Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can't able to browse to internet but im still conncted to ym

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can't able to browse to internet but im still conncted to ym

Unread postby wynaut » August 30th, 2009, 7:33 am

Good day..Here's my log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:36 PM, on 8/30/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Flock\flock.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\VLC\vlc.exe
D:\Program Files\Trend Micro\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Program Files\RapidBIT\cisvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8208 bytes

hoping for a response..thank you so much ;)
wynaut
Active Member
 
Posts: 7
Joined: August 30th, 2009, 6:59 am
Advertisement
Register to Remove

Re: Can't able to browse to internet but im still conncted to ym

Unread postby MWR 3 day Mod » September 2nd, 2009, 11:01 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Can't able to browse to internet but im still conncted to ym

Unread postby Cypher » September 4th, 2009, 11:50 am

Sorry for the delay the forum is really busy.

Hi, Welcome to the Malware Removal forum.
My name is Cypher, and I'll be helping you with your malware problems.
Before we begin...please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you have questions about something...ASK, don't guess or assume.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
  • DO NOT run any other fix/removal tools unless instructed to do so!
  • DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • The logs from the tools we use can take some time to research so please be patient.

    If you follow these guidelines, things should proceed smoothly. :)
    I am currently reviewing your log, and will return as soon as possible with your instructions.



    Please post an Uninstall list.

    1. Open HijackThis.
    2. Click on the Open the Misc Tools section button.
    3. Look under System tools.
    4. Click on the Open Uninstall Manager... button.
    5. Click on the Save list... button.
    6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
    7. Notepad will open. Please post this log in your next reply.


In your next reply.

1. Uninstall list
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can't able to browse to internet but im still conncted to ym

Unread postby wynaut » September 4th, 2009, 9:30 pm

good day this is my uninstall_list

-----------------------------------


A4 TECH PC Camera H
A4 TECH PC Camera H
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agere Systems HDA Modem
avast! Antivirus
Broadcom 802.11 Wireless LAN Adapter
Crystal Reports Basic for Visual Studio 2008
Flock (2.5.2)
Garena
HijackThis 2.0.2
HP Integrated Module with Bluetooth wireless technology 6.0.1.6202
HP MULTIPLE MODEM INSTALLER for VISTA
HP Quick Launch Buttons 6.40 F1
IDT Audio
Intel(R) Graphics Media Accelerator Driver
JMicron JMB38X Flash Media Controller
K-Lite Mega Codec Pack 1.38
LameACM
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Notification Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Performance Collection Tools - ENU
Microsoft Visual Studio Team System 2008 Team Suite - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
MySQL Connector Net 5.2.6
MySQL Connector/ODBC 5.1
MySQL Server 5.0
MySQL Tools for 5.0
PDF Settings
Prerequirements
Prerequirements
RapidBIT Suite
Realtek 8169 8168 8101E 8102E Ethernet Driver
Skype™ 4.0
SpywareBlaster 4.2
SQLXML4
SWiSH Max2
Total Video Converter 3.10
Touch Pad Driver
Ubuntu
USB Disk Security 5.1.0.15
VC Runtimes MSI
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.0.1
WampServer 2.0
Winamp
Windows Installer 3.2 (KB893803)
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
wynaut
Active Member
 
Posts: 7
Joined: August 30th, 2009, 6:59 am

Re: Can't able to browse to internet but im still conncted to ym

Unread postby Cypher » September 7th, 2009, 5:19 am

Hi wynaut.
It seams there are no Service packs installed on your machine.
Can you tell me why you have not installed them?
Note: Please do not install any until i tell you to do so.


  1. Please download this tool from Microsoft.
  2. Right click on MGADiag.exe and select Run As Administrator to run it.
  3. Click Continue.
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in the window.
Save this file and copy/paste it in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can't able to browse to internet but im still conncted to ym

Unread postby wynaut » September 8th, 2009, 7:25 am

Hello,
with regards to your question, i haven't installed it because i don't know about service packs. :(

------------------------------------------------------------------------------------


Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0x80004005
Windows Product Key: *****-*****-4JJQP-TP64Y-RPFFV
Windows Product Key Hash: W7I5PeTN2iJuvTTU9QmIXc6iQqY=
Windows Product ID: 89578-OEM-7332157-00043
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6000.2.00010300.0.0.003
ID: {DFB169A6-FBB5-4AAF-B086-740B41166645}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6000.vista_rtm.061101-2205
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 108 Invalid VLK
Microsoft Office Enterprise 2007 - 108 Invalid VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\PROGRA~1\FLOCK\FLOCK.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{DFB169A6-FBB5-4AAF-B086-740B41166645}</UGUID><Version>1.9.0011.0</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RPFFV</PKey><PID>89578-OEM-7332157-00043</PID><PIDType>2</PIDType><SID>S-1-5-21-2234774825-618922396-1169140598</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>Compaq Presario CQ40 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.12</Version><SMBIOSVersion major="2" minor="4"/><Date>20080826000000.000000+000</Date></BIOS><HWID>C9333507018400EA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Taipei Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>108</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>8D7A1F46071C586</Val><Hash>Wsxmt6rbSqvzdO1OQmlARm5gQkU=</Hash><Pid>89388-707-2750077-65298</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="108"/><App Id="16" Version="12" Result="108"/><App Id="18" Version="12" Result="108"/><App Id="19" Version="12" Result="108"/><App Id="1A" Version="12" Result="108"/><App Id="1B" Version="12" Result="108"/><App Id="44" Version="12" Result="108"/><App Id="A1" Version="12" Result="108"/><App Id="BA" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6000.16386
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500043-02-1033-6000.0000-1092009
Installation ID: 020106786082851560588355721913887335821262623080280395
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57201
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57203
Use License URL: http://go.microsoft.com/fwlink/?LinkId=57205
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57204
Partial Product Key: RPFFV
License Status: Licensed

HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAIAAQABAAAAAwABAAEAnJ+Y5I5aop16f/4FGNds1vL0cDxe6sAUrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-MPC
FACP HP BLADE
HPET HPQOEM SLIC-MPC
BOOT HPQOEM SLIC-MPC
MCFG HPQOEM SLIC-MPC
SSDT PmRef CpuPm
ASF! HPQOEM SLIC-MPC
SLIC _ASUS_ Notebook
SSDT PmRef CpuPm
wynaut
Active Member
 
Posts: 7
Joined: August 30th, 2009, 6:59 am

Re: Can't able to browse to internet but im still conncted to ym

Unread postby Cypher » September 8th, 2009, 11:21 am

Hi wynaut.
wynaut wrote:with regards to your question, i haven't installed it because i don't know about service packs.
Service packs are the means by which product updates are distributed. Service packs may contain updates for system reliability, program compatibility, security, and more. We will deal with this when your system is clean.

Please do the following.

Run CKScanner
Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Right click CKScanner.exe and chose Run as Administrator then click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can't able to browse to internet but im still conncted to ym

Unread postby wynaut » September 10th, 2009, 8:51 pm

Hello cypher,
sorry for the delay reply, i've got a bad connection lately

--------------------------------------

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\smartdraw 2009\loader-smartdraw\smartdraw_2009_cracking.txt
c:\users\wynaut\downloads\smartdraw.2009 with crack 100% work\keygen.exe
c:\users\wynaut\downloads\smartdraw.2009 with crack 100% work\keygen.exe
c:\users\wynaut\downloads\smartdraw.2009 with crack 100% work\readmefrist!!!.txt
c:\users\wynaut\downloads\smartdraw.2009 with crack 100% work\smartdraw.2009.exe
c:\users\wynaut\downloads\smartdraw_2009_fixed\loader-smartdraw\smartdraw_2009_cracking.txt
c:\users\wynaut\downloads\[alex198555] smartdraw.2009\smartdraw.2009\keygen.exe
c:\windows\crack\crack.exe
scanner sequence 3.DD.11
----- EOF -----
wynaut
Active Member
 
Posts: 7
Joined: August 30th, 2009, 6:59 am

Re: Can't able to browse to internet but im still conncted to ym

Unread postby Cypher » September 11th, 2009, 7:46 am

Hi wynaut.

Cracked/Keygen related software detected!!!
While going through your logs I found out that you have downloaded various of keygen/cracked software and that you are actively using it.
Our forum policy Here says we may not help people who use cracked software because it would make us guilty as well.
You likely got infected by using cracked software or visiting crack sites.
Hence, i would like you to remove all the crack/keygen application that is available on your system

NOTE: If you give me advice that the software/Keygens have been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.
Please decide what you are going to do & let me know.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can't able to browse to internet but im still conncted to ym

Unread postby wynaut » September 11th, 2009, 11:54 pm

Hello Cypher..
I decided to uninstall the software.. Thanks for your help
hopefully I can surf to internet straightly :D

more power to you guys!
wynaut
Active Member
 
Posts: 7
Joined: August 30th, 2009, 6:59 am

Re: Can't able to browse to internet but im still conncted to ym

Unread postby Cypher » September 12th, 2009, 7:28 am

Hi wynaut.
I decided to uninstall the software.. Thanks for your help

Your welcome and thank you for your cooperation.


Download OTL by Old Timer and save it to your Desktop.

Right click on OTL.exe And select Run as administrator to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
  • OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

In your next reply.

1. OTL logs (OTL.txt and Extras.txt)[/quote]
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can't able to browse to internet but im still conncted to ym

Unread postby wynaut » September 14th, 2009, 1:30 pm

OTL logfile created on: 9/15/2009 1:05:25 AM - Run 1
OTL by OldTimer - Version 3.0.11.0 Folder = C:\Users\wynaut\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

986.35 Mb Total Physical Memory | 136.69 Mb Available Physical Memory | 13.86% Memory free
2.17 Gb Paging File | 0.59 Gb Available in Paging File | 27.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 15.72 Gb Free Space | 39.31% Space Free | Partition Type: NTFS
Drive D: | 80.00 Gb Total Space | 50.27 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive E: | 29.05 Gb Total Space | 9.62 Gb Free Space | 33.12% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WYNAUT-PC
Current User Name: wynaut
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe (IDT, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
PRC - C:\Windows\vmsnap3.exe (Vimicro)
PRC - C:\Windows\Domino.exe ()
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Services\netservices.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Apoint2K\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Flock\flock.exe (Flock, Inc.)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft)
PRC - C:\Users\wynaut\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AESTFilters [Auto | Running]) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe (Andrea Electronics Corporation)
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Com4QLBEx [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FlexService [Auto | Stopped]) -- File not found
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (hpqwmiex [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MsDtsServer [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation)
SRV - (msftesql [Auto | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLSERVER [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MSSQLServerOLAPService [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe (Microsoft Corporation)
SRV - (msvsmon80 [Disabled | Stopped]) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (msvsmon90 [Disabled | Stopped]) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (MySQL [Disabled | Stopped]) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
SRV - (NetService [Auto | Running]) -- C:\Program Files\Common Files\Services\netservices.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLSERVERAGENT [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE (Microsoft Corporation)
SRV - (SQLWriter [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (STacSV [Auto | Running]) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe (IDT, Inc.)
SRV - (wampapache [On_Demand | Stopped]) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)
SRV - (wampmysqld [On_Demand | Stopped]) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (btwaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt [On_Demand | Running]) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (hamachi [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HpqKbFiltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcHdmiAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (JMCR [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (OemBiosDevice [Boot | Stopped]) -- C:\Windows\System32\drivers\royal.sys (PARADOX)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\stwrt.sys (IDT, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (VSPerfDrv90 [On_Demand | Stopped]) -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys (Microsoft Corporation)
DRV - (vvftav303 [On_Demand | Stopped]) -- C:\Windows\System32\drivers\vvftav303.sys (Vimicro Corporation)
DRV - (ZSMC0303 [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbVM303.sys (Vimicro Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\S-1-5-21-2234774825-618922396-1169140598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\S-1-5-21-2234774825-618922396-1169140598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Flock 2.5\extensions\\Components: C:\Program Files\Flock\components [2009/09/02 23:14:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/09/02 23:14:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Components: C:\Program Files\Flock\components [2009/09/02 23:14:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/09/02 23:14:09 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [VMSnap3] C:\Windows\VMSnap3.exe (Vimicro)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-2234774825-618922396-1169140598-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.69.254.4 58.69.254.70 58.69.254.135
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{180fb092-75c0-11de-86ba-001eecb19686}\Shell\AutoPlay\Command - "" = console.exe
O33 - MountPoints2\{180fb092-75c0-11de-86ba-001eecb19686}\Shell\Explore\Command - "" = console.exe
O33 - MountPoints2\{180fb092-75c0-11de-86ba-001eecb19686}\Shell\Open\Command - "" = console.exe
O33 - MountPoints2\{180fb092-75c0-11de-86ba-001eecb19686}\Shell\Scan For Viruses\Command - "" = console.exe
O33 - MountPoints2\{e755dab3-9647-11de-869c-001eecb19686}\Shell - "" = AutoRun
O33 - MountPoints2\{e755dab3-9647-11de-869c-001eecb19686}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/13 20:25:11 | 00,000,000 | ---D | C] -- C:\Users\wynaut\Documents\Thesis Docs
[2009/09/12 11:44:43 | 00,000,000 | ---D | C] -- C:\Users\wynaut\AppData\Local\Yahoo!
[2009/09/08 19:12:17 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/09/08 19:10:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/08/30 10:30:57 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/08/30 10:30:11 | 00,000,618 | ---- | C] () -- C:\Users\wynaut\Desktop\SpywareBlaster.lnk
[2009/08/30 00:54:58 | 00,000,743 | ---- | C] () -- C:\Users\wynaut\Desktop\HijackThis.lnk
[2009/08/26 19:35:19 | 05,307,539 | ---- | C] () -- C:\Users\wynaut\Documents\CS261 Files.rar
[2009/08/26 13:43:16 | 00,000,000 | ---D | C] -- C:\Users\wynaut\Documents\CS261 Files
[2009/08/24 16:01:24 | 39,825,920 | ---- | C] () -- C:\Users\wynaut\Documents\THEO 110 journal.doc
[2009/08/24 10:00:18 | 00,034,304 | ---- | C] () -- C:\Users\wynaut\Documents\Progress Report August 24, 09.doc
[2009/08/18 23:56:52 | 00,000,000 | ---D | C] -- C:\Users\wynaut\AppData\Roaming\vlc
[2009/08/18 23:54:00 | 00,000,582 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/08/17 22:30:41 | 00,028,672 | ---- | C] () -- C:\Users\wynaut\Documents\Pagtataya.doc
[2009/08/16 11:39:04 | 00,000,600 | ---- | C] () -- C:\Users\wynaut\Desktop\Total Video Player.lnk
[2009/08/16 11:39:04 | 00,000,600 | ---- | C] () -- C:\Users\wynaut\Desktop\Total Video Converter.lnk
[2009/05/31 00:13:13 | 00,000,283 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/18 13:33:32 | 00,225,280 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009/04/18 13:33:27 | 00,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2009/04/18 13:33:27 | 00,157,696 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/04/18 13:33:27 | 00,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/18 13:33:26 | 00,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/18 13:33:26 | 00,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2008/06/12 18:59:22 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/04 17:54:12 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 20:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 18:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 15:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[2009/09/15 00:31:46 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/15 00:31:46 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/14 20:34:16 | 00,931,994 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/14 20:34:16 | 00,771,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/14 20:34:16 | 00,160,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/14 20:31:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/14 13:27:52 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/14 12:01:22 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/09/14 12:00:40 | 02,970,895 | -H-- | M] () -- C:\Users\wynaut\AppData\Local\IconCache.db
[2009/09/09 12:59:34 | 00,064,000 | ---- | M] () -- C:\Users\wynaut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/02 23:14:22 | 00,001,614 | ---- | M] () -- C:\Users\Public\Desktop\Flock.lnk
[2009/09/02 10:55:59 | 00,000,283 | ---- | M] () -- C:\Windows\ODBC.INI
[2009/08/30 10:30:11 | 00,000,618 | ---- | M] () -- C:\Users\wynaut\Desktop\SpywareBlaster.lnk
[2009/08/30 00:54:58 | 00,000,743 | ---- | M] () -- C:\Users\wynaut\Desktop\HijackThis.lnk
[2009/08/26 21:34:44 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/08/26 19:35:26 | 05,307,539 | ---- | M] () -- C:\Users\wynaut\Documents\CS261 Files.rar
[2009/08/24 19:07:44 | 39,825,920 | ---- | M] () -- C:\Users\wynaut\Documents\THEO 110 journal.doc
[2009/08/24 10:00:20 | 00,034,304 | ---- | M] () -- C:\Users\wynaut\Documents\Progress Report August 24, 09.doc
[2009/08/24 08:38:46 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/08/18 23:54:00 | 00,000,582 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/08/18 00:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/08/18 00:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/08/18 00:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/08/18 00:05:24 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/08/18 00:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/08/18 00:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/08/18 00:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/08/17 22:30:43 | 00,028,672 | ---- | M] () -- C:\Users\wynaut\Documents\Pagtataya.doc
[2009/08/16 14:19:49 | 01,722,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/16 12:35:58 | 00,102,512 | ---- | M] () -- C:\Users\wynaut\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/16 11:39:04 | 00,000,600 | ---- | M] () -- C:\Users\wynaut\Desktop\Total Video Player.lnk
[2009/08/16 11:39:04 | 00,000,600 | ---- | M] () -- C:\Users\wynaut\Desktop\Total Video Converter.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


------------------------------------------------------------------------------------------------------------------------


OTL Extras logfile created on: 9/15/2009 1:05:26 AM - Run 1
OTL by OldTimer - Version 3.0.11.0 Folder = C:\Users\wynaut\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

986.35 Mb Total Physical Memory | 136.69 Mb Available Physical Memory | 13.86% Memory free
2.17 Gb Paging File | 0.59 Gb Available in Paging File | 27.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 15.72 Gb Free Space | 39.31% Space Free | Partition Type: NTFS
Drive D: | 80.00 Gb Total Space | 50.27 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive E: | 29.05 Gb Total Space | 9.62 Gb Free Space | 33.12% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WYNAUT-PC
Current User Name: wynaut
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Classes\<extension>]
.html [@ = FlockHTML] -- C:\Program Files\Flock\flock.exe (Flock, Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0696F8ED-4E62-44B2-B9C3-CEAFD70E02C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B68A42F-C11E-4844-ADB4-206250374312}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25533C90-E147-4EFB-ABA0-A37F22495876}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5206D8CD-6238-4707-AF1B-15D4F0B8FD18}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{54E0B57B-3663-4201-9A0D-A393A1896F38}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6085BF24-D26D-4FF3-BEC3-C2EDD2B0D0E9}" = rport=2869 | protocol=6 | dir=out | app=system |
"{71E3BDD8-4D6B-47FF-B13B-AEC136048113}" = lport=2869 | protocol=6 | dir=in | app=system |
"{83D6C940-80D3-4676-A967-3B08CFDE08AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9641E0FC-C0DD-4C25-BA84-03087E41BFF6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{99D30D9E-3FEE-4B0B-9612-C079533635F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F5FA042-AF1E-44D2-9BC3-D39228529601}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C874F1E5-BBDC-46C8-B17E-A816F0D9D423}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C90FD80C-046B-49EC-B16D-A76CAC835E73}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E36B1C7F-461F-442E-83C6-61C092710F32}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E94230DC-6292-4A10-890F-5898944780B1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F677D21C-0F28-4A10-8CCD-0C7522C848A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0185BA16-9BF6-4E26-966F-F184EE9A591F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0277E5DE-F1BB-4029-8C20-F982394A5BD7}" = protocol=58 | dir=out | app=system |
"{03F3E9CF-7DE7-46A5-B1FF-35DAAC08E050}" = protocol=58 | dir=out | app=system |
"{046B5D53-D16E-4A6A-823E-74938FA0B59E}" = protocol=58 | dir=out | app=system |
"{0528686D-0E33-4408-9900-EF93E443804C}" = protocol=58 | dir=out | app=system |
"{09454DC0-6F04-4148-8BA4-8A88DCB70D57}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{0AE2FD2E-F36C-4581-992D-6288A0461F89}" = protocol=58 | dir=out | app=system |
"{0C8E44B2-EB89-4E50-AF8A-EE1446E6CC24}" = protocol=58 | dir=out | app=system |
"{0D4871F7-5035-4989-9097-272D65F9495B}" = protocol=58 | dir=out | app=system |
"{0EE27EDE-BC28-4E22-88BD-80AE3C5A3F9C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{10A5AB31-B642-4F18-9818-3EC23B5E2EF2}" = protocol=58 | dir=out | app=system |
"{1646F59C-FA4D-49E3-8267-777BA94D1643}" = protocol=58 | dir=out | app=system |
"{17A73E00-814A-4A76-AF92-75DAE355AB1C}" = protocol=58 | dir=out | app=system |
"{1A03DCDD-2377-4ABE-8BD1-781F2A67E63E}" = protocol=58 | dir=out | app=system |
"{1B68DA27-5CB5-4355-8289-586A1088A27E}" = protocol=58 | dir=out | app=system |
"{1FF24377-D0DB-48F2-937B-4EB9715BB861}" = protocol=58 | dir=out | app=system |
"{2095B4E1-E725-47BD-BC73-4809E32FD212}" = protocol=58 | dir=out | app=system |
"{216A8BDB-EA8D-44B9-BB26-633BEC4C41FA}" = protocol=58 | dir=out | app=system |
"{21E56BEF-463B-4CA6-9E13-743C996FC438}" = protocol=58 | dir=out | app=system |
"{22F36119-FBEC-4808-956B-217B37D9C7D0}" = protocol=58 | dir=out | app=system |
"{22F859A8-CB95-47B9-B63F-578598482A32}" = protocol=58 | dir=out | app=system |
"{239CF450-B737-4015-A975-BAD55FAE0601}" = protocol=58 | dir=out | app=system |
"{242C8DC2-96EB-44A4-81B5-C8187B4627A6}" = protocol=58 | dir=out | app=system |
"{24A321EB-7CD6-4774-A46D-8834BE4DDDDD}" = protocol=58 | dir=out | app=system |
"{24B0E95D-EF48-40B0-963A-6B72E2E803E1}" = protocol=58 | dir=out | app=system |
"{24CEFDCB-846C-4849-8D5E-E8AD84A9CDB3}" = protocol=58 | dir=out | app=system |
"{283271BB-B512-4B73-83B1-26D0DA0CC18E}" = protocol=58 | dir=out | app=system |
"{296A1072-F0ED-451D-91C8-39DB7AFEAD51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{299C476E-2853-4A72-B461-F74149832FFC}" = protocol=58 | dir=out | app=system |
"{2CAB9E8B-C8B3-44D5-A6DA-46CD4D2F99B4}" = protocol=58 | dir=out | app=system |
"{2DE5D8FE-D73E-4CD7-95DA-4BC2AA3EF2AD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E3EB88D-2F7D-41FE-AB75-3067021A173F}" = protocol=58 | dir=out | app=system |
"{3253FCEA-F0F8-46E4-81A4-DD4FBE9D4510}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{32CF2CF5-D878-47D0-BC25-54E041C93A21}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{346C6A95-7485-4F0C-9E89-C4D27F628A3D}" = protocol=58 | dir=out | app=system |
"{3589E5C1-14C2-4D65-BB37-D3942C6BC9C8}" = protocol=58 | dir=out | app=system |
"{3699D118-B2E2-498F-853A-77875B54F488}" = protocol=6 | dir=out | app=system |
"{3B6A0FAB-1936-4720-8A09-62C5B71895AF}" = protocol=58 | dir=out | app=system |
"{3C72E61B-AA1F-4BEC-BEFD-33767E4737CE}" = protocol=58 | dir=out | app=system |
"{3CD5BB01-4C68-4AE5-94C3-4013018763CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3F2FC4D3-82AE-4552-87BB-5A633240B3B6}" = protocol=58 | dir=out | app=system |
"{3FEB03C1-8DA1-42E5-BEFE-91C28D5158A6}" = protocol=58 | dir=out | app=system |
"{40526C7A-2A5B-4F5E-9745-D85A5A9568F4}" = protocol=58 | dir=out | app=system |
"{40BD988B-42A1-46F4-A3A5-D34128C9996E}" = protocol=58 | dir=out | app=system |
"{4412EDF9-DB5E-4BFC-A6CF-F807D90716B2}" = protocol=58 | dir=out | app=system |
"{46A4E696-0FDD-4C51-A417-9CF252CE7FBD}" = protocol=58 | dir=out | app=system |
"{48DC0000-C9A6-4491-88B7-1D171B2478F0}" = protocol=58 | dir=out | app=system |
"{4903D1F7-639D-4DCB-A06B-DE080FBC13AE}" = protocol=58 | dir=out | app=system |
"{4A3732DC-2804-4221-B544-79BA7AC37C03}" = protocol=58 | dir=out | app=system |
"{4ADD0C16-61E7-412C-8791-22CF3866BBE1}" = protocol=58 | dir=out | app=system |
"{4C30007C-3B38-4287-BC0A-097B0E8992AB}" = protocol=58 | dir=out | app=system |
"{4F4E23A4-684D-4029-BDE5-7D5E6CFA9A5D}" = protocol=58 | dir=out | app=system |
"{4FDA7D69-A081-4C54-BF5F-1B293BF70642}" = protocol=58 | dir=out | app=system |
"{4FFD80AA-609A-4E1C-83E5-7482743DB5B9}" = protocol=58 | dir=out | app=system |
"{50DD0CDD-6118-4735-9AB4-2B6799CAC7FE}" = protocol=58 | dir=out | app=system |
"{51FFB314-D9D4-48D6-AEA0-142650B4CAEA}" = protocol=58 | dir=out | app=system |
"{52B27B7E-C5CC-48DB-88B9-9DA830C7D410}" = protocol=58 | dir=out | app=system |
"{534346FE-2AC5-4251-B131-1612F6C26AAB}" = protocol=58 | dir=out | app=system |
"{54083A0A-FD6B-46FA-9A96-A1759BA8A55F}" = protocol=58 | dir=out | app=system |
"{548318C2-F2C0-4EBF-BC37-E7750864E086}" = protocol=58 | dir=out | app=system |
"{57611451-267A-41EF-B95C-23A338732685}" = protocol=58 | dir=out | app=system |
"{57F455CE-C5CB-4CFC-9734-6F561ABA0F6A}" = protocol=58 | dir=out | app=system |
"{5809F800-398C-4469-9FA5-1DCB83498927}" = protocol=58 | dir=out | app=system |
"{5A601CA0-A30B-4921-811E-D1218DA3D1ED}" = protocol=58 | dir=out | app=system |
"{5A8AD21A-3A0A-45B4-A247-553F02E0AAE4}" = protocol=58 | dir=out | app=system |
"{5A9249B9-A7D8-464B-B957-3B4CF9CA32DD}" = protocol=58 | dir=out | app=system |
"{60C4D3A5-BE9E-4F22-906A-19B5C38CD849}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62B1BCE5-E437-47E8-919C-4E1F3BC8C4D4}" = protocol=58 | dir=out | app=system |
"{654FF43B-5365-4594-AF2C-DE8671B6E672}" = protocol=58 | dir=out | app=system |
"{6775A423-D62E-4429-9B49-B0F1A076FEC0}" = protocol=58 | dir=out | app=system |
"{69B211FA-D5EE-4FDF-B1A9-9C217F7A5669}" = protocol=17 | dir=in | app=d:\program files\utorrent\utorrent.exe |
"{69CB7981-5109-44A4-9838-349C23F66061}" = protocol=58 | dir=out | app=system |
"{6AD1E59D-F35C-4C3A-B993-FD6AA4EB2505}" = protocol=58 | dir=out | app=system |
"{6AD7524F-EA24-4FF2-8349-9AC9B714583A}" = protocol=58 | dir=out | app=system |
"{6B758BA1-51DA-45FE-99E6-ED23E669B606}" = protocol=58 | dir=out | app=system |
"{6C6FAEE3-B268-470C-A9DD-2D306137FED9}" = protocol=58 | dir=out | app=system |
"{6D49C006-4B27-4056-8776-E783D057760F}" = protocol=58 | dir=out | app=system |
"{7079B757-7078-40D5-A8F2-D8C8AD3554D5}" = protocol=58 | dir=out | app=system |
"{71C60E0A-0C66-4DEF-8991-433F2B85808D}" = protocol=58 | dir=out | app=system |
"{7635DB7C-A50A-431F-BA3F-E8DECAF82EAB}" = protocol=58 | dir=out | app=system |
"{77067F3C-B23F-4F29-AD25-05177D873444}" = protocol=58 | dir=out | app=system |
"{79C09A03-F93A-40A5-9F2D-2FE29ABFFA6B}" = protocol=58 | dir=out | app=system |
"{7A87EE35-3841-40B9-9C96-3F9F627BEEBB}" = protocol=58 | dir=out | app=system |
"{7ABBB534-7C00-42F6-AF40-941068B05A53}" = protocol=58 | dir=out | app=system |
"{7BB84CA2-4ACD-4A40-9F91-1C4E43A624EF}" = protocol=58 | dir=out | app=system |
"{7CB905B1-C6B7-4816-BEDD-C8A1179B4024}" = protocol=58 | dir=out | app=system |
"{83050E80-BD46-4DE8-8BA4-7CCF9F5758F7}" = protocol=58 | dir=out | app=system |
"{84D6295F-8EDB-4412-AB49-2DB654C38B28}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84F45A1F-1AA9-4DE6-86A3-AA8F409025B2}" = protocol=58 | dir=out | app=system |
"{898D8AC5-9378-4FF0-A826-161203271B50}" = protocol=58 | dir=out | app=system |
"{89A28849-9E29-482E-BC69-787DF08703E9}" = protocol=58 | dir=out | app=system |
"{8A9F90B1-D6FD-460A-A140-A37CB0744BE4}" = protocol=58 | dir=out | app=system |
"{8D215EA2-FD30-45D3-AB63-7BC937A1EA17}" = protocol=58 | dir=out | app=system |
"{94BBE020-0754-4185-A6A5-1A1E133E0A34}" = protocol=58 | dir=out | app=system |
"{94EB0596-6E7F-4886-B89F-C9C45937B340}" = protocol=58 | dir=out | app=system |
"{957839DE-3E74-44BB-8510-E00C58A2EC21}" = protocol=58 | dir=out | app=system |
"{96F22279-1ACF-48A0-8157-838A72FDAA41}" = protocol=58 | dir=out | app=system |
"{9BD48E41-8DFA-4D5D-8452-1BF7E0827463}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9DFCF47B-20BA-421F-A7F7-E9C819C8B8AB}" = protocol=58 | dir=out | app=system |
"{9F0FF86D-0486-498C-886D-CD76BB7AD6E8}" = protocol=58 | dir=out | app=system |
"{A0F337E0-E3B0-4C88-8193-F41697E814E4}" = protocol=58 | dir=out | app=system |
"{A2E526F6-C966-4992-9219-2E9438366018}" = protocol=58 | dir=out | app=system |
"{A604F168-21D6-412C-9828-EF001DAA7EC7}" = protocol=58 | dir=out | app=system |
"{AEB7C83A-7FA5-4EFC-AE9F-359C998882FA}" = protocol=6 | dir=in | app=d:\program files\utorrent\utorrent.exe |
"{B65D5280-3805-4FEC-BB12-C8423F6ADB65}" = protocol=58 | dir=out | app=system |
"{B9D67E1D-DC55-47E6-9F2C-7BD968E1DB2E}" = protocol=58 | dir=in | app=system |
"{C33D4B92-4D59-41A1-A34A-24C7B9EE2D9E}" = protocol=58 | dir=out | app=system |
"{C397C3A7-A615-4FB5-8E35-9D2A8520D376}" = protocol=58 | dir=out | app=system |
"{C40A3174-4E93-484C-BA44-4F2851BD5441}" = protocol=58 | dir=out | app=system |
"{C49825B9-8C90-4B8D-9871-856F0AB4C9F8}" = protocol=58 | dir=out | app=system |
"{C9B795D9-1486-4008-B1C9-423552CF1C6C}" = protocol=58 | dir=out | app=system |
"{CAAB8D36-8D55-43BA-BA11-1D5706FDC5D4}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{D49E30D8-6421-45A6-9D5D-7C5020958894}" = protocol=58 | dir=out | app=system |
"{DABF942B-FA31-421B-9F8F-F198E4DD5CF7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DCF5FFC4-D64D-4033-BC8F-8117BE8C7D82}" = protocol=58 | dir=out | app=system |
"{DFF845CF-9D2E-4D7B-AB60-59F2DDD459EB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E4579314-4622-4EC4-9A17-0F1146FC8455}" = protocol=58 | dir=out | app=system |
"{E4AD4142-2D20-48E4-8E89-D8C77F23BBCD}" = protocol=58 | dir=out | app=system |
"{E967678F-3E9F-44F8-A737-E40183561459}" = protocol=58 | dir=out | app=system |
"{EBD2F816-83B0-49E5-B79C-74AC5C037A29}" = protocol=58 | dir=out | app=system |
"{EC62D428-5E17-46C8-ADD6-DBD6892CBB92}" = protocol=58 | dir=out | app=system |
"{ED9A68C9-30EA-45AE-864C-D04C587AFDA1}" = protocol=58 | dir=out | app=system |
"{EF268456-6431-405D-9B89-6A4AC73AAE57}" = protocol=58 | dir=out | app=system |
"{EF560620-888F-4EE0-9B6C-0BE907510E31}" = protocol=58 | dir=out | app=system |
"{F03D4240-5963-42F9-8E00-E98E1E904BA1}" = protocol=58 | dir=out | app=system |
"{F5281413-9C86-4F83-9EFD-19F8385B8CBD}" = protocol=58 | dir=out | app=system |
"{FA09B38A-3828-452C-9911-8949E39D546E}" = protocol=58 | dir=out | app=system |
"{FCCC3663-3DD1-45A7-BD15-0192413BB1DF}" = protocol=58 | dir=out | app=system |
"{FE944023-403E-427B-8FFE-DBCE8DFB86FB}" = protocol=58 | dir=out | app=system |
"{FF844BA7-31F3-45B1-BA17-D365BB590E0C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"TCP Query User{0651974F-1989-4B3B-B65A-37D99842CF9F}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe |
"TCP Query User{139469E4-9C38-4CD6-9E7E-64DEF1C42EA3}H:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=h:\warcraft iii\war3.exe |
"TCP Query User{48E6AD82-3F1A-4D35-9212-35DE2A3E914A}C:\users\wynaut\desktop\warcraft 1.20\war3.exe" = protocol=6 | dir=in | app=c:\users\wynaut\desktop\warcraft 1.20\war3.exe |
"TCP Query User{558D1156-F0BD-4282-A6A8-06023BCA40FB}D:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=d:\program files\hamachi\hamachi.exe |
"TCP Query User{82C3E6EE-BB0C-4416-B66F-65E9BF15B114}C:\users\wynaut\desktop\warcraft\war3.exe" = protocol=6 | dir=in | app=c:\users\wynaut\desktop\warcraft\war3.exe |
"TCP Query User{8C66C7D0-976B-4BD2-8FFA-8F23037C22F5}G:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\warcraft iii\war3.exe |
"TCP Query User{B6A03BAB-0A37-46E3-BD03-36F4E955F992}D:\games\warcraft iii\garena\garena.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\garena\garena.exe |
"TCP Query User{BDB33BA4-5F9A-4C20-ABB1-8322707977C2}D:\games\garena\garena.exe" = protocol=6 | dir=in | app=d:\games\garena\garena.exe |
"TCP Query User{FE33DD3A-E23E-442E-B49C-1EFFB3FF13D8}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"UDP Query User{118568BB-5AD4-4478-B815-E561688FE4F5}H:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=h:\warcraft iii\war3.exe |
"UDP Query User{13055CB0-26D0-40DF-AD75-21295938DD6C}D:\games\garena\garena.exe" = protocol=17 | dir=in | app=d:\games\garena\garena.exe |
"UDP Query User{286D177C-6124-4B44-AAC3-56AB29EF6FB3}C:\users\wynaut\desktop\warcraft 1.20\war3.exe" = protocol=17 | dir=in | app=c:\users\wynaut\desktop\warcraft 1.20\war3.exe |
"UDP Query User{3033F15A-8298-43A6-A9A3-483365E7303C}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe |
"UDP Query User{4E8FF32E-E5FD-420B-BA34-6CDB33C9A4FB}D:\games\warcraft iii\garena\garena.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\garena\garena.exe |
"UDP Query User{6D25F442-66B3-4081-AE1D-AAD38E3442DD}C:\users\wynaut\desktop\warcraft\war3.exe" = protocol=17 | dir=in | app=c:\users\wynaut\desktop\warcraft\war3.exe |
"UDP Query User{7164AB33-935D-47AB-AF37-7488EAD6D71F}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"UDP Query User{88BABA68-941C-4871-85DC-542DD0A10E72}G:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\warcraft iii\war3.exe |
"UDP Query User{F7F63C24-F67F-41C5-929A-F0AD77776808}D:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=d:\program files\hamachi\hamachi.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6202
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19ABE7AD-B0E6-4B5F-A2C1-35EAC9B05542}" = Prerequirements
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4EFE49A6-61A3-45B7-8EA2-CCE4A9A8F0E4}" = MySQL Tools for 5.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 5.2.6
"{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}" = Microsoft SQL Server 2005 Notification Services
"{63B28D9D-4DB9-4DA9-82B4-5359061E22DE}" = MySQL Server 5.0
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{982DB00A-9C4E-436B-8707-18E113BAA44C}" = Microsoft SQL Server 2005 Analysis Services
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F238A60-C445-4B81-8EDE-07DC924E98F8}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}" = A4 TECH PC Camera H
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH PC Camera H
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB3F5C2A-0754-38B8-8722-7B537006BF46}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast!" = avast! Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flock (2.5.2)" = Flock (2.5.2)
"Garena" = Garena
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.38
"LameACM" = LameACM
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio Team System 2008 Team Suite - ENU" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"Prerequirements" = Prerequirements
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Total Video Converter 3.10_is1" = Total Video Converter 3.10
"USB Disk Security_is1" = USB Disk Security 5.1.0.15
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.1
"WampServer 2_is1" = WampServer 2.0
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Wubi" = Ubuntu
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/8/2009 5:32:24 PM | Computer Name = wynaut-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\wynaut\AppData\Roaming\Flock\Browser\Profiles\tr0jnojn.default\flock-data.sqlite
failed, 00000005.

Error - 8/15/2009 11:36:06 PM | Computer Name = wynaut-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://124.108.114.77/ph.f768.mail.yaho ... d_response
failed, 00000084.

Error - 8/15/2009 11:36:10 PM | Computer Name = wynaut-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\wynaut\Downloads\tvc.exe.part failed, 00000084.

[ Application Events ]
Error - 9/13/2009 7:09:02 AM | Computer Name = wynaut-PC | Source = Perflib | ID = 1000
Description =

Error - 9/13/2009 9:37:34 PM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 9.0\Common7\Tools\AtlTraceTool8.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/13/2009 9:37:34 PM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 9.0\Common7\Tools\spyxx.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/13/2009 9:37:34 PM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
SDKs\Windows\v6.0A\bin\guidgen.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/13/2009 9:38:43 PM | Computer Name = wynaut-PC | Source = Perflib | ID = 1000
Description =

Error - 9/13/2009 11:51:11 PM | Computer Name = wynaut-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 9.0.0.2162, time
stamp 0x4a1cb91c, faulting module YCPFoundation.dll, version 9.0.0.54871, time stamp
0x4a1cbc3f, exception code 0xc0000005, fault offset 0x00026cf0, process id 0x1688,
application start time 0x01ca34dfb6297b02.

Error - 9/14/2009 1:27:59 AM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 9.0\Common7\Tools\AtlTraceTool8.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/14/2009 1:27:59 AM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 9.0\Common7\Tools\spyxx.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/14/2009 1:28:00 AM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
SDKs\Windows\v6.0A\bin\guidgen.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/14/2009 1:29:16 AM | Computer Name = wynaut-PC | Source = Perflib | ID = 1000
Description =

[ System Events ]
Error - 9/13/2009 8:59:01 AM | Computer Name = wynaut-PC | Source = DCOM | ID = 10010
Description =

Error - 9/13/2009 8:59:03 AM | Computer Name = wynaut-PC | Source = DCOM | ID = 10010
Description =

Error - 9/13/2009 9:38:51 PM | Computer Name = wynaut-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/13/2009 9:38:51 PM | Computer Name = wynaut-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 9/13/2009 10:14:24 PM | Computer Name = wynaut-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 9/13/2009 10:51:37 PM | Computer Name = wynaut-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 9/14/2009 1:29:08 AM | Computer Name = wynaut-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/14/2009 1:29:08 AM | Computer Name = wynaut-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 9/14/2009 8:44:37 AM | Computer Name = wynaut-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 9/14/2009 8:44:37 AM | Computer Name = wynaut-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.104,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.


< End of report >
wynaut
Active Member
 
Posts: 7
Joined: August 30th, 2009, 6:59 am

Re: Can't able to browse to internet but im still conncted to ym

Unread postby Cypher » September 16th, 2009, 7:26 am

Hi wynaut.
i will get back to you with your next set of instructions as soon as possible.
The forum is really busy, thank you for your patience.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can't able to browse to internet but im still conncted to ym

Unread postby Cypher » September 16th, 2009, 10:53 am

Hi wynaut.
To comply with forum policy we will be removing cracked or pirated software.

Add/Remove programs
  • Click on Start
  • All programs
  • Accessories
  • Run
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following

Microsoft Office Enterprise 2007

Next

Back Up registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next

We need to run an OTL Fix

  • Right-click OTL.exe and chose Run as Administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    
    :Reg
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{69B211FA-D5EE-4FDF-B1A9-9C217F7A5669}" =-
    "{AEB7C83A-7FA5-4EFC-AE9F-359C998882FA}" =- 
    
    :Files
    
    c:\users\wynaut\downloads\smartdraw.2009 with crack 100% work
    c:\users\wynaut\downloads\smartdraw_2009_fixed
    c:\users\wynaut\downloads\[alex198555] smartdraw.2009
    c:\windows\crack
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next

RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
  4. The first one, "log.txt", will be maximized
  5. The second one, "info.txt", will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

In your next reply

1. OTL log.
2. RSIT log.txt file contents and info.txt file contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can't able to browse to internet but im still conncted to ym

Unread postby NonSuch » September 23rd, 2009, 4:00 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 490 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware