Jump to content

littleshu

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, August 21, 2010 Operating system: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 1 (build 6001) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, August 20, 2010 22:22:39 Records in database: 4130136 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Objects scanned: 379186 Threats found: 4 Infected objects found: 6 Suspicious objects found: 0 Scan duration: 07:00:26 File name / Threat / Threats count C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml Infected: Trojan.Win32.Clicker.hd 1 C:\Users\Ryan\Downloads\corel_painter_10_en\Corel Painter X10.1.0.53 EN_Activate_Patch.exe Infected: Trojan.Win32.Pasta.arw 1 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVVWK0ZB\upgrade[1].cab Infected: not-a-virus:AdWare.Win32.Zwangi.bbt 1 C:\Windows\System32\wininit.exe Infected: Trojan.Win32.Patched.kl 1 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVVWK0ZB\upgrade[1].cab Infected: not-a-virus:AdWare.Win32.Zwangi.bbt 1 C:\Windows\SysWOW64\wininit.exe Infected: Trojan.Win32.Patched.kl 1 Selected area has been scanned.
  2. explorer still has a problem and has stopped working. chrome works now though. All processes killed ========== OTL ========== HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. C:\Users\Ryan\AppData\Local\rnyesxpnk folder moved successfully. C:\Users\Ryan\AppData\Local\xlpfrloba folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Ryan ->Temp folder emptied: 7890717368 bytes ->Temporary Internet Files folder emptied: 59394480 bytes ->Java cache emptied: 67996720 bytes ->FireFox cache emptied: 46763288 bytes ->Google Chrome cache emptied: 594288 bytes ->Flash cache emptied: 4372801 bytes User: Sierra %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 313507832 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 294651127 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 12244254 bytes Total Files Cleaned = 8,288.00 mb OTL by OldTimer - Version 3.2.10.0 log created on 08202010_121459 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVVWK0ZB\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNVQ2UM7\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0VNKTSX\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9T2CV1B3\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot. Registry entries deleted on Reboot...
  3. Thanks for helping. The symptoms started like normal ad ware. a fake virus scan popped up and said i need to run a virus scan. after that happend explorer crashed. i restarted the computer and explorer said it need to close. i've tryed to start explorer with the task manager but it keeps saying it needs to close. the only other problem i can see is chrome internet does not work. i've run avg free and mbam. OTL logfile created on: 08/20/2010 11:02:01 AM - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Ryan\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 10.68 Gb Free Space | 2.29% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RYAN1-PC Current User Name: Ryan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/08/20 11:01:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\OTL.exe PRC - [2010/08/19 15:52:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/04/30 16:47:37 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009/04/02 16:30:12 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe PRC - [2006/11/02 08:03:35 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe ========== Modules (SafeList) ========== MOD - [2010/08/20 11:01:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\OTL.exe MOD - [2008/01/20 19:51:13 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2008/01/20 19:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2008/01/20 19:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc) SRV:64bit: - [2010/03/02 21:12:12 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2008/01/20 19:51:22 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:64bit: - [2008/01/20 19:51:03 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:64bit: - [2008/01/20 19:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008/01/20 19:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/09/07 11:16:16 | 001,909,032 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen) SRV - [2010/08/19 15:52:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/11/05 22:42:19 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/04/02 16:30:12 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009/02/16 17:42:00 | 002,741,114 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2008/12/13 12:18:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/12/05 21:42:11 | 000,376,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2008/11/11 15:33:12 | 000,200,704 | ---- | M] (SoundMovieServer) [On_Demand | Stopped] -- C:\Windows\SysWOW64\snmvtsvc.exe -- (SoundMovieServer) SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp) DRV:64bit: - [2010/08/19 15:53:25 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA) DRV:64bit: - [2010/08/19 15:53:20 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64) DRV:64bit: - [2010/08/19 15:53:18 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64) DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/03/02 21:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010/03/02 21:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/03/02 20:07:32 | 000,188,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009/10/12 21:34:45 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2009/10/12 21:34:44 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/01/08 20:09:10 | 000,033,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2008/12/04 21:05:25 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2008/11/11 15:05:16 | 000,033,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio) DRV:64bit: - [2008/06/10 14:04:28 | 000,036,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64) DRV:64bit: - [2008/06/09 14:12:08 | 000,020,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr) DRV:64bit: - [2008/02/13 23:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/01/20 19:51:03 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:64bit: - [2008/01/20 19:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2007/02/16 12:12:36 | 000,012,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2007/02/16 11:30:12 | 000,014,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2007/02/15 17:11:26 | 000,012,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid) DRV:64bit: - [2006/10/31 00:25:01 | 000,014,136 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS) DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2009/01/26 15:17:09 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2009/01/26 15:17:08 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2006/10/31 00:25:01 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS) DRV - [2005/01/01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 46 B6 F9 0B 8D CA 01 [binary data] IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7 FF - prefs.js..extensions.enabledItems: {4bcdbfd0-fa26-11de-8a39-0800200c9a66}:3 FF - prefs.js..extensions.enabledItems: firedownload@mozilla.org:1.1.7 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52 FF - prefs.js..extensions.enabledItems: {1FC31306-9493-433B-8F49-5C8FCFA8A3F3}:1.9.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845 FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Ryan\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} [2010/08/19 11:59:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{1FC31306-9493-433B-8F49-5C8FCFA8A3F3}: C:\Users\Ryan\AppData\Local\{1FC31306-9493-433B-8F49-5C8FCFA8A3F3}\ [2010/08/19 11:59:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/08/19 15:52:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/10 18:11:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/10 18:11:17 | 000,000,000 | ---D | M] [2008/12/04 20:59:34 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions [2010/08/19 18:24:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions [2009/06/29 18:07:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/11/13 13:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2009/08/29 11:12:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/10/29 21:58:12 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/10/02 17:40:48 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\battlefieldheroespatcher@ea.com [2009/07/25 19:58:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\firedownload@mozilla.org [2009/09/04 08:32:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\firetorrent@radicalsoft.com [2010/08/19 18:24:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2009/01/28 20:08:04 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiCHPlugin.dll [2008/09/10 00:39:42 | 000,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll [2010/08/05 12:37:48 | 000,002,074 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml O1 HOSTS File: ([2009/01/04 20:30:06 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000..\Run: [steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files (x86)\Hamachi\hamachi.exe (LogMeIn Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll () O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5810b619-c284-11dd-a60b-00e04da13977}\Shell - "" = AutoRun O33 - MountPoints2\{5810b619-c284-11dd-a60b-00e04da13977}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found O33 - MountPoints2\{584129dc-ddc5-11dd-8050-00e04da13977}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe -- File not found O33 - MountPoints2\{f00d8c8c-c303-11dd-b906-f68d64452dcd}\Shell - "" = AutoRun O33 - MountPoints2\{f00d8c8c-c303-11dd-b906-f68d64452dcd}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/08/19 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\logs [2010/08/19 16:48:05 | 000,000,000 | -H-D | C] -- C:\$AVG [2010/08/19 15:53:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg [2010/08/19 15:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2010/08/19 15:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [2010/08/19 13:29:37 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes [2010/08/19 13:29:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/08/19 13:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/08/19 13:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/08/19 11:59:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1FC31306-9493-433B-8F49-5C8FCFA8A3F3} [2010/08/19 11:58:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\rnyesxpnk [2010/08/19 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\xlpfrloba [2010/08/19 11:57:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Windows Server [2010/08/19 11:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Update [2010/08/15 16:50:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\sc2 [2010/08/15 16:49:25 | 004,797,440 | ---- | C] (Vernam7) -- C:\Users\Ryan\Desktop\SC2ALLin1.exe [2010/08/15 16:49:25 | 002,995,712 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.Utils.v9.3.dll [2010/08/15 16:49:25 | 002,059,776 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.Data.v9.3.dll [2010/08/15 16:49:25 | 001,642,496 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.XtraEditors.v9.3.dll [2010/08/15 16:49:25 | 001,184,256 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.OfficeSkins.v9.3.dll [2010/08/15 16:49:25 | 000,876,032 | ---- | C] (Abysmal Software) -- C:\Users\Ryan\Desktop\DevIL.dll [2010/08/15 16:49:25 | 000,698,368 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.XtraLayout.v9.3.dll [2010/08/15 16:49:25 | 000,584,192 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.XtraTreeList.v9.3.dll [2010/08/15 16:49:25 | 000,077,824 | ---- | C] (Abysmal Software) -- C:\Users\Ryan\Desktop\ILU.dll [2010/08/15 16:49:25 | 000,032,768 | ---- | C] ( ) -- C:\Users\Ryan\Desktop\Interop.Scripting.dll [2010/08/15 16:49:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\hk [2010/08/15 16:49:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\ai [2010/08/13 14:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II [2010/08/13 14:11:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\StarCraft II [2010/08/13 14:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010/08/13 14:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2010/08/13 13:54:01 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\sc [2010/08/10 22:01:26 | 000,000,000 | R--D | C] -- C:\Users\Ryan\Desktop\Left 4 Dead 2 [2010/08/10 18:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/08/10 18:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/08/10 18:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010/08/10 18:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2010/08/10 18:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010/08/10 18:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2009/02/07 19:23:06 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/08/20 11:03:46 | 063,655,328 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010/08/20 11:02:11 | 004,718,592 | -HS- | M] () -- C:\Users\Ryan\NTUSER.DAT [2010/08/20 11:00:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/08/20 10:58:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/08/20 10:57:51 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/08/20 10:57:51 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/08/20 10:57:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/08/20 10:57:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/08/20 10:57:43 | 4025,802,752 | -HS- | M] () -- C:\hiberfil.sys [2010/08/20 00:24:23 | 000,524,288 | -HS- | M] () -- C:\Users\Ryan\NTUSER.DAT{ac9130b5-ba11-11de-979e-00e04da13977}.TMContainer00000000000000000001.regtrans-ms [2010/08/20 00:24:23 | 000,065,536 | -HS- | M] () -- C:\Users\Ryan\NTUSER.DAT{ac9130b5-ba11-11de-979e-00e04da13977}.TM.blf [2010/08/20 00:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/08/19 23:54:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2920161537-2277595896-3629292948-1000UA.job [2010/08/19 15:53:27 | 000,013,048 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll [2010/08/19 15:53:27 | 000,001,725 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010/08/19 15:53:25 | 000,317,520 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys [2010/08/19 15:53:20 | 000,269,904 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys [2010/08/19 15:53:18 | 000,035,536 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010/08/19 15:53:17 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010/08/19 13:29:30 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/08/19 12:48:01 | 000,001,356 | ---- | M] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat [2010/08/19 11:59:18 | 000,000,120 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Qkipataza.dat [2010/08/19 11:59:18 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Dpuvakaxode.bin [2010/08/19 11:58:26 | 000,000,005 | ---- | M] () -- C:\zrpt.xml [2010/08/19 11:46:53 | 000,000,565 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\myMPQ.ini [2010/08/17 12:54:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2920161537-2277595896-3629292948-1000Core.job [2010/08/15 16:48:55 | 000,000,805 | ---- | M] () -- C:\Users\Ryan\Desktop\SC2ALLin1.lnk [2010/08/13 15:09:10 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010/08/13 13:36:19 | 331,729,743 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/08/12 23:59:12 | 004,345,269 | -H-- | M] () -- C:\Users\Ryan\AppData\Local\IconCache.db [2010/08/12 19:56:05 | 000,002,072 | ---- | M] () -- C:\Users\Ryan\Desktop\Google Chrome.lnk [2010/08/12 19:56:05 | 000,002,034 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/08/10 21:34:25 | 000,189,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010/08/10 21:34:25 | 000,189,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010/08/10 19:14:39 | 017,478,913 | ---- | M] () -- C:\Users\Ryan\Desktop\l4d2 2001 patch full no need change.rar.zip [2010/08/10 18:14:18 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/08/10 18:10:41 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/07/31 15:15:59 | 004,797,440 | ---- | M] (Vernam7) -- C:\Users\Ryan\Desktop\SC2ALLin1.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/08/19 15:53:27 | 000,001,725 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010/08/19 15:53:26 | 000,013,048 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll [2010/08/19 15:53:25 | 000,317,520 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys [2010/08/19 15:53:20 | 000,269,904 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys [2010/08/19 15:53:17 | 063,629,394 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010/08/19 15:53:17 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010/08/19 15:53:17 | 000,035,536 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010/08/19 13:29:30 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/08/19 13:29:27 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2010/08/19 12:57:17 | 4025,802,752 | -HS- | C] () -- C:\hiberfil.sys [2010/08/19 11:59:18 | 000,000,120 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Qkipataza.dat [2010/08/19 11:59:18 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Dpuvakaxode.bin [2010/08/19 11:58:02 | 000,000,005 | ---- | C] () -- C:\zrpt.xml [2010/08/15 18:35:07 | 000,000,565 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\myMPQ.ini [2010/08/15 16:49:25 | 001,101,824 | ---- | C] () -- C:\Users\Ryan\Desktop\myMPQ.dll [2010/08/15 16:49:25 | 000,037,888 | ---- | C] () -- C:\Users\Ryan\Desktop\DevIL.NET2.dll [2010/08/15 16:49:25 | 000,002,238 | ---- | C] () -- C:\Users\Ryan\Desktop\zergmouse.cur [2010/08/15 16:49:25 | 000,002,238 | ---- | C] () -- C:\Users\Ryan\Desktop\terranmouse.cur [2010/08/15 16:49:25 | 000,002,238 | ---- | C] () -- C:\Users\Ryan\Desktop\protossmouse.cur [2010/08/15 16:48:54 | 000,000,805 | ---- | C] () -- C:\Users\Ryan\Desktop\SC2ALLin1.lnk [2010/08/13 14:54:54 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010/08/10 22:45:50 | 017,478,913 | ---- | C] () -- C:\Users\Ryan\Desktop\l4d2 2001 patch full no need change.rar.zip [2010/08/10 18:14:18 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/08/10 18:10:41 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/03/28 20:16:39 | 000,422,956 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI372C.txt [2010/03/28 20:16:38 | 000,013,386 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI372C.txt [2009/12/13 16:45:59 | 000,329,550 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI09FB.txt [2009/12/13 16:45:59 | 000,013,962 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI09FB.txt [2009/12/13 16:28:30 | 000,327,858 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI7C9A.txt [2009/12/13 16:28:30 | 000,011,154 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI7C9A.txt [2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009/07/14 15:55:46 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009/07/14 15:31:33 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2009/05/23 10:57:29 | 000,334,332 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI3C1F.txt [2009/05/23 10:57:29 | 000,011,202 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI3C1F.txt [2009/05/23 08:22:45 | 000,416,296 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI45B1.txt [2009/05/23 08:22:45 | 000,011,410 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI45B1.txt [2009/05/11 12:17:19 | 000,000,035 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\TheHunterSettings.cfg [2009/05/09 20:08:30 | 002,466,458 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_NET_Framework35_x64_MSI1BFE.txt [2009/05/09 19:40:27 | 000,227,093 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_depcheck_NETFX_EXP_35.txt [2009/05/09 19:40:23 | 000,000,002 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx35error.txt [2009/05/09 19:40:22 | 000,289,102 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx35install.txt [2009/05/09 19:39:27 | 000,581,814 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI05BB.txt [2009/05/09 19:39:25 | 000,014,332 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI05BB.txt [2009/04/09 23:05:16 | 000,001,356 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat [2009/03/06 22:07:23 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI [2009/02/07 19:23:06 | 000,748,167 | ---- | C] () -- C:\Windows\SysWow64\Co2c40en.dll [2009/02/07 19:23:03 | 000,000,227 | ---- | C] () -- C:\Windows\teensmrt.ini [2009/02/06 14:01:15 | 000,000,080 | ---- | C] () -- C:\Windows\sierra.ini [2008/12/13 12:25:41 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2008/12/05 08:48:37 | 000,001,460 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps64.dat [2008/12/05 07:54:02 | 000,000,092 | ---- | C] () -- C:\Users\Ryan\AppData\Local\fusioncache.dat [2008/12/04 21:55:03 | 000,747,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008/12/04 21:43:12 | 000,019,968 | ---- | C] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/04/11 17:37:37 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2008/04/03 10:10:34 | 000,028,101 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_depcheckdotnetfx30.txt [2008/04/03 10:10:28 | 000,005,664 | ---- | C] () -- C:\Users\Ryan\AppData\Local\uxeventlog.txt [2008/04/03 10:10:28 | 000,000,604 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx3error.txt [2008/04/03 10:10:27 | 000,031,806 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx3install.txt [2008/01/20 19:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 19:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Ryan\Desktop\Defiance (2008) DVDSCR Occor avi.mp4:TOC.WMV @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:C39E55C5 < End of report > OTL Extras logfile created on: 08/20/2010 11:02:01 AM - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Ryan\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 10.68 Gb Free Space | 2.29% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RYAN1-PC Current User Name: Ryan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" () InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l () scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02B236B2-3FD4-4D09-9A16-B506DEC225B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{04D797CB-036D-4C00-80BC-1F1B60489812}" = lport=137 | protocol=17 | dir=in | app=system | "{180E92A2-AE91-4C8D-803D-66A41F45A718}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1BC6CB66-0E28-4BD9-B24D-78CF9FD2A614}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1EB3C084-FC43-4A28-AADC-74990294C227}" = rport=139 | protocol=6 | dir=out | app=system | "{25909D5D-B81B-4A72-890A-FD4AB79A8DF1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2D811196-3099-4780-98DF-A27A92A8C7A1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2DB7DF9D-2B99-4361-B15E-AF96F621F9AE}" = rport=445 | protocol=6 | dir=out | app=system | "{40526FE1-FEF7-411B-B66C-5C07AF87B0AA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{423F94F7-490B-42CA-AFC6-1DA5FF5218B7}" = lport=58531 | protocol=6 | dir=in | name=pando media booster | "{49F03BC6-E08B-4815-AA20-4D929422353E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4F730EBE-6587-44FF-9ADE-AC2188DFA481}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{61EE5A36-9CC7-4F83-A5E7-96BC416E8F78}" = lport=58531 | protocol=6 | dir=in | name=pando media booster | "{645ED99D-EA92-4C15-90C5-3F2E5DB692DF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6ADE226E-40FC-4324-A66F-8D7C98484ECF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7517E53C-32FC-4AE1-A874-A465D79841FE}" = lport=2869 | protocol=6 | dir=in | app=system | "{78ADABB8-4B63-4228-9238-A378B2ECBCB5}" = rport=10243 | protocol=6 | dir=out | app=system | "{7F2A2547-1E84-496B-838A-1600664D4F60}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{80FF7F5E-ECB5-416E-A93B-84996826CDBB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8FC44BD3-2A5B-47B5-AE94-757BF0B27638}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B76BC131-23A7-4F05-B701-F40FAF289CB0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{B8DC4514-3571-436A-8E5F-A84B7F5DBD82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BD5F4804-7967-4FBE-A9E6-81D99970A9A6}" = lport=58531 | protocol=17 | dir=in | name=pando media booster | "{BD5FCC66-9420-4170-8FB2-4EE3CBE19C7F}" = lport=10243 | protocol=6 | dir=in | app=system | "{C87AE7C2-47DE-41B5-B48D-AF69C0DA9BF9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C8B15FEE-F7B4-4472-8A42-49796603B60D}" = lport=139 | protocol=6 | dir=in | app=system | "{D1555AC4-A891-450B-A964-811DC0CF77D7}" = rport=137 | protocol=17 | dir=out | app=system | "{D1869FF4-6FD0-434F-933E-60A799D01E31}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D656261F-C86D-44D1-97F2-C8082AA53B72}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{D9579BBC-F122-48AF-9FF1-C552DC637D1A}" = lport=445 | protocol=6 | dir=in | app=system | "{DA12EEB1-E8A7-42F4-B97B-E34415E3BC42}" = lport=58531 | protocol=17 | dir=in | name=pando media booster | "{E22EE837-B17F-42A6-BF87-AA066788ED14}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E364DFE9-DFDE-4E82-BFD1-3D6F07B708A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EB69B14E-28C3-4005-A536-C5F2DFCAF74E}" = lport=2869 | protocol=6 | dir=in | app=system | "{EC33707D-693D-4340-82FF-00AEE051B3B9}" = lport=138 | protocol=17 | dir=in | app=system | "{F22CA274-BD36-4FB1-A2B6-4BA9A1D94E5E}" = rport=2869 | protocol=6 | dir=out | app=system | "{F70B3A5A-7304-4F11-972F-88ECAF9F4224}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F7487799-2443-4F4E-A897-34E385A57C49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FF56AC3E-352E-4D0B-BE74-6B92F9FD7ED6}" = rport=138 | protocol=17 | dir=out | app=system | "{FFDB488E-18AB-43F8-809D-D2873ED47822}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02C0E8B3-38E3-4A1D-AFBA-272059105F32}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe | "{07AA2AB3-7C8F-43FF-9FEC-E293EB68DC8E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0B62526D-0FE8-4001-8257-9822D9A51E95}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | "{0BBBED06-9614-46D2-8512-8FD6011F3744}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{0EAEA559-93A1-408F-8D0D-E712163F2FAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{10AA416E-A0E1-4CDD-B7C9-F5C41D6B7DF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{11EF0F2D-EEEC-45EB-BAAD-0B0939560CC7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{13C7F0B4-FFC2-4EAB-910B-E0D132FB4ADA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{175F3EC9-D46D-44AE-9611-E9D1F26E1EB9}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe | "{17827644-1785-4E4F-BC88-7BDB4E111E62}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | "{1838D5AF-B098-4B51-A66E-E753CC04F0FA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1BE3A066-8B5D-4F92-9C72-07FD185DCC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | "{1E17A6AC-CF51-4A36-9E27-553F4301134B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{2038CF95-D09A-4447-8730-52070072943D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{214BDFB2-433B-4F17-A6AD-51EB5E4DB51D}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe | "{26000AD4-C5C9-4730-A799-83C04F1A227C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2729648F-F631-4823-92E9-12B86A9AD7DB}" = protocol=6 | dir=out | app=system | "{29735DE4-F6EC-450C-906C-6A3F9F4C99BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2AD1C598-B272-47E9-AE60-4279B849AFD7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{2B8737CF-2129-4BA9-BC00-E675B34B845D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2E9193AD-7D48-4C37-B97C-8F8E1198AA12}" = protocol=6 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe | "{30D01B78-F792-42D3-9021-921484BAB5F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{30D77E41-BCC6-4361-83D4-642B69483042}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | "{32D12671-10CD-4869-9013-5E78A169E18C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{359AE0C9-827B-449E-A9CB-6C3689E7982E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{384ECBE7-151C-4FC6-B63C-75312098C1AD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{386BF2DE-B97A-49D9-92DD-D66431D38874}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3967E751-F52A-43FA-9BF7-3C2080864403}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | "{39EB26C9-7365-47EF-9F2E-E8839A1822A6}" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe | "{3E54E104-A963-4AB6-BC5B-F09C1B76BA23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4082335A-B716-449A-B91A-86CD2C327AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{452CCF1A-9D31-4E95-A40A-432FF79196BE}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{45EBE370-B933-4039-971D-ABF91E4FD856}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{47777210-79CD-45AF-9766-8580025D48F0}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{48D8FD4D-E94C-4C12-973A-4B43395839DA}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{49B6F792-CA0D-481A-A75C-BB9383209620}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | "{4D385FFC-4234-45EC-AE46-F58EE3A1D54F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4DF39988-0A5C-48D5-AC45-F26CAD85179E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{4F5F61B7-C567-4354-B3FC-26140446EF6D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe | "{519B2295-B930-4475-B505-BF33CE7AA623}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | "{51B8D284-D172-4285-8ADA-E9E5F43251AA}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{54E215F3-2A23-4DA1-B835-661816A31DB1}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{5520D2A6-18CB-499D-9EBF-DC4637CB62E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5AC5503D-63F5-40D2-ABD2-A1A3394035C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{5EF3FF6B-7A05-4452-9363-F0A399550207}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | "{60D1EB74-A205-40DA-946F-EC86C3D26C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | "{6A34DDFD-E118-4687-89AA-E83CA488CB94}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{6D59185D-BEF8-4A32-BAF9-2A35CA250AFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{72DC1A49-6917-4959-9CF9-003E9CF8A04F}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{7466CFEE-5F98-48FD-8B6D-D171831649B9}" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe | "{773AD95E-2B3A-472C-8DB6-0133A48373A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{798FB662-8ABB-4527-92C4-9F38E88AAD90}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7D09DC00-02FF-4E82-95F1-37F2FADA5027}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{7D4B137A-1873-4E10-9ADD-1C289431D7FD}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{7F1DFC69-775F-463B-B799-FA7354CCD88B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{83117107-3E81-4754-B4E9-20EB2FD74EFA}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{83850B18-97C6-4CD4-A88D-8DE126EFA5D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8698DD3D-C50F-4E8B-AD85-49C369901002}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe | "{86C92B9A-DA0F-4400-B248-952F74EF7147}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{8A23E8E9-ACE4-45DD-A994-DD392C0E3811}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8E0FC138-4B78-4FE6-B956-44525D5B57C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8E8E960A-5D3F-49A0-9A33-B97909B5F03B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{8ED34286-E02B-4E2D-AAA1-14F7CF15250D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8FD4D1E2-F21F-4EE6-A84C-39E786874F2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "{936FD310-1813-455B-A699-7F6CBF2EDCC4}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mp.exe | "{93BEB86A-150C-43F7-8839-A8D9DAB11918}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe | "{9526854E-3197-4CC1-8233-383B81222044}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{97B68CF2-C50E-429C-A5DF-0961A140B330}" = protocol=17 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe | "{998FA86A-8D26-4A1F-A0C3-AF0017DED492}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{9A0AA802-FA04-4C4E-B60A-47219EC3A24E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "{9C08C6F9-F438-4A7D-BB74-13553841EAF0}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{A17C471F-51D8-43A0-8CAC-3802A524A758}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mplite.exe | "{A2732B73-6953-4761-91A5-779A5C667995}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A444B557-1C31-4792-903D-ABB05A8CB1EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A58BC768-B356-4ED9-8E4D-7A9C81B0E998}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{A698BC8D-245D-4B3C-B9FD-A2AF1BA8F31D}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{A6C9FA05-0A5C-4D09-92D4-5C94F50FA109}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{A740734D-8C16-4030-810D-803607F170AB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe | "{A869345F-7C26-4DE2-8D15-3779258DBF9C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A9C77A91-3834-4AAA-95D8-4B6E0F170ECF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB9252F1-FC18-4E0D-B038-0CB39C797EDF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe | "{ACAFDBED-BEAF-4543-A863-222D3EAC12F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{AF20930C-5693-4728-BF4D-39E5AC53B8D3}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{AF848067-88CA-44E0-87AF-F02511AE68F0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B0D7B10B-EDEE-431B-A849-E58F810251B8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{B3C74E2E-E733-4541-A78F-0831288C3AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mplite.exe | "{B4E26E87-120B-4A7E-9630-6F89F80EED7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B54C764A-3F9A-40FB-A31E-7EEFD35A8A49}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B87C7C1D-3AC6-480E-9B43-D86245FA016E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{B8E5C988-6917-4CBF-81E5-F433D92CD494}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{B919A65F-DB58-4C7E-9E3B-5EAE72549222}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA265C78-4364-436E-88D9-59179EDECFC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BB8A83F7-CDA6-4C06-8627-B5790C5AF03C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{BC1CE565-B960-473C-A8AC-378F7197AB5B}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | "{C46E8DC4-667C-443D-8CAF-42AF21097C7E}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | "{C5644948-D301-47AA-98B0-A642056660B4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{C6B70246-71E2-4DCC-B3B5-F737729216A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe | "{C74BD9AC-9DFD-4BB8-8749-6884D787F8A0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{CE836928-9149-44E4-BDE7-937476411972}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{D040D302-30C7-4E6A-B573-0CD5CCEB1437}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | "{D228CB32-3820-4568-8976-DF7AB8C614E5}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{D46CBDB8-0EBE-417C-968E-027F3B8045D9}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | "{D606E9B5-7382-4C91-8B13-F3EADF216785}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D947EF69-8818-4A82-98FB-8A741A5D8096}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mp.exe | "{D9AF8AA4-1DAD-4E1A-B696-49404AB44342}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{DC83E66C-A55E-4083-B46E-A3288816798D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{DDCCA54A-A549-4F34-A451-338C097C35D6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DE926E7D-C321-49AC-AE72-5D5526B88FC8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | "{E1BB6CA5-13DE-42AC-9331-15EA138D3618}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{E1E86C6A-B2F7-4616-8555-823CB078D494}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E71E395F-0867-4640-A94A-154F8E9B74BE}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{E7A4C508-E945-4A94-A9E7-AF9620214BD2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{E8F8223B-C183-4F7C-8052-50463C8FF902}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{ECFAD8B5-CDCD-4EA2-8E74-0E3EBE2486D2}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{EDD47D50-C5F1-45C4-86F4-7157762B6C63}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{F4941F6E-7E2B-40C5-BA67-E57102F79C5E}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe | "{FAE46CFF-FFE3-4BA4-ACD1-B6C5C6EC3C33}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{FCF9A07B-4A80-4EE7-B76A-9EC7E18CBD90}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "TCP Query User{0B055FA4-F4DE-4A24-AF09-076272C324BB}C:\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\mohaa\mohaa.exe | "TCP Query User{277FB28E-90B9-4FD3-BA7E-7E18ECC4FE28}C:\program files (x86)\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\america's army\system\armyops.exe | "TCP Query User{7A7FA04C-7040-4D69-A55E-B9DBCA91FAE3}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "TCP Query User{7F77FCB2-BE08-4027-AD31-7CE9FB11EDDB}C:\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\left 4 dead\left4dead.exe | "TCP Query User{9D60618F-911D-42BE-A3E6-53D573FC639F}C:\program files (x86)\emote\launcher\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emote\launcher\launcher.exe | "TCP Query User{9EE92007-0B80-4363-AE0D-05A932DC5C11}C:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "TCP Query User{B01FE4B4-1EF9-4B4F-A6F8-95183295B50F}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | "UDP Query User{17B3C90C-AF1F-4926-B78E-7764748F24D8}C:\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\left 4 dead\left4dead.exe | "UDP Query User{2FA0C7B2-078A-4200-9589-9420EFE5ADB1}C:\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\mohaa\mohaa.exe | "UDP Query User{80C58662-EA57-40CE-8E48-EABC9320B0AC}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | "UDP Query User{8DF605DF-6E17-4A62-91F9-2A0107C82F57}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "UDP Query User{9970C97F-3A4D-415A-9AED-7174A49653E1}C:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "UDP Query User{AB2DD133-1502-433A-92C7-184FCF335BFF}C:\program files (x86)\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\america's army\system\armyops.exe | "UDP Query User{BC7E5651-117D-480D-AA56-FFC7B88C99C6}C:\program files (x86)\emote\launcher\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emote\launcher\launcher.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{23170F69-40C1-2702-0462-000001000000}" = 7-Zip 4.62 (x64 edition) "{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes "{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{898FF489-EB70-BB92-C5BD-D7E10329BF9E}" = ccc-utility64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2A0CBEE-8949-474E-9D2B-539726D20531}" = Microsoft IntelliPoint 6.3 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "TeamSpeak 3 Client" = TeamSpeak 3 Client "VistaGlazz_is1" = VistaGlazz 1.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis® "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{0166E190-92D7-482A-A220-DE8B7354383A}" = Demigod "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial "{039E5107-9932-B731-A551-5BF554DA9542}" = Catalyst Control Center HydraVision Full "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection "{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup "{20EB7BAE-7F60-34AD-130B-1C938FD65BE9}" = Catalyst Control Center Core Implementation "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{25235761-5EAB-76EA-2C7A-09FC6513784B}" = Catalyst Control Center Graphics Full Existing "{25F4442A-6CA5-03F6-2470-E6DF04175374}" = CCC Help English "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer
  4. i got a virus. i think it was resultdns service. the main problem now is explorer wont start up. Malwarebytes' Anti-Malware log file Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4449 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18882 08/19/2010 3:10:58 PM mbam-log-2010-08-19 (15-10-58).txt Scan type: Full scan (C:\|) Objects scanned: 523906 Time elapsed: 1 hour(s), 30 minute(s), 31 second(s) Memory Processes Infected: 2 Memory Modules Infected: 1 Registry Keys Infected: 38 Registry Values Infected: 12 Registry Data Items Infected: 3 Folders Infected: 10 Files Infected: 41 Memory Processes Infected: C:\ProgramData\ResultDns\resultdns113.exe (Adware.ResultDns) -> Unloaded process successfully. C:\Program Files (x86)\ResultDns\resultdns.exe (Adware.ResultDns) -> Unloaded process successfully. Memory Modules Infected: C:\Program Files (x86)\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3615583f-c2a5-4148-81ce-7152c14716e4} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3615583f-c2a5-4148-81ce-7152c14716e4} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3615583f-c2a5-4148-81ce-7152c14716e4} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3615583f-c2a5-4148-81ce-7152c14716e4} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{24f7625d-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{24f7625d-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{24f7625d-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24f7625d-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d212b886-1bdd-4046-b807-c61650837da1} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d212b886-1bdd-4046-b807-c61650837da1} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d212b886-1bdd-4046-b807-c61650837da1} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d212b886-1bdd-4046-b807-c61650837da1} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gabpath (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDns) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pdekurozece (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gabpath (Adware.GabPath) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Adware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bar (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windrivxxx.exe (Trojan.SpyEye) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipusp (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cvmtupnx (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nrgurgxx (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\epecicima (Trojan.Agent.U) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://home.tangotoolbar.com/) Good: (http://www.google.com) -> Quarantined and deleted successfully. Folders Infected: C:\Users\Ryan\AppData\Roaming\GabPath (Adware.Agent) -> Quarantined and deleted successfully. C:\ProgramData\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} (Adware.ResultDns) -> Delete on reboot. C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome (Adware.ResultDns) -> Delete on reboot. C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files (x86)\ResultDns (Adware.ResultDns) -> Delete on reboot. C:\Program Files (x86)\ResultDns\ResultDns_deleted_ (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WinDrivxxx.exe (Trojan.SpyEye) -> Quarantined and deleted successfully. Files Infected: C:\Users\Ryan\AppData\Local\nsonFwm.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Roaming\GabPath\gabpath.exe (Adware.GabPath) -> Quarantined and deleted successfully. C:\Windows\System32\sogkp.exe (Trojan.Adware) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Local\Temp\emxoawcnrs.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Windows\SysWOW64\fogkp.dll (Adware.EZlife) -> Quarantined and deleted successfully. C:\Program Files (x86)\Left 4 Dead 2\Razor1911.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files (x86)\ResultDns\ResultDns_deleted_\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\ProgramData\Update\seupd.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Local\Temp\mkcxhunr.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Local\Temp\ooflgt.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Local\Temp\xjoqojgw.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\components\gpff.dll (Adware.Agent) -> Delete on reboot. C:\Users\Ryan\Downloads\XPKey-283451.unk (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Ryan\Downloads\Call of Duty 4 Keygen\CoD4 Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\Windows\System32\5a78.dll (Adware.Mirar) -> Quarantined and deleted successfully. C:\Windows\System32\bogkp.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\Windows\System32\fogkp.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\Windows\SysWOW64\5a78.dll (Adware.Mirar) -> Quarantined and deleted successfully. C:\Windows\SysWOW64\bogkp.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\Windows\SysWOW64\sogkp.exe (Trojan.Adware) -> Quarantined and deleted successfully. C:\Windows\Temp\nsrE96D.tmp\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Roaming\GabPath\config.cfg (Adware.Agent) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Roaming\GabPath\GPUninstall.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\ProgramData\ResultDns\resultdns113.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome.manifest (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\install.rdf (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome\resultdns.jar (Adware.ResultDns) -> Delete on reboot. C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences\prefs.js (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files (x86)\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot. C:\Program Files (x86)\ResultDns\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files (x86)\ResultDns\uninstall.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files (x86)\ResultDns\ResultDns_deleted_\resultdns.dll (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WinDrivxxx.exe\config.bin (Trojan.SpyEye) -> Quarantined and deleted successfully. C:\WinDrivxxx.exe\WinDrivxxx.exe (Trojan.SpyEye) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\jnipmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Ryan\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Local\xlpfrloba\ijrsdbashdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Local\rnyesxpnk\iyiansishdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Local\uvoyejuh.dll (Trojan.Agent.U) -> Quarantined and deleted successfully. ark.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.