D855D88A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{23EE8926-97F7-4A67-815C-118CE0E226B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{262C56A7-9159-4674-9583-C47C45886A12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2742733A-9202-4084-A88F-AEAC8FB0AA5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{276278D4-7BEA-4580-B3C7-66F233D1863C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BFA98E4-3F04-4D80-83CC-FDC714BD994B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D611F5B-99CF-464E-B99D-8CFCAA99AEEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2E3E3337-1CCD-4175-8881-CE1F67A92AE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2E5DEEF3-53EB-4E75-820B-C602BCB39ED7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2EB2531F-55EB-4FE3-8914-C814735D31B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3146FCF4-6A3D-4B2A-9501-8420A36B4A6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{31880F7E-F7FB-4457-8AE3-BD53E7FD590C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3664139F-E0C8-40A2-B9E7-3EC122FF2C5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3666C74C-6F2C-4661-85E9-596C49B9C6B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3869E370-3FF7-45C7-8872-7F954A70BCFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3A8FEFF6-CDF6-468A-B9C5-4C748C7A6120}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3AA6FC7A-5B94-4098-9189-963E76254DC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B66B6ED-0AFC-4ED8-A10A-3F0AAF3BCBB1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D12B99D-B7BA-4C64-9830-B56773528431}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D5C5A57-2199-4D07-BBDF-99A2B0FF3106}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{40084DB7-39C4-4F79-8453-094B27FE28AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{44E332B6-D42D-4E06-A749-C7C5FC6A1805}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{450E74E9-2BE0-4244-B088-C2497B854078}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4EA8FA0F-8349-498F-AC99-88F1DEBE7DC0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{52283CB8-9FEF-4252-8626-BAE12A71EC62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53C04F66-AE2A-473A-B099-DFE761D156E0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54B47797-7AEA-4850-81F0-FFC8DE86BAAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{58BF44EC-5651-439D-9BB4-59F74525257D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{58DB0AB4-93A3-43AE-B730-CABEF5D40873}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5DF48A1C-669A-4885-856C-4CF790C1E41C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5FDE8010-F8B5-4467-8A74-9AD6C814B8CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{607C7B8B-CB55-43FD-A5A8-E8FA4575F1E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{60CC49CE-86EC-4808-86E0-C8DC729FFBDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{627511BE-6705-4DF1-8AA9-42AA455A92D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6317C82D-E909-4D7C-B643-BBB4A3E6D22A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{645FC600-4586-4195-AC27-DE37BA36471D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6723B40A-E309-4123-A7FF-B1CFE897C31B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{67C2017D-449D-4890-A63F-BF80E2ED68D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{68F00C20-8DA6-4D15-A87D-01ECD8978FB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6A8CBB28-CF63-4D3D-A6E7-8A72E1D84EA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6D52F856-D503-4EF1-AD95-1516555051FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{73F9FEC4-FA95-4D91-ADA2-165958B03D29}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7753EFED-3408-49F2-B68F-1777153BB8EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7AC17FD0-6B9C-4981-9874-C3EC7E8C66AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C514123-A7C1-4798-92C2-41FB79E55449}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7E3C5259-117F-4978-BEC4-8530737E55DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7EA99E76-DD94-40D9-ABA8-48B8D06D9B5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80B69CCC-E6D9-42E5-BCAD-D121C1B7F4B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{828E5FF1-4DB7-48CD-B067-B74306D0FA11}" = lport=2869 | protocol=6 | dir=in | app=system |
"{85C34359-F3AA-439F-9B5E-6EB66DCA17C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{881B5ABB-D1F4-4B06-8353-87C5BE3AA0FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{89265673-2C7D-4DD7-BEDB-FBEEFAAB74D0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A789DA3-0D8E-482B-B0F7-1F514150715A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8BEACD69-F967-48EB-98FA-5A62F6014091}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8C1EFED1-DE86-409B-AABF-FA1AD716D6E0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8F5BDE5A-6CD0-4F24-94AF-E25327BDB0F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{903BFC6A-B256-4DB1-B713-5460E4B78804}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{91345576-1E4F-4CF7-9116-45E7957DE2E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94B3F2EC-F3F9-40EA-864C-2C5C31B20014}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{95EB06F7-B61F-40AC-B871-6F784FA6909D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{973DF149-560F-465E-BD2A-CC60F66565E2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{979AE334-CFFD-4786-AFE1-A64A501FA582}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9EB4B064-9085-41BB-9738-9C2D316C8E6A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9EC1798C-532D-4487-8AD5-A573E5ECA32C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A0FE45FB-C213-4555-92E2-50A757A7DB8A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A13A31F2-30E2-4A6F-B8A6-DA63C471DA5D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A595AB48-96B2-4C8F-A480-E7F2B3B2280B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD350750-480A-47E3-BA58-97967C5F904A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD7AE0AA-EDB6-4DBE-9746-61319F61C780}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B3A8D968-89F9-4423-BD0B-8A29AFC19E75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B539DF17-7921-4C3A-9FBF-D9C723B5B154}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B7F48F0A-AD17-406B-9B97-2EE0573DC2D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BF66DB24-191A-4A7F-991F-EFCF2910B9DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BFFF53D9-0085-41B7-9EA4-276187F48E6E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C1F2F53F-1B7C-4A62-9722-50B491392626}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C519E3BB-D355-43E3-91EB-B561E9E7E272}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C799F33F-FBDD-4AAD-99C1-B5AAF5B21EB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB1F68A3-A623-4DBA-B1EC-1999DCDF9A06}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB227DEB-0C15-48B6-BB9C-2DDC6779CC84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CBBEC6DB-D0E8-407D-BF69-13A5FD650F82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CE395B04-0406-4A1D-A5F7-74399348364C}" = lport=11202 | protocol=6 | dir=in | name=bitcomet 11202 tcp |
"{D03651A2-9C87-4762-A016-684373A79DCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0E98139-5BFB-4AFC-9E0A-D6DAB04F2A9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2A54817-D8F1-44E2-988D-A04B86228370}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2C5FE38-36A1-401D-AFA3-7EDB1F51CD58}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D449CB25-A251-410C-8E59-3F4720A16278}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D44F7DEA-D8DF-413B-89DA-B49F23044F73}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5AAA37C-DA11-45FA-824A-015C76F4FB13}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D61D6F4C-6C1D-4783-92AB-9B80B3A60548}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D67DBFE0-D6F0-44E3-A6EB-F4E064092284}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D995E89F-0586-4411-B298-A6900B607BA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D9C25FC2-0114-4747-A90D-2263D4A248F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DE77A7F9-2C42-46CA-AA2F-5EB0DCD1D90B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0976DC7-C4EB-47B1-A76C-ABF86AD316BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E35074C5-77DB-4DDA-B881-55BC910A42C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F284022E-AD77-45AC-87E7-4EB276086D9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F53F9CC9-3519-466B-A57A-CFF34CDBDF13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F57433B8-7979-443C-A369-25CFE8284EDE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F8524436-24D6-461D-9029-51C979855649}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F8CE6310-05C0-4FD5-9794-E5E37713D31D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBDAD423-548A-4CDC-B6A6-DB1A79E9F514}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FC0297A6-8C1E-48C3-AEE3-05DBB3453128}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00935464-CC85-41ED-B8A8-0D97A032BE61}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{02D48B76-62B1-4CE5-B777-E59C31B5A52C}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{02DA050C-FDEC-4FEE-944F-DC62F68B1AD8}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{042C40C3-691B-4665-A4C4-6A7BF8A4F748}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{04AB1A8B-9CA7-419D-926B-68824743A41C}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{059650F5-18CE-475A-88DE-85FABF34457D}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{06796629-AAEC-4B64-9ED4-87540238F6A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{074AFF0F-066B-4B89-BFBA-BC53F6FC9F01}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{0BDFB63B-45AA-420D-94A4-344A920353A2}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{0BE3DA04-5B70-46B8-A9F1-5E32FF1969D6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0E20664D-0F0C-4C8C-B8E1-72EAA3A26ABA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{120ED917-1E23-4B26-BB85-C430C934F13F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{13F1C943-031E-4971-A0F5-2AB7C8A95C1D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{15690EC4-91A9-474F-B7FD-430518CD34AA}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{165F2780-54B5-4D83-9809-19652930A9EF}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{19074BFF-30A2-4274-874B-4ADE648F64AD}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{190C2024-04BD-4C03-8B96-DCE349CA0B53}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{191FDE98-BF52-4A62-87B9-E2BEFC94769E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1ED79B9C-A7F5-4DB2-BC61-6EAAFCCBD1DF}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{204082AF-6A44-4C53-A3C2-7284EA494DA0}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{213B7DFD-52BF-49A1-98C4-BEFAFC76DC81}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{230D04F1-F095-4DED-9164-5907614765F4}" = protocol=6 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"{233181EE-0198-48A1-A901-6FEBAB6A0A6C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2734063C-DF47-4F54-B9E2-D70D7307487B}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{2AC32713-8A7B-4640-9B05-A39CD9C7981C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2C036C61-574E-4D54-9C28-FADABE610BB0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2DC42473-7102-490E-A5C5-856AFF70340C}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{2E8159EB-CC7A-40C5-965D-44B0033EC53F}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{30E09B40-3E76-4DFA-B353-0C70E5181DC9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{324F439F-012B-4B23-893E-B6D0B7243D09}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{33E99D7F-F8D4-4D9F-838B-5023492A59DA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{34A3A752-991C-4F64-B0BF-E9A838DF065D}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{354BD128-06A1-4B24-8F84-163CE1234DF7}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{3733A1DA-D518-4209-99BD-BEEE2F18B031}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{37871CD5-7872-45C3-8388-E513550256B0}" = protocol=6 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"{37E99696-4471-4D92-8846-A059B9A6B2E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3A09EF43-25CA-4AA0-8D7E-DB622FD857F5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3BAAB933-34C4-4D64-BB0D-CE5608467FDA}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{3CF4B04B-D1FD-42D0-B1A4-9D8ADF4AB957}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3D5AADAF-8370-4B3C-B65A-83BAD1DC0309}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{3EACF80B-0276-482E-8D28-CA7B2FA5E9BE}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{41D8B957-DE6C-492F-A976-F49EBAA31945}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{45D76E44-21FE-4DDB-AB0A-E7072FE29EF4}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{478A9CCE-EC25-4AD0-AFA6-FA6471847065}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{506A18AD-B5A2-494A-8A42-29C87E058DEA}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{50999627-83D1-4406-9CD7-284C0999B350}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{538A3A90-2027-490C-93BD-121554364540}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{573C78D6-7183-459F-AA0A-014F2F8D9C5E}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{59083E02-A72A-43DB-AED2-C59F760E8538}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5A2D4085-0488-434D-9C18-3E4FAFFFC468}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5AB43B7C-150A-47F4-ABE0-62B355A7DC1F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5D611A98-4DAE-4FDD-A6F1-40C6465D0324}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5E325EF8-336D-496B-B640-C614BD26EBA4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5E50ED77-FF29-439C-A787-5CC7F4A10A41}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5EE4AF61-5F65-49C8-81B6-8CBE8D11335D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5F4B1057-3582-4801-BAF9-6ABCFB259FA5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{648865BD-C006-4D0F-97E2-881805771752}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{64D0C009-60E3-40E7-8E1B-1EDF6B966A3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{6787A5EE-ED9A-4E65-9D7D-B2AF8DF08047}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{69E4B5E6-28F0-4FEA-BB46-20C309C0DB5D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6A44C262-0011-4EEF-B410-55F5AE839C18}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{6C233F39-3E5C-4FD5-8B7A-B4308F1B93A0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6C7013BE-6F8B-4BF1-BD56-3327461B8B60}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{70287535-9F4F-4AF4-923C-2EAA496B83D6}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{70AD91C2-7EFB-4B6B-8009-05675579EC21}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{73039C32-97AB-4F02-9AC7-831F05C50B7F}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{737AABB6-8D5B-4717-ACD8-239027D6AACA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{75BCABFE-04A2-431D-B74C-589D988F5327}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{76159027-0B1F-45C7-9CAE-BAD252301D27}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{775D4BD4-F674-4C47-90C2-9F6CD1FA7115}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{77D40C22-77AD-41BE-9B00-25D9CFE64EA5}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{79134C7B-7FAE-4D82-8B04-2D6FC8C38554}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7982DF1D-652B-47AE-B3B4-AB85B15CACB8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7D095CCC-5EC8-42AA-94BE-8C24DC2F8269}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{7DC62AD9-4F36-4F4D-BB1C-089DA05FD1B7}" = protocol=17 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"{7E515211-13DE-4DA7-B2B9-C4A1D6EB4278}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{83539781-CACE-4AC1-9EC2-A132006A820E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{851EDBF7-AED4-4C15-B121-BAB10E45452F}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{85201872-6659-40DD-BAD0-42C2CA2C778B}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{896323A1-122F-4CC4-AAAB-9413E9FCAE22}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8B2BB861-1B7F-4ACC-99BD-6ACE84F039C3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8D6B59A0-9681-4678-B7E7-08BC7DF08042}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8F837A3E-DAE9-4E6E-8663-BF11CC1DB39D}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{901D40D0-0E86-4265-8449-22F2ABFAAAE3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9BE003D7-CFD6-4F31-88B9-3A7CD1A7FD83}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A58B9F22-B0A6-49A7-B853-EE6AD046CE8E}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{A6379EF5-59CD-418C-86C7-1F473E1A2AAF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A6382A61-F13D-4E44-AD1D-87D4B4568D33}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{A81EDA25-639B-4180-8F42-CC1D6B3B448F}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{A92BC841-F0E7-401B-8B5B-6640704030B0}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{ABE1E35E-0E70-4FC6-B71F-04D081DB03D3}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{B180C1EE-64F3-4FF5-A3DF-C66BE06894AA}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{B4E602E6-54B8-4822-929C-158F611FE5B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{B71D866B-6B04-45EC-A0D4-C2A68E614160}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{B8C2739D-1CF8-43D6-B027-1C21AB516A56}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{BC398307-DE3D-47F5-8767-C06433B6DE52}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{BE3F839D-717C-41C6-83A6-6F8ADF895F5C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C0222B88-94DE-46B4-A370-C6A036B42093}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{C08A3DF9-DE1B-4ABD-9BF4-F491EFBA3768}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{C4AF8342-DB45-4826-9909-AB1D87039255}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C65FEC9D-6860-4E97-99DB-EF9DF63B550A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C6E29172-0623-4F46-ADF5-9C8EC55D8CF6}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{C75FF31B-C57C-4732-9C02-902E64AA0459}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CAB21DA7-89C3-4452-B052-0D6420339C0A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CAD0F65B-CC9D-4730-A050-D820E06B5843}" = protocol=6 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"{CB82DCD5-9992-465F-A38B-7C1127C5FF5D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CCDC06D7-8A66-44AC-8635-B42FACD10503}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{CE16AD5E-4620-4C03-95B9-43B2B5D2FA37}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{DD0F4EDA-2707-431A-820A-945C676B4100}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DE07286B-D65A-4BF7-8291-DBFB7EF7D075}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DE6DF3DA-CCFB-4086-99B3-9F47C26D45F7}" = protocol=17 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"{DFFF724E-E08B-4013-A47A-F540D0150DC8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E25C2975-B43A-483A-88F8-311C06517FEB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E2E16AD7-0600-4A35-952F-233F68F57E2F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E882C34F-670C-4DB0-9078-0B85D142B7EA}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{EADC2336-BBA4-4F7A-B841-43C5D38BC323}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EC890BE3-A452-4BF0-8302-5F58C3DB53BB}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{F0897AE8-C851-4AE0-B513-4698FD73DE77}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F517D5CE-79B8-4237-8CA3-B0D4683B9A10}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F6D0411A-DB65-4F83-BAE0-82659B49C310}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FB900E2C-79A6-4AD4-9563-1EC67333757C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FC12152F-7064-4694-A9B0-1128A140808B}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{FF5DC479-0D19-4E10-A436-A003E5AD58F8}" = protocol=17 | dir=in | app=c:\program files (x86)\virgin broadband wireless\wireless manager.exe |
"TCP Query User{03AD3CC6-C73F-40A0-9175-0C62BA748198}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe |
"TCP Query User{3878306E-09C5-4CA0-870B-56B33F2853CC}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{421C479D-A279-41F5-9528-2A26D71FA2D4}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"TCP Query User{46EF92E2-B348-4EAF-B7F8-79EFD821C8BE}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{4A855B5C-08E4-415B-A318-79D14DF41B00}C:\users\ans\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\ans\appdata\local\temp\nero web\setupxu.exe |
"TCP Query User{5015070E-09C2-488B-AFBB-271A8DAC7E8D}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{80DDDB99-E1BF-4E81-AD60-881C2F4AFE77}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"TCP Query User{831A862B-385A-41AE-9377-94AE57343F26}C:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe |
"TCP Query User{A5B38501-59D6-458F-9613-F81CD6574D08}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"TCP Query User{A8C59A48-0B0A-418A-8161-93CBF642316C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{A9F6BDFD-A593-4EFC-8343-01663CA849E7}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{B3FBC116-5381-4811-A74D-C2B04DEC8655}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{C19A0DEF-DAE2-4A84-AACB-C3B9CDFEF22F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{CD34458D-CC9A-4161-9463-CF7145196972}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{E3921F37-F1DE-4F3A-9CA8-8D0D1C57129B}C:\program files (x86)\marvell\61xx\apache2\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files (x86)\marvell\61xx\apache2\bin\apache.exe |
"UDP Query User{1FA3594E-FD3B-48FE-848D-7697795A9732}C:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe |
"UDP Query User{283039E8-F267-4697-8F0F-F453CF6E75C2}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{38C51128-501B-4DF4-B859-BE865D31BA19}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{57038DA1-AEAD-4E91-B6E2-D358394325FF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{6DCF702D-79F4-42B7-8E45-EAA5E6FBF258}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"UDP Query User{7025C8C1-30B7-47ED-8ED6-2579193CD64E}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"UDP Query User{7D6751CF-E96C-4E45-A3A9-120A72CBD51A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{8748EF7F-2530-4C5B-A28B-D174F60DCC6C}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{9723DB15-E61F-43E6-8B3E-DD4A42AB2831}C:\program files (x86)\marvell\61xx\apache2\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files (x86)\marvell\61xx\apache2\bin\apache.exe |
"UDP Query User{C98D2A28-4688-4B9F-8209-3C1B4732695B}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{CB13B60D-CBDF-4695-B585-083F8D30988D}C:\users\ans\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\ans\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{E0B74478-E67A-45BA-BDEB-F4F6A6D35CB3}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{EF728F4D-9E3A-481B-96DF-A64E28ED4231}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe |
"UDP Query User{FD60AF72-48C6-444A-8021-62450FD3BA4E}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{FEF76B4C-833B-4EC9-A73D-6B34706BEEB0}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0CE473E5-4187-4D59-8CC0-0983395B37DC}" = GoGear SA19xx Device Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}" = Sound Blaster X-Fi Xtreme Audio
"{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}" = Nokia PC Suite
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{847CAE64-4CD2-4B2D-AF00-978FF5431033}" = Nero 7 Ultra Edition
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE90CE58-41DE-4708-9291-A9D1D49B1033}" = SecurDisc Viewer
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C19DBE5E-712E-4F02-8380-ECEDD951B374}" = DigitalTV
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AudioCS" = Creative Audio Console
"BitComet" = BitComet 1.09
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"Image Merger .EXE_is1" = Image Merger .EXE 1.0.0.19
"LimeWire" = LimeWire PRO 5.0.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSC" = McAfee SecurityCenter
"mv61xxDriver" = marvell 61xx
"mv61xxMRU" = Marvell MRU
"Nokia PC Suite" = Nokia PC Suite
"RealPlayer 6.0" = RealPlayer
"SystemRequirementsLab" = System Requirements Lab
"VDOTool_is1" = VDOTool 6.4
"VLC media player" = VLC media player 0.9.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/12/2009 07:16:03 | Computer Name = Iceman | Source = LoadPerf | ID = 3012
Description =

Error - 27/12/2009 07:16:03 | Computer Name = Iceman | Source = LoadPerf | ID = 3011
Description =

Error - 28/12/2009 07:30:12 | Computer Name = Iceman | Source = LoadPerf | ID = 3012
Description =

Error - 28/12/2009 07:30:12 | Computer Name = Iceman | Source = LoadPerf | ID = 3011
Description =

Error - 28/12/2009 16:21:51 | Computer Name = Iceman | Source = LoadPerf | ID = 3012
Description =

Error - 28/12/2009 16:21:51 | Computer Name = Iceman | Source = LoadPerf | ID = 3011
Description =

Error - 29/12/2009 07:27:11 | Computer Name = Iceman | Source = LoadPerf | ID = 3012
Description =

Error - 29/12/2009 07:27:11 | Computer Name = Iceman | Source = LoadPerf | ID = 3011
Description =

Error - 29/12/2009 15:00:01 | Computer Name = Iceman | Source = LoadPerf | ID = 3012
Description =

Error - 29/12/2009 15:00:01 | Computer Name = Iceman | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 22/07/2009 10:28:34 | Computer Name = Iceman | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 07/22/2009 15:28:33. You may need to reschedule your recordings.

[ System Events ]
Error - 18/05/2010 18:22:44 | Computer Name = Iceman | Source = Service Control Manager | ID = 7000
Description =

Error - 19/05/2010 13:24:58 | Computer Name = Iceman | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001FC6D851B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/05/2010 13:25:26 | Computer Name = Iceman | Source = Service Control Manager | ID = 7000
Description =

Error - 19/05/2010 14:35:47 | Computer Name = Iceman | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:27:48 on 19/05/2010 was unexpected.

Error - 19/05/2010 14:35:48 | Computer Name = ICEMAN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001FC6D851B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/05/2010 14:36:00 | Computer Name = Iceman | Source = Service Control Manager | ID = 7000
Description =

Error - 19/05/2010 17:03:08 | Computer Name = Iceman | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001FC6D851B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/05/2010 17:03:51 | Computer Name = Iceman | Source = Service Control Manager | ID = 7000
Description =

Error - 20/05/2010 13:43:56 | Computer Name = Iceman | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001FC6D851B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 20/05/2010 13:45:24 | Computer Name = Iceman | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
   

In Firefox

1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
   
2. Click the apply button and restart that computer in normal mode.
   

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTor1.dll File not found
  [2010/05/18 20:06:18 | 000,000,000 | ---D | C] -- C:\Users\Ans\AppData\Local\twutmhtys
  [2010/05/18 20:22:27 | 000,059,648 | ---- | M] () -- C:\Users\Ans\AppData\Local\syssvc.exe
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Here is the fix log from notepad below.
I have also noticed a $RECYCLE.BIN folder has appeared when I deleted it tells me important system files are in there e.g desktop.ini. I still delete but when I go into C drive again its there again? Also a few folder apear like holagram or ghost folders which I never used to have in the C drive this virus? folders names are Boot, Doc & settings, MSOCache, Program Data, System Volume Info, a couple of the folders don't let me into them even though in logged in as administrator. I don't what to do?

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c5c0f58-e061-457d-9033-77307f5ed00c}\ deleted successfully.
C:\Users\Ans\AppData\Local\twutmhtys folder moved successfully.
C:\Users\Ans\AppData\Local\syssvc.exe moved successfully.

OTL by OldTimer - Version 3.2.5.0 log created on 05212010_195634

Hello.

I see that you are running BitComet.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight the following:
  
  BitComet 1.09
  Java(TM) 6 Update 7
  Java(TM) 6 Update 19
  
  
• Click on the Uninstall/Change button at the top.
  

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Hi

This in the log text

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

These where the threats found.

C:\Program Files (x86)\Nero_Burning_Rom_9_0_9_4c.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Users\Ans\AppData\Local\Temp\afa7b113.exe Win32/Olmarik.SC trojan cleaned by deleting - quarantined
C:\Users\Guest\Music\Immortal Technique - Dance with the Devil.wma probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05212010_195634\C_Users\Ans\AppData\Local\syssvc.exe Win32/SpamTool.Agent.NEG trojan cleaned by deleting - quarantined

Is my computer clean now?

I use bitcommet to download stuf, what is best one you suggest?

thankz

Hello.
Sorry, can't help you with all, all forms of P2P have their risks.

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 20.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.
  

Then download and install Adobe Reader 9.3.2

How is the machine running now?

Hi

Thanks for all your help, couldn't have done it without you. I think computer is working fine now.
you guyz are the best!!!