Incredibar

NtrNetSrfr · July 4, 2012

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1

Run by John at 23:40:26 on 2012-07-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13801 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files\OO Software\Defrag\oodag.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe

C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe

C:\Windows\vVX3000.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

C:\Program Files\OO Software\Defrag\oodtray.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Giganews Accelerator\GiganewsAccelerator.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\VyprVPN for Giganews\VyprVPN for Giganews.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Samsung\PanelMgr\caller64.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe

C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Common Files\AOL\1339455344\ee\aolsoftware.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Everything\Everything.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mystart.incredibar.com/mb161?a=6Oy5AixVwX&i=26

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: FCToolbarURLSearchHook Class: {939a6a52-7680-7e14-35d7-5851ade84213} - C:\Program Files (x86)\Bekko Search Bar 1.0\Helper.dll

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Bekko Search Bar 1.0 BHO: {0a7e0730-1d2b-21f4-d160-dbcb5520151e} - C:\Program Files (x86)\Bekko Search Bar 1.0\Toolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: Bekko Search Bar 1.0: {d8e6fab1-ccb0-9174-716b-7c4727c14bc8} - C:\Program Files (x86)\Bekko Search Bar 1.0\Toolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [AdobeBridge]

uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Facebook Update] "C:\Users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe

mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe

mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe

mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VYPRVP~1.LNK - C:\Windows\system32\schtasks.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GIGANE~1.LNK - C:\Program Files (x86)\Giganews Accelerator\GiganewsAccelerator.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Download with x-ipad-magic-platinum - C:\Program Files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM

IE: Save F&lash with FlashCapture

IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD}

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: samsungsetup.com\www

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.178.1.1

TCP: Interfaces\{8981FF05-6368-4BD9-89E8-2A47E85207D4} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B99C0433-D8C8-4C45-88A8-6AA8A9BA4C1F} : DhcpNameServer = 192.178.1.1

TCP: Interfaces\{CADE793A-0758-40EC-83E4-B2FEEC32F3E0} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{CADE793A-0758-40EC-83E4-B2FEEC32F3E0}\140707C65602355736B6371212 : DhcpNameServer = 192.178.1.1

TCP: Interfaces\{CADE793A-0758-40EC-83E4-B2FEEC32F3E0}\8456C6C6F6 : DhcpNameServer = 192.178.1.1

TCP: Interfaces\{CADE793A-0758-40EC-83E4-B2FEEC32F3E0}\C696E6B6379737 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{CF504919-AF17-4517-9BC8-05E3F0CC501A} : DhcpNameServer = 192.178.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: prio32.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Bekko Search Bar 1.0 BHO: {0A7E0730-1D2B-21F4-D160-DBCB5520151E} - C:\Program Files (x86)\Bekko Search Bar 1.0\Toolbar.dll

BHO-X64: FCTBPos00Pos - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB-X64: Bekko Search Bar 1.0: {D8E6FAB1-CCB0-9174-716B-7C4727C14BC8} - C:\Program Files (x86)\Bekko Search Bar 1.0\Toolbar.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

mRun-x64: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe

mRun-x64: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe

mRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

IE-X64: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD}

AppInit_DLLs-X64: prio32.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb161?a=6Oy5AixVwX&i=26

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb161/?loc=IB_DS&a=6Oy5AixVwX&&i=26&search=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 309020840000000000005404a62f5613

FF - user.js: extensions.BabylonToolbar_i.hardId - 309020840000000000005404a62f5613

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:09:29

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oy5AixVwX&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 66b33afe00000000000000ff82392c5c

FF - user.js: extensions.incredibar_i.instlDay - 15494

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:16:26

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6Oy5AixVwX

FF - user.js: extensions.incredibar_i.upn2n - 92259576709457079

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 1

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]

R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]

R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\system32\DRIVERS\vsflt53.sys --> C:\Windows\system32\DRIVERS\vsflt53.sys [?]

R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-5-18 918448]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2012-5-18 950912]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-12-14 586880]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-18 654408]

R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]

R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-4-29 1191408]

R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]

R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-9-13 278528]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-11-23 158336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]

S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-9-13 954368]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-04 03:27:01 -------- d-----w- C:\Users\John\AppData\Local\Macromedia

2012-07-04 00:27:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7EE2C97-ABC7-4887-A41F-F187369558C2}\offreg.dll

2012-07-04 00:26:55 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll

2012-07-04 00:26:47 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7EE2C97-ABC7-4887-A41F-F187369558C2}\mpengine.dll

2012-07-03 02:27:54 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-30 04:00:02 -------- d-----w- C:\Program Files (x86)\Eltima Software

2012-06-29 10:16:23 -------- d-----w- C:\Users\John\AppData\Local\Xilisoft

2012-06-29 10:14:22 -------- d-----w- C:\ProgramData\Xilisoft

2012-06-28 06:31:22 -------- d-----w- C:\Windows\LastGood.Tmp

2012-06-28 05:32:36 -------- d-----w- C:\Program Files\Microsoft LifeCam

2012-06-28 05:32:36 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam

2012-06-27 13:36:32 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-23 02:56:33 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-23 02:56:20 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-23 02:56:07 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-23 02:56:07 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-18 20:52:40 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-06-18 05:40:32 -------- d-----w- C:\Program Files (x86)\Everything

2012-06-14 04:14:59 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-13 02:35:04 -------- d-----w- C:\Opoosoft

2012-06-13 02:34:46 -------- d-----w- C:\Program Files (x86)\OpooSoft

2012-06-12 17:07:45 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C53CD39A-1C38-494A-A7F1-02C169883E4B}\gapaengine.dll

2012-06-11 22:57:03 -------- d-----w- C:\Users\John\AppData\Roaming\AOL

2012-06-11 22:56:49 -------- d-----w- C:\ProgramData\Viewpoint

2012-06-11 22:56:48 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe

2012-06-11 22:56:48 -------- d-----w- C:\Program Files (x86)\Viewpoint

2012-06-11 22:56:12 24064 ----a-w- C:\Windows\System32\drivers\wanatw64.sys

2012-06-11 22:55:59 -------- d-----w- C:\Users\John\AppData\Local\AOL

2012-06-11 22:55:20 -------- d-----w- C:\Program Files (x86)\Common Files\AOL

2012-06-11 22:55:20 -------- d-----w- C:\Program Files (x86)\AOL Desktop 9.7

2012-06-11 22:55:18 -------- d-----w- C:\Program Files (x86)\Common Files\aolshare

2012-06-08 06:10:44 53248 ----a-r- C:\Users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-06-08 06:10:33 -------- d-----w- C:\Users\John\AppData\Local\Logishrd

.

==================== Find3M ====================

.

2012-06-28 00:51:37 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-06-23 08:22:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 08:22:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-20 05:59:48 4077616 ----a-w- C:\Windows\PE_Rom.dll

2012-05-20 05:58:42 4143152 ----a-w- C:\Windows\PE_File.dll

2012-05-19 03:38:07 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys

2012-05-19 03:37:59 210016 ----a-w- C:\Windows\System32\drivers\vididr.sys

2012-05-19 03:37:57 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys

2012-05-19 03:37:55 275552 ----a-w- C:\Windows\System32\drivers\snapman.sys

2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-20 22:50:46 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-04-20 22:50:45 499712 ----a-w- C:\Windows\SysWow64\nsa18A3.tmp

2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-19 03:57:38 126912 ----a-w- C:\Windows\System32\drivers\scdemu.sys

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-04-06 02:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-04-06 02:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-04-06 02:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-04-06 02:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-04-06 02:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-04-06 02:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll

2012-04-06 02:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-04-06 02:32:08 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-04-06 02:32:04 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll

2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe

2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll

2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll

2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll

2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll

2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

.

============= FINISH: 234106.01 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume6

Install Date: 9/13/2010 10:26:17 PM

System Uptime: 7/3/2012 10:50:22 AM (13 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8Z68-V GEN3

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 2079/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 297.977 GiB free.

D: is FIXED (NTFS) - 466 GiB total, 305.924 GiB free.

E: is FIXED (NTFS) - 932 GiB total, 457.446 GiB free.

F: is FIXED (NTFS) - 932 GiB total, 909.725 GiB free.

G: is FIXED (NTFS) - 932 GiB total, 141.778 GiB free.

H: is FIXED (NTFS) - 2794 GiB total, 188.932 GiB free.

I: is CDROM ()

K: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: ASUS Bluetooth

Device ID: USB\VID_0B05&PID_179C\6&35FA611D&0&7

Manufacturer: Atheros Communications

Name: ASUS Bluetooth

PNP Device ID: USB\VID_0B05&PID_179C\6&35FA611D&0&7

Service: BTHUSB

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: MAC Bridge Miniport

Device ID: ROOT\MS_BRIDGEMP\0000

Manufacturer: Microsoft

Name: MAC Bridge Miniport

PNP Device ID: ROOT\MS_BRIDGEMP\0000

Service: BridgeMP

.

==== System Restore Points ===================

.

RP417: 7/3/2012 12:29:41 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

abgx360 v1.0.6

AC3Filter 1.63b

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Master Collection

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop Elements 6.0

Adobe Reader X (10.1.3)

AI Suite II

Angry Birds Space

AOL Uninstaller (Choose which Products to Remove)

Apple Application Support

Apple Software Update

ArcSoft MediaImpression

ArcSoft MediaImpression Codec

ArcSoft MediaImpression for Kodak

Asmedia ASM104x USB 3.0 Host Controller Driver

AviSynth 2.5

Bekko Search Bar 1.0

Bigasoft Total Video Converter 3.4.14.4261

Call of Duty: Black Ops

CardRecovery 5.30

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Classroom Spy Professional

CoreAAC Audio Decoder (remove only)

Crysis® 2

Dead Space™ 2

Driver Reviver

DVDFab 8.1.6.3 (11/02/2012) Qt

DVDFab 8.1.8.8 (29/06/2012) Qt Beta

Epson Copy Utility 3.5

Epson Event Manager

EPSON Perfection V30/V300 Photo Scanner Driver Update

EPSON Scan

eReg

Everything 1.2.1.371

Facebook Video Calling 1.2.0.159

ffdshow [rev 3299] [2010-03-03]

Garmin Communicator Plugin

Garmin USB Drivers

Garmin WebUpdater

Giganews Accelerator

Google Chrome

Google Earth

Google Update Helper

GPGNet

GPL MPEG-1/2 DirectShow Decoder Filter

GrabIt 1.7.2 Beta 6 (build 1008)

Hard Reset

ImgBurn

Insane 2

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Watchdog Timer Driver (Intel® WDT)

Internet TV for Windows Media Center

Java Auto Updater

Java 6 Update 22

Java 6 Update 33

Java 7 Update 5

JavaFX 2.1.1

JMicron JMB36X Driver

K-Lite Codec Pack 4.0.0 (Full)

KODAK Share Button App

Lame ACM MP3 Codec

Malwarebytes Anti-Malware version 1.61.0.1400

MediaPlayerLite 0.2

Microsoft Corporation

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mimo

mIRC

MKVtoolnix 4.3.0

Mozilla Firefox 10.0.2 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

NETGEAR WNA1100 wireless USB 2.0 adapter

NVIDIA PhysX

OpenOffice.org 3.3

OpenVPN 2.2.1

OpooSoft PDF Split-Merge v6.0

PDF Settings CS5

Picasa 3

PowerISO

QuickPar 0.9

QuickTime

Realtek High Definition Audio Driver

Revo Uninstaller 1.94

Samsung Easy Printer Manager

Samsung ML-1865W Series

Samsung PC Studio 3 USB Driver Installer

Samsung Printer Live Update

SDFormatter

Seagate DiscWizard

SeaTools for Windows

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Click to Call

Skype™ 5.10

Stone File Undelete

Supreme Commander

SWF & FLV Player 3.0 (build 3.0.33.5106)

Synergy

System Requirements Lab

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Viewpoint Media Player

VLC media player 2.0.1

VyprVPN for Giganews

WBFS Manager 3.0

Windows Media Center Add-in for Flash

Windows Media Player Firefox Plugin

WinZip 15.5

Xilisoft DVD Creator

Xilisoft iPad Magic Platinum

Xvid 1.2.2 final uninstall

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/1/2012 9:26:52 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

6/28/2012 3:47:46 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RACQUEL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CF504919-AF17-4517-9BC8-05E3F0CC501A}. The master browser is stopping or an election is being forced.

6/28/2012 2:28:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

6/28/2012 2:26:21 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/28/2012 2:24:44 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

6/28/2012 2:24:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

6/28/2012 2:24:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/28/2012 2:24:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

6/28/2012 2:24:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

6/28/2012 2:24:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/28/2012 2:24:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/28/2012 2:24:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

6/28/2012 2:24:21 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO DfsC discache JSWPSLWF MpFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf

6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

6/28/2012 1:12:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.

6/28/2012 1:12:22 AM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Attach.txt

Maniac · July 4, 2012

Hello NtrNetSrfr and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

Bekko Search Bar 1.0

Viewpoint Media Player

Step 2

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

NtrNetSrfr · July 5, 2012

Extras.Txt

OTL.Txt

Maniac · July 5, 2012

Please post them directly in your post as my instructions.

NtrNetSrfr · July 6, 2012

OTL Extras logfile created on: 17

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\John\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format:

15.97 Gb Total Physical Memory | 13.62 Gb Available Physical Memory | 85.32% Memory free

31.93 Gb Paging File | 29.31 Gb Available in Paging File | 91.79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 298.26 Gb Free Space | 64.04% Space Free | Partition Type: NTFS

Drive D: | 465.75 Gb Total Space | 305.92 Gb Free Space | 65.68% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 421.91 Gb Free Space | 45.29% Space Free | Partition Type: NTFS

Drive F: | 931.51 Gb Total Space | 909.72 Gb Free Space | 97.66% Space Free | Partition Type: NTFS

Drive G: | 931.51 Gb Total Space | 141.78 Gb Free Space | 15.22% Space Free | Partition Type: NTFS

Drive H: | 2794.39 Gb Total Space | 188.93 Gb Free Space | 6.76% Space Free | Partition Type: NTFS

Computer Name: CORAL_SPRINGS | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm[@ = chm.file] -- C:\Windows\hh.exe [2009

.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe [2009

.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe [2009

.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe [2009

.reg[@ = regfile] -- C:\Windows\regedit.exe [2009

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\Windows\hh.exe [2009

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe [2009

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe [2009

.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe [2009

.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010

.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE [2009

.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE [2009

.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe [2009

.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe [2009

.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe [2009

.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe [2009

.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE [2009

.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe [2009

.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe [2009

.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe [2009

.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe [2009

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

chm.file [open] -- "%SystemRoot%\hh.exe" %1 [2009

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 [2009

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* [2009

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 [2010

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010

https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" [2009

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l [2009

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" [2009

piffile [open] -- "%1" %*

regfile [open] -- regedit.exe "%1" [2009

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" [2012

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" [2011

Directory [cmd] -- cmd.exe /s /k pushd "%V" [2010

Directory [find] -- %SystemRoot%\Explorer.exe [2011

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" [2012

Folder [open] -- %SystemRoot%\Explorer.exe [2011

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe [2011

Applications\iexplore.exe [open] -- Reg Error: Key error.

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 [2009

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 [2009

chm.file [open] -- "%SystemRoot%\hh.exe" %1 [2009

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 [2009

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 [2009

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* [2009

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 [2009

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* [2009

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 [2010

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010

https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" [2009

inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 [2009

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 [2009

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 [2009

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 [2009

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l [2009

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" [2009

jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 [2009

jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* [2009

jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 [2009

jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 [2009

jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* [2009

jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 [2009

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" [2009

regfile [open] -- regedit.exe "%1" [2009

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" [2009

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 [2009

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 [2009

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" [2009

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 [2009

vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* [2009

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 [2009

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 [2009

vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* [2009

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 [2009

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 [2009

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* [2009

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 [2009

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* [2009

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" [2012

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" [2011

Directory [cmd] -- cmd.exe /s /k pushd "%V" [2010

Directory [find] -- %SystemRoot%\Explorer.exe [2011

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" [2012

Folder [open] -- %SystemRoot%\Explorer.exe [2011

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe [2011

Applications\iexplore.exe [open] -- Reg Error: Key error.

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0144859C-E5B1-4F4C-BCD8-86EC22950EC6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{01EB4DB3-0F0E-43FC-8A60-62AB35B1A665}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{03586029-FF33-42A1-AF54-8117127F87F6}" = lport=3390 | protocol=6 | dir=in | app=system |

"{04C80670-E2EE-4CD7-8B54-5F750C2988BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{08646184-A8B8-4E5A-BB72-FAB300F5F8DC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{0FA3555C-1568-4351-9A5B-22F92FE16EC9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1F111CA6-6D47-409E-97F1-7B9DC8F6CBA2}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

"{2189335E-2080-4714-8612-722A38B675EB}" = lport=139 | protocol=6 | dir=in | app=system |

"{239BD4FF-D12C-4220-9CBB-DE19443412BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{28CBE0DA-D947-42FD-85B4-855DC092D30A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{3A635F20-59CF-488C-9CE6-10D5C3BF141B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{3EAAA27B-C3F1-416E-8580-07DF64A9A456}" = lport=138 | protocol=17 | dir=in | app=system |

"{44357601-AB21-47F1-A567-7D256CA6D4AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{48E7BD88-418E-4E83-9532-C9ECE104A34C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{5684F8DC-1C6A-4A26-85DF-56CDDF5F8A95}" = rport=139 | protocol=6 | dir=out | app=system |

"{591E83C1-4AD0-4B5E-A91F-09659F77639D}" = lport=137 | protocol=17 | dir=in | app=system |

"{5B4CB57D-6978-400A-8B6B-D532C8C94832}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{6178E860-17E2-47C8-B9B8-DD568BCA014F}" = lport=10244 | protocol=6 | dir=in | app=system |

"{61D9CE8A-D3CF-45F9-B07A-FA202DC98C75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{63AA06E9-7226-44F6-A674-912A454AA327}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{67543B51-AF39-45E3-B0BB-20A9CBD1B32C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7014DC3F-DACE-4472-BDA7-3037BE154798}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7566BC59-5F07-4994-A613-E06B3995DE19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{77D2C492-3746-4926-A583-5EC252129DD0}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{7EFB31EA-5AD2-4C74-808D-5CD0842CC592}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{82C07D65-FA7A-44F7-864F-4FBB8581CFB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{84F20DA7-2298-4DD2-AF4F-8FE121B4C682}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8984EEB0-1C58-4847-B894-A7366F44C172}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{92550548-6884-4881-9B17-B462368B6AF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{92ED9BFF-F73A-4F38-B525-CB45D046DB5B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{964B7451-FF71-489C-AA25-0FE4EB919E04}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{9907AD28-AED5-4ED3-94AB-974763C7A536}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9B88EA17-13F2-4AE4-87CD-80495903D21B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{9FD2E996-2BF1-4E3F-ACA5-2CB82F8AE170}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A26799DD-3B3E-4A27-B4E1-85AAEE20331E}" = lport=1723 | protocol=6 | dir=in | name=1723 port |

"{A336710D-BBF9-4777-9D26-1EBB3B6BB467}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A6560959-645B-4654-9004-B2D851B73D8F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A7E970FE-8DD5-425C-A887-0B311D49400F}" = lport=10244 | protocol=6 | dir=in | app=system |

"{AF788DBF-F937-47B0-A969-6716A2368598}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{B87878DE-7B24-4D42-B796-98AE77B00629}" = rport=137 | protocol=17 | dir=out | app=system |

"{BD6D5CAF-C18A-4F48-AF91-80E39076EA56}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE968C45-FEE2-41A9-85BA-DEBD7CB5CAD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C05DA337-D18A-4BAC-8DDA-416123BFC11B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C4B7B039-B0E1-4FD3-A4A8-8AC6E178800F}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C5A831BE-C40F-497E-BFFF-CFE2006B6C6A}" = lport=445 | protocol=6 | dir=in | app=system |

"{CA500676-F7BB-41AF-80BE-44D0BD872203}" = rport=445 | protocol=6 | dir=out | app=system |

"{CBFD5CA5-1428-41A9-8D86-CE05D98E1294}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CD5362E8-2CE1-4243-B914-742C44D9292F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D83B816A-0103-456E-94F8-FF2A2A64C690}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DEE8CF9D-C6ED-470A-AD2B-E31C57985DDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E726A9B4-F7BE-4B0A-A6E7-F78770C6B9AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E7539920-E6A2-49F0-9DD3-882886C42817}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{EC537798-3AF1-4470-BC54-7ADB7649F8A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F0BB8E8B-8265-4BBA-864D-33A0B192EAB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F17AB4FA-DD8E-447A-B4B2-CADA82648A55}" = lport=3390 | protocol=6 | dir=in | app=system |

"{F1DF55A7-D944-4172-A5F5-F64742B40DED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F221B015-6EAE-4839-8CB0-A5592960754F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F2E1473C-4B8E-4F5E-BC78-D763ED4E58AB}" = rport=138 | protocol=17 | dir=out | app=system |

"{F31B3996-0E9B-4104-A036-0200BAAC9F1C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{F3E1FDA9-01E9-444C-9A75-33A1ACC8BF59}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F5B12777-7618-4349-9D58-A49407FF334B}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{024C490E-09DD-44C0-AAB4-C8D3AEB21D37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{0476B71E-7279-4965-9565-4FA73FF35816}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{09C0F67E-1D33-4B76-8B99-5D340B190CDC}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |

"{0F081A5A-5F85-41A9-B891-1F1847EF9C57}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{1B45DA58-CFA6-4E8F-8E28-EC93C50680C8}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe |

"{1FA42587-C5C5-4412-B6AC-81E09949C6D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2146FC3E-A0AE-4B9F-B792-E98CCEDC9BFF}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |

"{22A42E9E-8943-4D59-BA17-3683C82B41D7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{27CF2078-7E84-4E66-A304-ECBF4EA5AB05}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2ABD86B1-E9C3-46E9-AAC9-E930FC4E4020}" = dir=out | app=%programfiles% (x86)\xilisoft\ipad magic platinum\ipodmanager-loader.exe |

"{2B35364F-9A3E-46AE-85AA-FA06C69A3312}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2E230F54-2269-4FF0-98D5-17A0557794AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"{3163D6F7-285D-413C-930B-EA5FD43DBFF1}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe |

"{3416A30D-04ED-4659-AAB1-5E9BD34A47AB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{3751041D-CEBA-4B42-B55B-C633728E0FC1}" = protocol=58 | dir=in | app=system |

"{38265481-B427-4701-8B17-C98DB875FE27}" = dir=out | app=%programfiles% (x86)\xilisoft\dvd creator\dvdcreator.exe |

"{3992F744-D24B-40CE-8A1D-81D6017501F2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{3AA17109-6C7B-45CC-BAA1-F7F9E18D54DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3B86FEBB-4A2A-49BC-AADF-8B87721359B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{3E049677-CF25-4A21-A12F-08574A5C5176}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |

"{3F2BE071-89D0-4C8A-9F19-9F6552A47B4F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{4637C379-3C55-473D-87CF-9BED71435CDB}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe |

"{4A1DFA0B-978C-4F98-92B5-D7185CC25B50}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{4E34AB63-C0CA-4236-A47D-70BE9DE61137}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{50CC9FFF-5498-4C9E-874F-1CA197669D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |

"{56972F82-00FF-40E8-9C0D-1ED4D41931EB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1339455344\ee\aolsoftware.exe |

"{5D1ED4F7-CA5E-4C21-BF90-3C31A4DEDB7C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{5DF73A5E-A467-4EB8-AE86-8F6636BEAF03}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{628FE7B4-32B1-4A42-BCEA-CA0988C83E1F}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe |

"{62ABF9BA-11A2-434C-9A31-4A30BFEAD14C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{65939752-70B6-4FC3-8703-C9E14F91A34F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{67DC0E23-F2DD-4754-886F-0DA57D1C9376}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |

"{67F68A08-F6E9-49AE-94A5-8F5D32BF9457}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{68BF61DC-BC51-47ED-B4F7-0ECE777DD98F}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe |

"{697421E1-3E4E-446E-986C-B191D311BEC9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{6A0CD658-4266-4CA1-95D7-AFE1F765E801}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |

"{6A5C868C-9F86-4812-857B-911A36AB7D32}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1339455344\ee\aolsoftware.exe |

"{6B522CDF-8BED-44A1-83A4-5F2D666DA6FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6C63A9AF-C41F-440B-868C-C5275350BFB0}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"{6F2DF21D-DD6A-474C-B008-9C6BE9044D0B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6FFD3E8F-97B8-4FEF-9A82-7B02C9C0F53F}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |

"{72947683-9C2B-4F96-AA16-4AB678281692}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{73F02177-174F-4491-A4EB-9783FD0CEFE8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{7496CE7E-478B-4F6A-8D17-9ED5A0715DE1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{75FC07DB-1BD9-4813-A29A-61461D4CB745}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |

"{78798E79-CF9A-401C-875D-73EB14603648}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{7C09ADB1-2CD8-41D0-BECF-C1A3D046E4B9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{7E289066-E8BC-4707-886D-5B52199F2C55}" = protocol=6 | dir=out | app=system |

"{7E84850A-3DE9-440E-99C8-2B9AB4FA28AE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{7F8CBACB-2AF1-466B-88E9-F36FF094D018}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8670018F-37CE-4BC5-98F2-9538C5561EEA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8FAE1AAB-9E30-463F-AFF4-8CD0283F8226}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{92040760-15B2-408D-A6B7-2EC4814F5498}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{923E89B8-EB12-474C-B32C-DB4BB81B14F8}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{941A8B11-33A4-49CB-8867-E60D2981885E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{99C93335-9DD9-47EF-94BE-6F97155690EB}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |

"{9BD963B6-4647-4F75-9A3E-516A474DF302}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{9DE928FB-2CD9-4398-A257-0033BF5DB402}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{9E41CA94-0B82-4E01-8AFF-414ABD196AF4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{AA2EA2D2-AC01-43AC-A98B-F99008662A8B}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{AD6B831F-1E4E-4706-B05E-363C6AA7F60F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{ADCE8418-D2A9-4C0F-9B1D-BA84F579D0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{AED9FAB7-97C1-4E1A-9D53-3DFAB0780269}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B077F53B-7255-4AC2-AF5A-5DEFA761B9A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{B1E34222-331C-414F-9A89-B5F39A605754}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{B2E79E62-666A-409F-A149-0D6C09539B4A}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"{B8E68E8E-1687-4152-884D-F87B05550B2E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |

"{BBFA09E0-03CE-4202-B0DE-94572771D9DA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{BD09B32B-EFED-4CE4-A793-D88401496CA1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |

"{C23005ED-0D2D-4B90-A25C-63D54495407C}" = dir=out | app=%programfiles% (x86)\xilisoft\ipad magic platinum\ipodmanager.exe |

"{C3105710-04B8-4088-9340-99CFC2C60F0F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |

"{C5E79598-E47A-4B99-90A0-1548C6FFDD75}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C67C1CCB-2BB7-45CD-9900-21528ADBE6E4}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |

"{C6C0E580-E0BF-4404-A6A1-83256FC91CEF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |

"{C71D1FC9-DBD4-4DA5-8D82-962BFAED3B75}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |

"{CAD49F5A-0DA7-4F55-8748-16CF17795615}" = dir=out | app=%programfiles% (x86)\opoosoft\pdf split-merge\opoosoft pdf split-merge.exe |

"{CB5E4326-208F-48EF-9E0E-FE6AE252E718}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{CF0E3BCA-5336-463B-BCA1-216354BDB6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\asus mobilink\iphone simulator\pnsvc.exe |

"{D05C3A5F-183D-49A3-82E8-5A514DBD4283}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"{D342B8F5-4B9A-434A-9B01-AA0F4DF84ED9}" = dir=in | app=c:\users\john\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{D4BE51B8-AB9B-4535-AA51-63B3FCD8B866}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{D542665F-75BA-47BF-8A09-54E85CBD5306}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |

"{DA2B1319-39D1-421D-9C7A-2806F2E2801E}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe |

"{DF817AD4-1B87-45A8-BD86-96D3B170CD44}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{E3CF8F92-BA8A-41B4-ADEE-DAB6EDCF4DEA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{E4AE701E-1E7C-4BC1-BF0B-AC46047AABB3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{E4B8C03A-2FB3-4CCB-9D30-06D0BED832B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E615DB26-7782-4EA1-899D-2C32AE370C44}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |

"{E7B7CE6A-BA87-442F-9905-37327D2B949E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E86CB9EC-FDE1-4280-94EB-FF360829393E}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"{E8786266-6328-41EA-A739-5DF2E37267C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EB87262C-31B9-47EA-8BE8-5BF72CB36D79}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"{EC4206BB-14F9-4569-AF5D-58778C0E3D33}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |

"{F666AA04-C2E7-4519-877F-BDE5DAFA6C16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7139426-72F0-49BD-AFC8-72FB9EA28444}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{FEAEA4D8-3135-4192-9696-75C9899F7474}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |

"{FFAB6250-5801-491D-8312-BF11C24E6AF1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |

"TCP Query User{1444AD74-3709-4460-BFF7-B7312EE85E62}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"TCP Query User{1A482930-6A86-4AF1-B3FE-F42235E27636}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |

"TCP Query User{1EDEA7F8-E24D-4CDB-B9E8-2257D3B41662}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"TCP Query User{2502FB11-38CC-40CB-A423-EB12EA16C54B}C:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe |

"TCP Query User{42592C6E-BCAE-4A61-8EB2-42E2DFF9014D}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

"TCP Query User{42ACCD2E-4E82-47F0-9156-9419015B33C1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"TCP Query User{44EBA19E-12AF-455E-9E60-B642B2D54357}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{4D4A04C7-53D5-4D2E-998D-5F5BD3DC0F06}F:\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=f:\dead space 2\deadspace2.exe |

"TCP Query User{637EB493-BFC6-41F4-B98E-2D4543018D84}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |

"TCP Query User{6455E392-04AD-4B1B-944D-D3E460895B68}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{8CC51F2D-B486-4F05-954B-57C64B0B5792}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |

"TCP Query User{A4AAD524-8929-4251-92AC-215CF3D069CA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"TCP Query User{B1F9F1C5-6FDD-4E4A-B0D1-FAA0BE006650}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe |

"TCP Query User{BA392FBC-4D4C-4307-AA86-DF5B9459A7A6}C:\users\john\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{D307AAB2-7E3E-4D63-8EF5-A1CCDFE21295}C:\program files (x86)\java\jre6\launch4j-tmp\mimo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\mimo.exe |

"TCP Query User{D68F7AC5-4225-4569-BB2F-D5467E5809A1}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe |

"TCP Query User{E138FCCA-9493-4FB2-9DAE-971AE6B805B1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{E5CBE42F-C528-4EE5-AD13-0CCBA7DEDED8}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{08B29903-7D9A-479D-84AD-D7C2A6EB8FF1}C:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe |

"UDP Query User{0F086509-39C0-41A5-9DCF-8B25A7ADDD0C}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

"UDP Query User{11E9DBE8-F4A4-4407-B0A6-B64EE3853103}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{1E24DE5F-34BC-4DE7-9900-755B0A3CA5BD}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |

"UDP Query User{23A5D591-B2CB-4159-9AE2-384DADA3917E}C:\program files (x86)\java\jre6\launch4j-tmp\mimo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\mimo.exe |

"UDP Query User{275FFA1D-9A79-4895-93B5-773890AB17D7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{28CD3E2A-6CB1-495A-9A11-97B0243F7FED}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{3164EB51-48BD-4392-A8E7-8C0785374BBC}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |

"UDP Query User{317F1E6E-98E7-43E3-B76A-4A6DE3075F40}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"UDP Query User{476E6CA2-9185-46E2-B318-B0D72E373619}F:\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=f:\dead space 2\deadspace2.exe |

"UDP Query User{4F52B965-7EEF-43D4-B433-5B35ED6C940F}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe |

"UDP Query User{64B7720A-6971-4E5C-BA80-29D1549EFADE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"UDP Query User{7F4EDD82-7A76-4A2C-9CF4-8ACF9921B207}C:\users\john\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{93C9DF84-918D-41EA-B9FC-CDE70B457DC0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"UDP Query User{9BDE0DDC-8B97-44B3-A501-0E21CC42499D}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |

"UDP Query User{B9B30000-C304-4AE6-8996-DBD1F68A41BA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"UDP Query User{CF6488AA-CCB5-4FD4-9488-A75F691E5D32}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe |

"UDP Query User{D4C6A4E0-7329-496F-AB95-252B8B261429}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent

"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)

"{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition)

"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{636BB5E4-88A3-4DA6-9630-B98E7814972A}" = XP Repair Pro 5

"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders

"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}" = O&O Defrag Professional

"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel® Network Connections 15.6.25.0

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CFA5BA6D-D6BB-AE1B-E61E-5B1ACFC8F0BB}" = AMD Drag and Drop Transcoding

"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft Security Client" = Microsoft Security Essentials

"PROSetDX" = Intel® Network Connections 15.6.25.0

"RealVNC_is1" = VNC Enterprise Edition E4.5.4

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Sandboxie" = Sandboxie 3.62 (64-bit)

"sp6" = Logitech SetPoint 6.32

"VNCMirror_is1" = VNC Mirror Driver 1.8.0

"VNCPrinter_is1" = VNC Printer Driver 1.6.0

"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter

"{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}" = KODAK Share Button App

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian

"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20187EBD-71B1-4913-AEFF-6E2E2A444434}" = Giganews Accelerator

"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5

"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection

"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish

"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All

"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver

"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V30/V300 Photo Scanner Driver Update

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space

"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)

"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy

"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese

"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers

"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression

"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai

"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2

"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional

"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30

"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common

"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin

"{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard

"{9170B2A2-FC44-4ec2-AEB6-9052626B2A2E}_is1" = Driver Reviver

"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English

"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2

"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish

"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help

"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish

"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter

"{a72ce741-1f32-4d79-bffb-a714375c678d}_is1" = Bigasoft Total Video Converter 3.4.14.4261

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries

"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish

"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French

"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet

"{C975D391-7BF6-44A0-A4FF-EDF3CFD88F68}" = ArcSoft MediaImpression for Kodak

"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5

"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean

"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center

"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA5447A3-C6E7-471C-802C-A1FD401F0159}" = ArcSoft MediaImpression Codec

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash

"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E705AF4A-68B1-4C1A-8604-85728B0F2D21}" = Stone File Undelete

"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0

"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"abgx360" = abgx360 v1.0.6

"AC3Filter_is1" = AC3Filter 1.63b

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"AviSynth" = AviSynth 2.5

"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Classroom Spy Professional" = Classroom Spy Professional

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)

"DVDFab 8 Qt Beta_is1" = DVDFab 8.1.8.8 (29/06/2012) Qt Beta

"DVDFab 8 Qt_is1" = DVDFab 8.1.6.3 (11/02/2012) Qt

"EPSON Scanner" = EPSON Scan

"Everything" = Everything 1.2.1.371

"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]

"GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)

"Hard Reset_is1" = Hard Reset

"ImgBurn" = ImgBurn

"Insane 2_is1" = Insane 2

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)

"LameACM" = Lame ACM MP3 Codec

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MediaPlayerLite" = MediaPlayerLite 0.2

"Mimo" = Mimo

"mIRC" = mIRC

"MKVtoolnix" = MKVtoolnix 4.3.0

"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)

"OpenVPN" = OpenVPN 2.2.1

"OpooSoft PDF Split-Merge_is1" = OpooSoft PDF Split-Merge v6.0

"Picasa 3" = Picasa 3

"PowerISO" = PowerISO

"QuickPar" = QuickPar 0.9

"Revo Uninstaller" = Revo Uninstaller 1.94

"Samsung Easy Printer Manager" = Samsung Easy Printer Manager

"Samsung ML-1865W Series" = Samsung ML-1865W Series

"Samsung Printer Live Update" = Samsung Printer Live Update

"SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106)

"Synergy" = Synergy

"SystemRequirementsLab" = System Requirements Lab

"VLC media player" = VLC media player 2.0.1

"VyprVPN for Giganews 1.1.0.319" = VyprVPN for Giganews

"WBFS Manager 3.0" = WBFS Manager 3.0

"Xilisoft DVD Creator" = Xilisoft DVD Creator

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4125996851-1195880361-1058133894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Xilisoft iPad Magic Platinum" = Xilisoft iPad Magic Platinum

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>