Has anyone else had this?

Newtothis · December 27, 2011

For a while now my computer has had a a wierd screen saver whenever it's inactive for a while. It basically looks like a video in the middle of a blank screen with random images and sumtimes plays adverts. While it's on, my computer is irresponsive and I have to ctrl+alt+del it to get it to the user account screen and for it to respond. :confused: I click the user account icon to get back to the desktop and there's an error message which reads ''Windows host process rundll32 has stopped working.'' Has anyone else had this? I think it myt be down to registry errors which'll hopefully be sorted out by system mechanic which I just dowloaded but not sure :eek: Below is a screenshot of the wierd screen saver

Edited December 27, 2011 by Newtothis

Newtothis · December 27, 2011

[ATTACH=CONFIG]637.vB5-legacyid=1337[/ATTACH] <----- the error message

Plastic Nev · December 27, 2011

Hi and welcome to Extreme Tech Support - Free PC Help.

Firstly I will ask you not to use the system mechanic, it is a registry cleaner which we do not advise anyone to use as they can cause serious damage to the registry.

What you describe sounds more like an invasion by some form of malware or virus.

I will pass this to one of our security people to look into for you.

Please follow all their instructions in order to get this problem resolved.

Nev.

Newtothis · December 27, 2011

Hi and welcome to Extreme Tech Support - Free PC Help.
Firstly I will ask you not to use the system mechanic, it is a registry cleaner which we do not advise anyone to use as they can cause serious damage to the registry.
What you describe sounds more like an invasion by some form of malware or virus.
I will pass this to one of our security people to look into for you.
Please follow all their instructions in order to get this problem resolved.

Nev.

It says it's found 1032 registery problems and there's an option to inspect and repair the registry problems myself- so is there a way to know which ones to remove/repair and which ones to leave alone?

KenB · December 28, 2011

Leave them all alone. Do not use registry "cleaners" if you don't know what you are doing.

Please be patient. One of our security experts will be along shortly to advise on the best course of action.

Starbuck · December 28, 2011

Hi Newtothis

My first question would be......

Have you tried to change the screensaver?

or, tried to turn it off?

http://windows.microsoft.com/en-GB/windows-vista/Change-screen-saver

By all means we'll take a look for you though.

Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
[*]Then click Finish.
[*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
[*]On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
[*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
[*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
[*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
[*]Click OK to close the message box and continue with the removal process.
[*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
[*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 2

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

Now copy the lines in bold below.

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
.
Click the Run Scan button.

http://img.photobucket.com/albums/v708/starbuck50/runscan.png
Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:

MBAM scan report

both reports from OTL

Thanks.

Newtothis · December 30, 2011

Hi Newtothis

My first question would be......
Have you tried to change the screensaver?
or, tried to turn it off?

http://windows.microsoft.com/en-GB/windows-vista/Change-screen-saver

By all means we'll take a look for you though.

Step 1
Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.

Double-click on Download_mbam-setup.exe to install the application.

When the installation begins, follow the prompts and do not make any changes to default settings.

When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

[*]Then click Finish.
[*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
[*]On the Scanner tab:

Make sure the "Perform Full Scan" option is selected.

Then click on the Scan button.

[*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
[*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
[*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
[*]Click OK to close the message box and continue with the removal process.
[*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
[*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 2

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check

.

.
http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
.

Click the Run Scan button.

http://img.photobucket.com/albums/v708/starbuck50/runscan.png

Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:
MBAM scan report
both reports from OTL

Thanks.

Log files:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.28.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19154 Hasan :: HASAN-PC [administrator] Protection: Enabled 28/12/2011 15:59:56 mbam-log-2011-12-28 (15-59-56).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 497684 Time elapsed: 2 hour(s), 2 minute(s), 21 second(s) Memory Processes Detected: 1 C:\Windows\Temp\ummprs\setup.exe (Trojan.Dropper) -> 2440 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 204 HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.FunWebProducts) -> No action taken. HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.FunWebProducts) -> No action taken. HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.FunWebProducts) -> No action taken. HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.FunWebProducts) -> No action taken. HKCR\FunWebProducts.DataControl.1 (PUP.FunWebProducts) -> No action taken. HKCR\FunWebProducts.DataControl (PUP.FunWebProducts) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (PUP.FunWebProducts) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.FunWebProducts) -> No action taken. HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.FunWebProducts) -> No action taken. HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.FunWebProducts) -> No action taken. HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.FunWebProducts) -> No action taken. HKCR\FunWebProducts.IECookiesManager.1 (PUP.FunWebProducts) -> No action taken. HKCR\FunWebProducts.IECookiesManager (PUP.FunWebProducts) -> No action taken. HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> No action taken. HKCR\FunWebProducts.HTMLMenu.2 (PUP.FunWebProducts) -> No action taken. HKCR\FunWebProducts.HTMLMenu (PUP.FunWebProducts) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> No action taken. HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.FunWebProducts) -> No action taken. HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.FunWebProducts) -> No action taken. HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.FunWebProducts) -> No action taken. HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.FunWebProducts) -> No action taken. HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.FunWebProducts) -> No action taken. HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.FunWebProducts) -> No action taken. HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.FunWebProducts) -> No action taken. HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.FunWebProducts) -> No action taken. HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.FunWebProducts) -> No action taken. HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.FunWebProducts) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.FunWebProducts) -> No action taken. HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.FunWebProducts) -> No action taken. HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.FunWebProducts) -> No action taken. HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.FunWebProducts) -> No action taken. HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.FunWebProducts) -> No action taken. HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.FunWebProducts) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\AMService (Trojan.Dropper) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.RprtCtrl (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A072EC12-A40B-41DD-9A1A-CDB848B70F3C} (Rogue.Installer) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCU\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKCU\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCU\Software\AppDataLow\Software\MarketPrecision (Adware.Adparatus) -> Quarantined and deleted successfully. HKCU\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> Quarantined and deleted successfully. HKLM\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully. HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\ResultBar Service (Adware.ResultBar) -> Quarantined and deleted successfully. Registry Values Detected: 7 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: ©Ž±#¥aI¶» äG\Ê -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (Adware.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790475BD765A5A33AD94 (Malware.Trace) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\Windows\system32\regedit.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 22 C:\ProgramData\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0} (Adware.ResultBar) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport2\Bin\2.7.37 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. Files Detected: 89 C:\Program Files\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (PUP.FunWebProducts) -> No action taken. C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken. C:\Windows\Temp\ummprs\setup.exe (Trojan.Dropper) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Hasan\aa\My Music\Setup.exe (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Users\Hasan\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Users\Hasan\Downloads\7zipSetup (1).exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Users\Hasan\Downloads\7zipSetup (2).exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Users\Hasan\Downloads\7zipSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Users\Hasan\Downloads\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully. (end)

Malwarebytes Anti-Malware (Trial) 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.29.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19154 Hasan :: HASAN-PC [administrator] Protection: Enabled 29/12/2011 13:55:11 mbam-log-2011-12-29 (13-55-11).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 500416 Time elapsed: 1 hour(s), 58 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully. (end)

2011/12/28 15:55:34 GMT HASAN-PC Hasan MESSAGE Starting protection 2011/12/28 15:55:36 GMT HASAN-PC Hasan MESSAGE Protection started successfully 2011/12/28 15:55:39 GMT HASAN-PC Hasan MESSAGE Starting IP protection 2011/12/28 15:55:39 GMT HASAN-PC Hasan ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2011/12/28 15:57:51 GMT HASAN-PC Hasan DETECTION C:\Program Files\Mozilla Firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}\install.rdf Adware.ResultBar QUARANTINE 2011/12/28 15:57:51 GMT HASAN-PC Hasan DETECTION C:\Program Files\Mozilla Firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}\install.rdf Adware.ResultBar DENY 2011/12/28 16:00:56 GMT HASAN-PC Hasan MESSAGE Executing scheduled update: Daily 2011/12/28 16:00:58 GMT HASAN-PC Hasan MESSAGE Database already up-to-date 2011/12/28 17:11:46 GMT HASAN-PC Hasan DETECTION c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf Adware.ResultBar DENY 2011/12/28 18:25:44 GMT HASAN-PC Hasan DETECTION C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll Adware.ClickPotato QUARANTINE 2011/12/28 18:25:44 GMT HASAN-PC Hasan DETECTION c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll Adware.ClickPotato DENY 2011/12/28 18:25:46 GMT HASAN-PC Hasan DETECTION c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll Adware.ClickPotato DENY 2011/12/28 18:28:53 GMT HASAN-PC Hasan DETECTION c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll Adware.ClickPotato DENY 2011/12/28 18:29:17 GMT HASAN-PC Hasan DETECTION C:\Windows\Temp\ummprs\setup.exe Trojan.Dropper QUARANTINE 2011/12/28 18:29:18 GMT HASAN-PC Hasan ERROR Quarantine failed: DeleteFile failed with error code 5 2011/12/28 18:29:23 GMT HASAN-PC Hasan DETECTION C:\Windows\Temp\ummprs\setup.exe Trojan.Dropper DENY 2011/12/28 18:31:33 GMT HASAN-PC Hasan MESSAGE Starting protection 2011/12/28 18:31:38 GMT HASAN-PC Hasan MESSAGE Protection started successfully 2011/12/28 18:31:41 GMT HASAN-PC Hasan MESSAGE Starting IP protection 2011/12/28 18:31:41 GMT HASAN-PC Hasan ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2011/12/28 18:31:54 GMT HASAN-PC Hasan MESSAGE Starting IP protection 2011/12/28 18:31:54 GMT HASAN-PC Hasan ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753

2011/12/29 11:02:52 GMT HASAN-PC Hasan MESSAGE Starting protection 2011/12/29 11:02:54 GMT HASAN-PC Hasan MESSAGE Protection started successfully 2011/12/29 11:02:57 GMT HASAN-PC Hasan MESSAGE Starting IP protection 2011/12/29 11:02:57 GMT HASAN-PC Hasan ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2011/12/29 11:18:04 GMT HASAN-PC Hasan MESSAGE Executing scheduled update: Daily 2011/12/29 11:19:02 GMT HASAN-PC Hasan MESSAGE Starting database refresh 2011/12/29 11:19:02 GMT HASAN-PC Hasan MESSAGE Scheduled update executed successfully: database updated from version v2011.12.28.03 to version v2011.12.29.02 2011/12/29 11:19:04 GMT HASAN-PC Hasan MESSAGE Database refreshed successfully 2011/12/29 16:37:05 GMT HASAN-PC Hasan MESSAGE Starting protection 2011/12/29 16:37:07 GMT HASAN-PC Hasan MESSAGE Protection started successfully 2011/12/29 16:37:10 GMT HASAN-PC Hasan MESSAGE Starting IP protection 2011/12/29 16:37:10 GMT HASAN-PC Hasan ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2011/12/29 19:21:42 GMT HASAN-PC Hasan MESSAGE Starting protection 2011/12/29 19:21:44 GMT HASAN-PC Hasan MESSAGE Protection started successfully 2011/12/29 19:21:47 GMT HASAN-PC Hasan MESSAGE Starting IP protection 2011/12/29 19:21:47 GMT HASAN-PC Hasan ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2011/12/29 22:16:37 GMT HASAN-PC Hasan MESSAGE Starting protection 2011/12/29 22:16:38 GMT HASAN-PC Hasan MESSAGE Protection started successfully 2011/12/29 22:16:41 GMT HASAN-PC Hasan MESSAGE Starting IP protection 2011/12/29 22:16:41 GMT HASAN-PC Hasan ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753

2011/12/30 10:37:44 GMT HASAN-PC Hasan MESSAGE Starting protection 2011/12/30 10:37:47 GMT HASAN-PC Hasan MESSAGE Protection started successfully 2011/12/30 10:37:48 GMT HASAN-PC Hasan MESSAGE Executing scheduled update: Daily 2011/12/30 10:37:50 GMT HASAN-PC Hasan MESSAGE Starting IP protection 2011/12/30 10:37:50 GMT HASAN-PC Hasan ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2011/12/30 10:38:28 GMT HASAN-PC Hasan MESSAGE Scheduled update executed successfully: database updated from version v2011.12.29.02 to version v2011.12.30.01 2011/12/30 10:38:28 GMT HASAN-PC Hasan MESSAGE Starting database refresh 2011/12/30 10:38:30 GMT HASAN-PC Hasan MESSAGE Database refreshed successfully

Newtothis · December 30, 2011

OTL report 1:

OTL Extras logfile created on: 30/12/2011 16:51:25 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hasan\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19154)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 48.19% Memory free

6.20 Gb Paging File | 4.71 Gb Available in Paging File | 75.92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.04 Gb Total Space | 60.71 Gb Free Space | 21.08% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.50 Gb Free Space | 45.02% Space Free | Partition Type: NTFS

Computer Name: HASAN-PC | User Name: Hasan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"mW[íµ�ˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>*Ý�\�†Ð=Ÿà�Û±Þ" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Users\Hasan\AppData\Local\Temp\vc.18.09.exe" = C:\Users\Hasan\AppData\Local\Temp\vc.18.09.exe:*:Enabled:Windows Application Service

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{004FD3FB-4E74-4BE3-8177-9E8D9209FABC}" = lport=63861 | protocol=6 | dir=in | name=akamai netsession interface |

"{01B4A91E-30D1-4223-96F5-33B9DF5E3BEA}" = lport=56491 | protocol=6 | dir=in | name=akamai netsession interface |

"{02AA9430-E25E-4D70-97B6-00F12021F107}" = lport=50567 | protocol=6 | dir=in | name=akamai netsession interface |

"{032E41C9-CAB4-4634-A5D3-83F9992E9C48}" = lport=49949 | protocol=6 | dir=in | name=akamai netsession interface |

"{036B7F91-F67B-4422-B67C-B4BAACB82143}" = lport=49372 | protocol=6 | dir=in | name=akamai netsession interface |

"{03BF936C-A6A5-4E8A-8E4A-78857FCE77A8}" = lport=50039 | protocol=6 | dir=in | name=akamai netsession interface |

"{03C9A1A2-41BE-4A8A-AA32-A1E201E3A192}" = lport=51091 | protocol=6 | dir=in | name=akamai netsession interface |

"{048161CD-C709-45D9-B145-72251D1E10D1}" = lport=49220 | protocol=6 | dir=in | name=akamai netsession interface |

"{049D116B-D900-4428-B18B-0AF48DCFB017}" = lport=56841 | protocol=6 | dir=in | name=akamai netsession interface |

"{04DB29B7-3232-4C3F-9C25-DC47123FF052}" = lport=50558 | protocol=6 | dir=in | name=akamai netsession interface |

"{05CF9761-837A-4CAB-AEB9-89EC76C8CA39}" = lport=49919 | protocol=6 | dir=in | name=akamai netsession interface |

"{064D0F8C-E0D7-437B-BFF0-BE1F072DBEEE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{06564FA7-731E-4000-A16C-462461E6B4D0}" = lport=52131 | protocol=6 | dir=in | name=akamai netsession interface |

"{069C5FB4-EB1C-4F41-B363-2C020FCA3145}" = lport=52388 | protocol=6 | dir=in | name=akamai netsession interface |

"{07A0914E-0AA0-4094-AC9A-84BE4DEE066C}" = lport=52407 | protocol=6 | dir=in | name=akamai netsession interface |

"{0818748D-C0E1-48A1-9C4E-ECE09A8775D3}" = lport=51310 | protocol=6 | dir=in | name=akamai netsession interface |

"{081D79A0-05E0-42B1-B09E-C12C1CD816BE}" = lport=52149 | protocol=6 | dir=in | name=akamai netsession interface |

"{087B7A3D-F5FC-423A-AD3F-70891D07128F}" = lport=50973 | protocol=6 | dir=in | name=akamai netsession interface |

"{08B0600C-9C13-4536-8355-052809E23440}" = lport=55634 | protocol=6 | dir=in | name=akamai netsession interface |

"{08ED9EFB-7C2A-44FC-99F1-03BE7DDB3C2B}" = lport=61814 | protocol=6 | dir=in | name=akamai netsession interface |

"{099DDE61-37BC-43D2-9855-951477D7B3D7}" = lport=65397 | protocol=6 | dir=in | name=akamai netsession interface |

"{0A3B56F4-362D-4BDC-B317-8A3CCE98D8B2}" = lport=54027 | protocol=6 | dir=in | name=akamai netsession interface |

"{0A8CD86A-ADC2-456F-94AB-785C37278778}" = lport=49434 | protocol=6 | dir=in | name=akamai netsession interface |

"{0C04589A-5FA5-477F-82DC-2A5EF5D5233E}" = lport=52732 | protocol=6 | dir=in | name=akamai netsession interface |

"{0C85831F-EBE0-4722-9C3F-C69A98AE9F45}" = lport=51222 | protocol=6 | dir=in | name=akamai netsession interface |

"{0CBA1FF6-1768-441A-B0C6-E68370866753}" = lport=51748 | protocol=6 | dir=in | name=akamai netsession interface |

"{0D491438-09AE-4C4F-A58E-7021B578F506}" = lport=55625 | protocol=6 | dir=in | name=akamai netsession interface |

"{0E7129BB-D7B2-417A-B891-0A5A819E1CE2}" = lport=50576 | protocol=6 | dir=in | name=akamai netsession interface |

"{0E9F833D-138B-4581-8D63-2F2D31B8B9CD}" = lport=51133 | protocol=6 | dir=in | name=akamai netsession interface |

"{0F220990-E74A-4106-914E-C48174698B1C}" = lport=49324 | protocol=6 | dir=in | name=akamai netsession interface |

"{0FC38495-1757-4AD0-91FC-9A84310C5578}" = lport=50446 | protocol=6 | dir=in | name=akamai netsession interface |

"{10086ADE-7ED1-4090-AEF0-FF064FA9378A}" = lport=50103 | protocol=6 | dir=in | name=akamai netsession interface |

"{10B00C23-074F-473C-923F-7832B09B7F2B}" = lport=49971 | protocol=6 | dir=in | name=akamai netsession interface |

"{11C179D9-0710-4230-9DCE-60E70A41BA11}" = lport=50277 | protocol=6 | dir=in | name=akamai netsession interface |

"{128234A2-8D5F-45AA-B8D7-BC0F8672C66D}" = lport=50139 | protocol=6 | dir=in | name=akamai netsession interface |

"{129BE3C3-3E75-4396-8F25-799F142D9103}" = lport=51064 | protocol=6 | dir=in | name=akamai netsession interface |

"{12A29DED-F6F3-4292-B1D4-60F1F09A8C99}" = lport=62213 | protocol=6 | dir=in | name=akamai netsession interface |

"{12EC294A-DE4F-4169-8A98-9A7D291B17B7}" = lport=61799 | protocol=6 | dir=in | name=akamai netsession interface |

"{132076D0-2EAD-4270-806B-E74A0479F329}" = lport=49594 | protocol=6 | dir=in | name=akamai netsession interface |

"{138B5333-CC0F-42E8-AF8C-62A0A5A186B7}" = lport=52753 | protocol=6 | dir=in | name=akamai netsession interface |

"{13D279AA-264A-4D15-97A0-2161D220A88B}" = lport=52309 | protocol=6 | dir=in | name=akamai netsession interface |

"{1416189C-CBE4-4710-BA53-996BC20A8AF9}" = lport=55217 | protocol=6 | dir=in | name=akamai netsession interface |

"{145A34DE-C1B5-4B37-9C09-5CD7BF98277D}" = lport=49684 | protocol=6 | dir=in | name=akamai netsession interface |

"{14D3C1A9-1B5B-4A79-92DA-C16004ED99EA}" = lport=51198 | protocol=6 | dir=in | name=akamai netsession interface |

"{15097081-1804-4F1D-96C7-0CF1E3F8A157}" = lport=49681 | protocol=6 | dir=in | name=akamai netsession interface |

"{155ECFC7-3901-4D8E-90BF-F06B31D4A8E4}" = lport=50740 | protocol=6 | dir=in | name=akamai netsession interface |

"{1602B27D-6538-41FF-A9B8-C24D49A99888}" = lport=61176 | protocol=6 | dir=in | name=akamai netsession interface |

"{16E44B04-4530-4633-9846-1A3ED48CA0D1}" = lport=50639 | protocol=6 | dir=in | name=akamai netsession interface |

"{1707C630-76EF-4919-B6D0-B7672EDFBF9C}" = lport=51288 | protocol=6 | dir=in | name=akamai netsession interface |

"{17F2CBB2-50D7-45FF-80CB-5C39B7C8D791}" = lport=49406 | protocol=6 | dir=in | name=akamai netsession interface |

"{181F9E65-E7C8-4362-A934-F951503CBBBF}" = lport=50890 | protocol=6 | dir=in | name=akamai netsession interface |

"{18B79136-C977-4AEF-BDE1-B9CB6CCABF33}" = lport=49602 | protocol=6 | dir=in | name=akamai netsession interface |

"{19756D30-93EE-4785-8754-1DD3FEA14BA5}" = lport=51344 | protocol=6 | dir=in | name=akamai netsession interface |

"{19D4EB17-E74B-4975-BCC5-AD800AE30C5F}" = lport=50693 | protocol=6 | dir=in | name=akamai netsession interface |

"{1A9464A0-1465-4E2B-A7E1-FC5610A15370}" = lport=49903 | protocol=6 | dir=in | name=akamai netsession interface |

"{1AB8C1AD-CE73-472A-87BA-EC3FF2D738E0}" = lport=65306 | protocol=6 | dir=in | name=akamai netsession interface |

"{1B096655-45EF-4156-A186-0C599C292113}" = lport=49337 | protocol=6 | dir=in | name=akamai netsession interface |

"{1BCEA3B9-6E68-4E67-B88C-91F1E925DDF5}" = lport=50970 | protocol=6 | dir=in | name=akamai netsession interface |

"{1C02E55A-A3D6-4C2B-8F8B-988D792E5839}" = lport=49494 | protocol=6 | dir=in | name=akamai netsession interface |

"{1CAC9CAA-BF93-4A3F-A384-20BBFEC6B554}" = lport=52812 | protocol=6 | dir=in | name=akamai netsession interface |

"{1D3F959D-9793-45D4-A2D7-94804482D3AC}" = lport=137 | protocol=17 | dir=in | app=system |

"{1D4C1FEB-5691-4234-AECE-68E6D6C6080A}" = lport=49249 | protocol=6 | dir=in | name=akamai netsession interface |

"{1D8833C3-0A4C-46F7-B963-F33A0B2ACFE0}" = lport=51298 | protocol=6 | dir=in | name=akamai netsession interface |

"{1D8D10E5-D590-4EDF-AA0A-16E12ECCF011}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |

"{1DB7098D-1A48-4399-9E38-77C06FC20753}" = lport=62524 | protocol=6 | dir=in | name=akamai netsession interface |

"{1E174843-42A5-458B-9DBF-AF068DBD3F3B}" = rport=138 | protocol=17 | dir=out | app=system |

"{1E27FF87-1EA9-4851-994D-81D07C3EC34E}" = lport=51192 | protocol=6 | dir=in | name=akamai netsession interface |

"{1E4FBE87-829B-428E-92AA-70956F3DD57F}" = lport=52437 | protocol=6 | dir=in | name=akamai netsession interface |

"{1E528625-5242-42D0-983D-51BD6BD6AC71}" = lport=49765 | protocol=6 | dir=in | name=akamai netsession interface |

"{1EAF9CBC-FA61-4CC6-BCA0-9A4E3D417CC9}" = lport=49622 | protocol=6 | dir=in | name=akamai netsession interface |

"{1ECF920A-368E-48FA-8024-477512D4877C}" = lport=50936 | protocol=6 | dir=in | name=akamai netsession interface |

"{1F13FD63-E8AF-4B0B-A8DD-B8E38D636BD7}" = lport=49629 | protocol=6 | dir=in | name=akamai netsession interface |

"{1F3AE723-C686-429C-BEBD-3B69A0A9D4BA}" = lport=52222 | protocol=6 | dir=in | name=akamai netsession interface |

"{1F425EB7-B40D-4CCD-A8F1-8AD9D25D6BD4}" = lport=50090 | protocol=6 | dir=in | name=akamai netsession interface |

"{1F94F6EC-FBC0-4BFA-925A-B314FCAFA23B}" = lport=52672 | protocol=6 | dir=in | name=akamai netsession interface |

"{205A4F37-749F-4EB2-83B4-C64B763413C0}" = lport=49512 | protocol=6 | dir=in | name=akamai netsession interface |

"{208DEB7D-F416-4C58-9B77-5588DB37903F}" = lport=49660 | protocol=6 | dir=in | name=akamai netsession interface |

"{20BF6252-0175-4599-A5DF-F44FFCB820BC}" = lport=50232 | protocol=6 | dir=in | name=akamai netsession interface |

"{20CED51A-0965-432D-8E81-1964472935B0}" = lport=52566 | protocol=6 | dir=in | name=akamai netsession interface |

"{21032665-2C11-4477-B7A0-FB5D29DAF697}" = lport=49347 | protocol=6 | dir=in | name=akamai netsession interface |

"{2161266E-98B2-45C4-A594-7BBDDA6E9056}" = lport=51007 | protocol=6 | dir=in | name=akamai netsession interface |

"{21863127-ED5A-4148-9006-EFAD100E1DE6}" = lport=49577 | protocol=6 | dir=in | name=akamai netsession interface |

"{2203DCC7-0BAA-4302-A85B-D71A796709A6}" = lport=49177 | protocol=6 | dir=in | name=akamai netsession interface |

"{2227AFCB-1BE4-4C9B-B939-5EC1735C175C}" = lport=51173 | protocol=6 | dir=in | name=akamai netsession interface |

"{229EBEB7-D836-4EE8-8DA1-5E6BC19E4121}" = lport=53050 | protocol=6 | dir=in | name=akamai netsession interface |

"{22BCBD53-26B0-4A81-86D8-D1216E0542E4}" = lport=54456 | protocol=6 | dir=in | name=akamai netsession interface |

"{23B6D333-F601-4AA7-A141-F5EC45C87B98}" = lport=53292 | protocol=6 | dir=in | name=akamai netsession interface |

"{23DD3116-AF05-4AB3-835E-185BFAA44253}" = lport=50761 | protocol=6 | dir=in | name=akamai netsession interface |

"{245C54AB-F2DB-461D-9DE4-C383A3BAB9FA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{265632FE-A3B3-4270-8129-E9BEB6EE14C4}" = lport=49369 | protocol=6 | dir=in | name=akamai netsession interface |

"{26F6BB75-ED6F-4920-A42D-1E6D5EB025AE}" = lport=55949 | protocol=6 | dir=in | name=akamai netsession interface |

"{284BA9CF-8FA5-4568-8B99-5A3F44F31BF4}" = lport=52774 | protocol=6 | dir=in | name=akamai netsession interface |

"{290D368B-DFB3-4D21-A80C-F054B836C40D}" = lport=49508 | protocol=6 | dir=in | name=akamai netsession interface |

"{292576DC-B3A0-4B59-9575-FB216341F226}" = lport=49251 | protocol=6 | dir=in | name=akamai netsession interface |

"{294D9FA8-98E9-40C2-89FA-F035B56A146B}" = lport=49283 | protocol=6 | dir=in | name=akamai netsession interface |

"{299D2CD0-E8A8-4C4F-9AC8-4AA56ACD435E}" = lport=49923 | protocol=6 | dir=in | name=akamai netsession interface |

"{299E6988-7656-43FC-9E80-FDBFF739AB2A}" = lport=49233 | protocol=6 | dir=in | name=akamai netsession interface |

"{29B614F6-0D8A-4965-902D-AD3DCA27E30E}" = lport=52782 | protocol=6 | dir=in | name=akamai netsession interface |

"{29D7409D-848D-4904-BE5A-A467EAB95B96}" = lport=49793 | protocol=6 | dir=in | name=akamai netsession interface |

"{2A032145-8278-43D9-A268-0FCBFBC661C0}" = lport=55248 | protocol=6 | dir=in | name=akamai netsession interface |

"{2A2EDA68-9B97-4EC2-BA48-4445267559AD}" = lport=53365 | protocol=6 | dir=in | name=akamai netsession interface |

"{2A429FB4-2217-4667-B5E8-9B7701B9ABCA}" = lport=49274 | protocol=6 | dir=in | name=akamai netsession interface |

"{2A95D934-5981-44B5-AA74-1FD54CD46530}" = lport=53206 | protocol=6 | dir=in | name=akamai netsession interface |

"{2ABED733-C6D4-4AB0-940A-CF9E64445D42}" = lport=58707 | protocol=6 | dir=in | name=akamai netsession interface |

"{2AE3D9AF-9A15-480B-A703-6B3FC33AA901}" = lport=49616 | protocol=6 | dir=in | name=akamai netsession interface |

"{2B317B6B-A931-479B-9A54-52E0C33BD266}" = lport=49893 | protocol=6 | dir=in | name=akamai netsession interface |

"{2B3A0E0D-AF9F-41C0-AFB8-A6A443704A9A}" = lport=49544 | protocol=6 | dir=in | name=akamai netsession interface |

"{2B753E3F-868D-4BF9-BEF9-B5A6190710AB}" = lport=49352 | protocol=6 | dir=in | name=akamai netsession interface |

"{2C8079FD-20A2-4C54-A867-55D66CBCBDE7}" = lport=49525 | protocol=6 | dir=in | name=akamai netsession interface |

"{2C9AB888-1771-47EF-A603-141BD122212A}" = lport=55405 | protocol=6 | dir=in | name=akamai netsession interface |

"{2DC73CC8-9330-4170-A891-8AB6E76D3368}" = lport=51039 | protocol=6 | dir=in | name=akamai netsession interface |

"{2DE7BDD8-253D-481D-B30E-39FB5BD2322C}" = lport=49254 | protocol=6 | dir=in | name=akamai netsession interface |

"{2E9A17AF-1CB1-4E1C-ADF3-849165688BC1}" = lport=50013 | protocol=6 | dir=in | name=akamai netsession interface |

"{2FF5A552-7171-4BB0-A7EF-1E6FC8B047FF}" = lport=50828 | protocol=6 | dir=in | name=akamai netsession interface |

"{3008DD75-2834-44FD-86D0-B50CB544E6B4}" = lport=49812 | protocol=6 | dir=in | name=akamai netsession interface |

"{301ED48F-B100-454F-9E4F-1A187B0A4F72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{31486451-D12A-4B12-B475-20704861360C}" = lport=51075 | protocol=6 | dir=in | name=akamai netsession interface |

"{31B238FB-0B05-4385-8BE5-1463B2D9EFF8}" = lport=49192 | protocol=6 | dir=in | name=akamai netsession interface |

"{31F20C11-EFB3-4414-BA81-F6F47D5C7031}" = lport=50678 | protocol=6 | dir=in | name=akamai netsession interface |

"{32927F33-FDB2-426F-AD75-0E64DDEFE0F0}" = lport=61334 | protocol=6 | dir=in | name=akamai netsession interface |

"{340F0C84-A822-4CD3-BE36-80D99CA66B7A}" = lport=49411 | protocol=6 | dir=in | name=akamai netsession interface |

"{34229AE4-7CAE-4FFF-8F7E-5A63DD39390C}" = lport=50563 | protocol=6 | dir=in | name=akamai netsession interface |

"{3470A991-AE2A-4EFA-9EF2-2CC3CB1A6116}" = lport=49176 | protocol=6 | dir=in | name=akamai netsession interface |

"{34B54B0C-05D1-4781-9144-70968AAB40BF}" = lport=50862 | protocol=6 | dir=in | name=akamai netsession interface |

"{34C0C4F3-0C0E-4DE1-B4CE-4C31E5B1F7A2}" = lport=58461 | protocol=6 | dir=in | name=akamai netsession interface |

"{352DC46D-D394-4535-8B54-A5A46CF94BFE}" = lport=50328 | protocol=6 | dir=in | name=akamai netsession interface |

"{353D9437-2751-4A06-9D35-FFFC0F073FC0}" = lport=51095 | protocol=6 | dir=in | name=akamai netsession interface |

"{3571E7EB-2D44-4782-B56E-CAA4DA5C7E93}" = lport=49392 | protocol=6 | dir=in | name=akamai netsession interface |

"{357A6722-795F-4A7C-94B2-B862BAA21319}" = lport=51036 | protocol=6 | dir=in | name=akamai netsession interface |

"{35E95AA9-3C5C-46A1-9A20-1ACF7E035757}" = lport=50943 | protocol=6 | dir=in | name=akamai netsession interface |

"{35F2D47F-F76E-4C3C-9D2D-C9D744CC3B15}" = lport=49515 | protocol=6 | dir=in | name=akamai netsession interface |

"{3765935B-1698-4C79-8AA4-B24B11852BAE}" = lport=51511 | protocol=6 | dir=in | name=akamai netsession interface |

"{376701B9-F5F2-4FA9-924D-7ABDA462BBA1}" = lport=49895 | protocol=6 | dir=in | name=akamai netsession interface |

"{37D47236-2B7D-4FDD-8A12-6F15EB2B0C20}" = lport=50498 | protocol=6 | dir=in | name=akamai netsession interface |

"{383D1565-5FCA-4A90-90CD-B54EFD1E7D77}" = lport=49401 | protocol=6 | dir=in | name=akamai netsession interface |

"{397443D8-A9CF-4D14-8485-8007DDC78FBA}" = lport=50026 | protocol=6 | dir=in | name=akamai netsession interface |

"{3A699A44-BE74-4A0E-BF2E-541BDE760C3F}" = lport=51760 | protocol=6 | dir=in | name=akamai netsession interface |

"{3A90948A-3B9F-450F-8694-5062EAB81A94}" = lport=60789 | protocol=6 | dir=in | name=akamai netsession interface |

"{3AF4CA35-402C-4EFA-8838-E377BC220C27}" = lport=51991 | protocol=6 | dir=in | name=akamai netsession interface |

"{3D66E233-95E6-4AAA-8DFE-12BDFF07C247}" = lport=50592 | protocol=6 | dir=in | name=akamai netsession interface |

"{3D9913F9-C40E-4F25-962D-14BFD205CAD2}" = lport=53827 | protocol=6 | dir=in | name=akamai netsession interface |

"{3E1FC920-2E96-46D9-AE92-3D906682656C}" = lport=50051 | protocol=6 | dir=in | name=akamai netsession interface |

"{3E2F9105-DDB1-4F50-AC78-231A8BB116EE}" = lport=50455 | protocol=6 | dir=in | name=akamai netsession interface |

"{3E52154D-AF64-4FDF-BE5B-BB95D4BF8AB5}" = lport=50906 | protocol=6 | dir=in | name=akamai netsession interface |

"{3F232DF8-7569-4547-86A7-5AEFE9AD63F7}" = lport=49437 | protocol=6 | dir=in | name=akamai netsession interface |

"{3F4B8D3E-5FD1-401E-AC99-B249CA153EF2}" = lport=49443 | protocol=6 | dir=in | name=akamai netsession interface |

"{409F92A5-A905-428F-A2D8-83D8D117E634}" = lport=49373 | protocol=6 | dir=in | name=akamai netsession interface |

"{40EB271C-3837-4B90-9F44-E082B21007C1}" = lport=49218 | protocol=6 | dir=in | name=akamai netsession interface |

"{417B2145-C9D8-4218-8468-5B705A1A58C0}" = lport=49320 | protocol=6 | dir=in | name=akamai netsession interface |

"{42C1B15F-6A40-45C4-8729-BC72A533A713}" = lport=49535 | protocol=6 | dir=in | name=akamai netsession interface |

"{42F176F2-7C10-415E-BF96-4FE477B20643}" = lport=49382 | protocol=6 | dir=in | name=akamai netsession interface |

"{43557D2D-1CF1-4A81-8A09-131294B4D340}" = lport=49909 | protocol=6 | dir=in | name=akamai netsession interface |

"{439124CC-74EB-4263-9128-DF8E0BA067FE}" = lport=50349 | protocol=6 | dir=in | name=akamai netsession interface |

"{43E0CEB6-CA09-46F9-8D89-E480B00C055A}" = lport=50289 | protocol=6 | dir=in | name=akamai netsession interface |

"{43EF6CA0-40DD-4BE6-BEB3-FD1DA88329B8}" = lport=65323 | protocol=6 | dir=in | name=akamai netsession interface |

"{44A0DE8A-5A24-4D7A-B581-62CEEAB55CD9}" = lport=49694 | protocol=6 | dir=in | name=akamai netsession interface |

"{467F9DE1-D452-4374-868C-6F88E10C5967}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{47FA2D08-2669-47D7-8FE5-34EF94CF6810}" = lport=51397 | protocol=6 | dir=in | name=akamai netsession interface |

"{48316EF5-42F8-49A1-970D-BEE6D263A65A}" = lport=55398 | protocol=6 | dir=in | name=akamai netsession interface |

"{488C1950-AD9E-4F00-B681-78FEB0A5C8F5}" = lport=49582 | protocol=6 | dir=in | name=akamai netsession interface |

"{48919C88-F365-42DE-8066-EB3582FB5E6A}" = lport=51216 | protocol=6 | dir=in | name=akamai netsession interface |

"{48920E4F-3FAF-4F76-904C-DE9135B86705}" = lport=53254 | protocol=6 | dir=in | name=akamai netsession interface |

"{4A383A51-8E12-4BD2-9E2D-A72D2216A497}" = lport=139 | protocol=6 | dir=in | app=system |

"{4A5855E0-3A92-44F5-AFCE-BD8ED3F1EA56}" = lport=51326 | protocol=6 | dir=in | name=akamai netsession interface |

"{4A587666-3FC4-460F-BC49-48437D566096}" = lport=49863 | protocol=6 | dir=in | name=akamai netsession interface |

"{4AB38269-3DCD-4A81-857D-2F7084B7EC94}" = lport=49267 | protocol=6 | dir=in | name=akamai netsession interface |

"{4B640A98-DC84-4132-B216-8CF6C151305B}" = lport=54518 | protocol=6 | dir=in | name=akamai netsession interface |

"{4BA13AA8-4F50-48F0-8968-F465C82811A7}" = lport=52344 | protocol=6 | dir=in | name=akamai netsession interface |

"{4BDB3557-920E-4B09-80CF-51FDCDAAA56F}" = lport=49580 | protocol=6 | dir=in | name=akamai netsession interface |

"{4C2BBCBB-51FB-4887-BB2E-6E2D73855770}" = lport=49468 | protocol=6 | dir=in | name=akamai netsession interface |

"{4CD0464B-6C62-4156-9297-2E126409BCE0}" = lport=49567 | protocol=6 | dir=in | name=akamai netsession interface |

"{4E3492A9-F6E5-450C-AB3C-CDBD31578972}" = lport=50134 | protocol=6 | dir=in | name=akamai netsession interface |

"{4EBBA172-6A4F-4847-954E-499D006576BA}" = lport=49319 | protocol=6 | dir=in | name=akamai netsession interface |

"{4ECCDA6D-0A49-4D28-8BC1-6233D2AE9CB0}" = lport=49266 | protocol=6 | dir=in | name=akamai netsession interface |

"{4F377B07-F8FC-4954-9109-8501565BED64}" = lport=54009 | protocol=6 | dir=in | name=akamai netsession interface |

"{4F4E3287-751C-4DFD-AC25-01F0B727A218}" = lport=52979 | protocol=6 | dir=in | name=akamai netsession interface |

"{4F87CB8D-C632-468B-ADA2-61E6E234CCBF}" = lport=58756 | protocol=6 | dir=in | name=akamai netsession interface |

"{4FF7BC55-C961-49DC-A5B3-694A2083B19B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{4FF9E654-1FDA-46EF-A398-A869B530E082}" = lport=49404 | protocol=6 | dir=in | name=akamai netsession interface |

"{5044639F-B528-4956-986B-380AFFBF405C}" = lport=53575 | protocol=6 | dir=in | name=akamai netsession interface |

"{504D41DE-6AF3-494F-B0C0-CA5E66B2A405}" = lport=49505 | protocol=6 | dir=in | name=akamai netsession interface |

"{505DC67F-32A6-446B-B88B-7229FC941459}" = lport=50369 | protocol=6 | dir=in | name=akamai netsession interface |

"{5094FA41-4817-4AA0-AC0F-FF77EC0FFBD6}" = lport=50910 | protocol=6 | dir=in | name=akamai netsession interface |

"{50B813D6-D62E-4B09-97CB-66B80E1FBEC4}" = lport=49732 | protocol=6 | dir=in | name=akamai netsession interface |

"{5128CADC-2BAA-4D1D-A99A-27D148183B38}" = lport=49952 | protocol=6 | dir=in | name=akamai netsession interface |

"{5129DD61-610D-4EA1-96F9-16FFBD860923}" = lport=50283 | protocol=6 | dir=in | name=akamai netsession interface |

"{51B1021C-8FCE-49EF-AE32-11C05F6CBB1C}" = lport=49809 | protocol=6 | dir=in | name=akamai netsession interface |

"{51C9B674-C264-486C-A086-E8805C2ABD34}" = lport=51114 | protocol=6 | dir=in | name=akamai netsession interface |

"{51D7E272-609B-4792-AA37-5A5041FE0820}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface |

"{5253EAFD-EC30-4975-8990-89E29CDCCBE0}" = lport=57862 | protocol=6 | dir=in | name=akamai netsession interface |

"{53538AA5-14A1-4761-ACAA-514EF135E178}" = lport=49824 | protocol=6 | dir=in | name=akamai netsession interface |

"{5377F180-64EF-4A1E-B36C-DF4BE81F0006}" = lport=51308 | protocol=6 | dir=in | name=akamai netsession interface |

"{53F2C6F4-2E3C-4766-966D-074CB667FE91}" = lport=52394 | protocol=6 | dir=in | name=akamai netsession interface |

"{54542A68-E31F-44A0-9189-99B26FEFBA5C}" = lport=49850 | protocol=6 | dir=in | name=akamai netsession interface |

"{551FF562-96EF-44CF-B467-BCBB1386F0BB}" = lport=49374 | protocol=6 | dir=in | name=akamai netsession interface |

"{5553319B-A492-4428-A2D9-5BF486057A5B}" = lport=49378 | protocol=6 | dir=in | name=akamai netsession interface |

"{55AE74CD-DC11-4D83-A99E-AD763A24E7AC}" = lport=49813 | protocol=6 | dir=in | name=akamai netsession interface |

"{55D1A944-A81C-4A00-BBBA-55BFD4A86009}" = lport=49296 | protocol=6 | dir=in | name=akamai netsession interface |

"{56A3F930-36F7-4604-80B2-6DCB2F596E84}" = lport=60447 | protocol=6 | dir=in | name=akamai netsession interface |

"{56F0DF5C-BF7E-4E49-9F7D-E303AA3562DA}" = lport=60037 | protocol=6 | dir=in | name=akamai netsession interface |

"{5765D6CC-D4A1-4A7E-935D-28708BCFCF5E}" = lport=50227 | protocol=6 | dir=in | name=akamai netsession interface |

"{578D9AA6-E115-498A-A1E6-EC614C99E5E4}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |

"{594C5E9D-5DCB-4E27-A757-B8D238907BB8}" = lport=49306 | protocol=6 | dir=in | name=akamai netsession interface |

"{5966DA0C-AC3E-47B3-96F7-06670DFA9A85}" = lport=50737 | protocol=6 | dir=in | name=akamai netsession interface |

"{59E2020E-FA52-4FCF-8594-43E2F64008FA}" = lport=51029 | protocol=6 | dir=in | name=akamai netsession interface |

"{5A332D4A-38CE-4A9E-A599-CF936745C15D}" = lport=50553 | protocol=6 | dir=in | name=akamai netsession interface |

"{5A67061B-A63B-44D2-98AF-495FE08EDD56}" = lport=49221 | protocol=6 | dir=in | name=akamai netsession interface |

"{5A95A8C4-676D-485B-A8DA-16F2ED97830A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5B030A67-7A57-4100-AF4F-69D8B2EABC63}" = lport=50320 | protocol=6 | dir=in | name=akamai netsession interface |

"{5BB6B250-1AEF-46DA-AB76-B3D5DFAA2450}" = lport=55492 | protocol=6 | dir=in | name=akamai netsession interface |

"{5C344FC7-22C7-4561-9644-3A2427362918}" = lport=51236 | protocol=6 | dir=in | name=akamai netsession interface |

"{5CBD9941-5AE4-4DA7-A412-630EF1D9A8FD}" = lport=49575 | protocol=6 | dir=in | name=akamai netsession interface |

"{5CD0254B-E737-425E-91B9-6561DCEB9B48}" = lport=51324 | protocol=6 | dir=in | name=akamai netsession interface |

"{5D71FB02-E6EB-4E16-999A-75D147CAAFB6}" = lport=49226 | protocol=6 | dir=in | name=akamai netsession interface |

"{5DF5D3FA-C8BB-4655-828B-7B197F4252A5}" = lport=50156 | protocol=6 | dir=in | name=akamai netsession interface |

"{5EF953A3-275B-4878-A0F8-8F56397A5DCA}" = lport=50009 | protocol=6 | dir=in | name=akamai netsession interface |

"{5FEEAD6D-F220-4B2C-B061-995226ACE354}" = lport=52189 | protocol=6 | dir=in | name=akamai netsession interface |

"{600D4350-69F3-40D1-8397-1A5C2C2C1B93}" = lport=49860 | protocol=6 | dir=in | name=akamai netsession interface |

"{6074E1EC-C2AB-4156-9396-955E90431DCC}" = lport=49299 | protocol=6 | dir=in | name=akamai netsession interface |

"{610FAF58-C46D-4D45-B7C8-04FF08EF3203}" = lport=50168 | protocol=6 | dir=in | name=akamai netsession interface |

"{6176E2A8-4F5E-42FC-A9D0-3E397C83A812}" = lport=49843 | protocol=6 | dir=in | name=akamai netsession interface |

"{61FDA6D7-29E1-42DD-8339-26563D577335}" = lport=49485 | protocol=6 | dir=in | name=akamai netsession interface |

"{6246C294-8280-44DE-AC11-2671139E75F6}" = lport=49945 | protocol=6 | dir=in | name=akamai netsession interface |

"{62BF8D00-79C8-46BF-9248-7D6647576479}" = lport=53144 | protocol=6 | dir=in | name=akamai netsession interface |

"{62E8C65F-D7BF-4900-B6D6-84B9B73F320E}" = lport=49780 | protocol=6 | dir=in | name=akamai netsession interface |

"{6317BFDD-4530-488A-9F81-282CCBB8B4FC}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |

"{63A4D438-3B71-40DB-87A8-678DA7B67C12}" = lport=50930 | protocol=6 | dir=in | name=akamai netsession interface |

"{63A51550-E4D9-4353-9E0E-6CB71A2D798B}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |

"{63C4676D-9C20-4639-A3E7-7384CCEDF918}" = lport=51528 | protocol=6 | dir=in | name=akamai netsession interface |

"{645D759B-2EBE-4AFA-A3C5-6A80A9F34363}" = lport=51714 | protocol=6 | dir=in | name=akamai netsession interface |

"{6466D5DB-039D-4514-B82D-F1A3FC73D13C}" = lport=49722 | protocol=6 | dir=in | name=akamai netsession interface |

"{648BEE9C-A9CE-4F7B-B43B-B85A1B6EBD5F}" = lport=50617 | protocol=6 | dir=in | name=akamai netsession interface |

"{64CB9882-07C1-41E4-AE80-0420FBB5AB47}" = lport=50978 | protocol=6 | dir=in | name=akamai netsession interface |

"{6525639F-16FC-4EC3-A15D-34C10DD74C1F}" = lport=54429 | protocol=6 | dir=in | name=akamai netsession interface |

"{652D89AF-399E-437E-B79A-3E3984CFE1FA}" = lport=49424 | protocol=6 | dir=in | name=akamai netsession interface |

"{654B776B-AA60-45E1-BA45-BEBCF3A4388E}" = lport=51755 | protocol=6 | dir=in | name=akamai netsession interface |

"{6591A076-165B-4755-973B-083A41FD3591}" = lport=49846 | protocol=6 | dir=in | name=akamai netsession interface |

"{65E6FD71-A71B-4F1D-AEB0-BA7937887A6C}" = lport=51243 | protocol=6 | dir=in | name=akamai netsession interface |

"{6650061F-68A3-484D-92D2-E3C4DA20AC9F}" = lport=49461 | protocol=6 | dir=in | name=akamai netsession interface |

"{670E328D-8871-49E8-A6FF-45E29512B118}" = lport=49365 | protocol=6 | dir=in | name=akamai netsession interface |

"{6788B32E-862A-4F01-AD88-BA3B7CFCA6CB}" = lport=49733 | protocol=6 | dir=in | name=akamai netsession interface |

"{67F81127-9097-4607-9A08-4A224F17D160}" = lport=49703 | protocol=6 | dir=in | name=akamai netsession interface |

"{68768810-6164-4FC0-8127-9B7556475B6D}" = lport=50548 | protocol=6 | dir=in | name=akamai netsession interface |

"{6888F57E-21E5-4399-9117-411FCE29E957}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{68E36880-9810-424A-95FB-347BFC79FBBE}" = lport=53567 | protocol=6 | dir=in | name=akamai netsession interface |

"{694DDBC5-9BA7-4BD1-85B0-C216AD433EC1}" = lport=51532 | protocol=6 | dir=in | name=akamai netsession interface |

"{6978D68B-822B-4ACA-A1A3-53E9F5C90AD5}" = lport=52032 | protocol=6 | dir=in | name=akamai netsession interface |

"{69BE9146-31C3-4CDA-A087-14F8C2CC23D0}" = lport=50735 | protocol=6 | dir=in | name=akamai netsession interface |

"{6A3F5A5A-050A-4BCA-9024-7721F44E2683}" = lport=49478 | protocol=6 | dir=in | name=akamai netsession interface |

"{6AAE6B27-B337-488E-9E34-4DE7C63DF03C}" = lport=50662 | protocol=6 | dir=in | name=akamai netsession interface |

"{6B195B73-18FD-47AB-AC26-583C1AA404A2}" = lport=55945 | protocol=6 | dir=in | name=akamai netsession interface |

"{6B31324A-7FDE-46F7-A18A-7E02FD1E39B1}" = lport=49428 | protocol=6 | dir=in | name=akamai netsession interface |

"{6B64229F-9148-4D69-8D92-BFCCEBC48C94}" = lport=50353 | protocol=6 | dir=in | name=akamai netsession interface |

"{6B9038A4-9040-4485-A401-7B4A763610FB}" = lport=49978 | protocol=6 | dir=in | name=akamai netsession interface |

"{6B98D543-CC5E-4B6B-BC46-9CB1CF992D00}" = lport=51254 | protocol=6 | dir=in | name=akamai netsession interface |

"{6CF64723-F57A-4F47-B481-CF3F12D57B35}" = lport=51008 | protocol=6 | dir=in | name=akamai netsession interface |

"{6D42E375-83DB-4790-A545-E02EC4A39029}" = lport=49662 | protocol=6 | dir=in | name=akamai netsession interface |

"{6DE30026-253D-4BB2-9EE0-C247D874FBB6}" = lport=56362 | protocol=6 | dir=in | name=akamai netsession interface |

"{6E0A6570-2FD6-41B8-AFEB-F2A215D2B001}" = lport=50361 | protocol=6 | dir=in | name=akamai netsession interface |

"{6E4BE3BC-1D03-4C70-821E-15B99710A5BE}" = lport=138 | protocol=17 | dir=in | app=system |

"{6E703664-26F4-4089-AA10-F191755F3453}" = lport=49796 | protocol=6 | dir=in | name=akamai netsession interface |

"{6EC53DD4-A53F-4687-B7F6-B1AEE54EBE23}" = lport=49777 | protocol=6 | dir=in | name=akamai netsession interface |

"{6EDF4AB5-46C3-4302-8AFD-C73F296CAFF9}" = lport=53656 | protocol=6 | dir=in | name=akamai netsession interface |

"{6EFF5A48-3E8A-4634-AC95-9A8ADEB3F516}" = lport=61581 | protocol=6 | dir=in | name=akamai netsession interface |

"{6F82CC08-25D9-4B4D-B78D-91EA34CAAEB0}" = lport=49817 | protocol=6 | dir=in | name=akamai netsession interface |

"{6FF7F583-08BA-4545-8AAC-A862C5775E1C}" = lport=54436 | protocol=6 | dir=in | name=akamai netsession interface |

"{70245D2F-7B05-4C13-BBD9-41758AB762E9}" = lport=49204 | protocol=6 | dir=in | name=akamai netsession interface |

"{707D9501-DBD0-4EA0-A10C-A491FE8DF8CE}" = lport=49710 | protocol=6 | dir=in | name=akamai netsession interface |

"{711A4FB5-DEA1-460B-AFF1-3B31A81D0475}" = lport=49346 | protocol=6 | dir=in | name=akamai netsession interface |

"{7268DFDC-AFEC-4E02-8FB1-B3684BF53E77}" = lport=52350 | protocol=6 | dir=in | name=akamai netsession interface |

"{72B26654-62E4-416A-9A85-6BC8FB5CD04A}" = lport=52152 | protocol=6 | dir=in | name=akamai netsession interface |

"{72DEF283-388D-4898-8DA4-DB6723B52188}" = lport=53116 | protocol=6 | dir=in | name=akamai netsession interface |

"{73334950-8B57-41E4-8FD5-4DD12850CEB7}" = lport=55970 | protocol=6 | dir=in | name=akamai netsession interface |

"{73DEB8F1-2C58-4A41-A00C-1CB15F5AFB72}" = lport=49874 | protocol=6 | dir=in | name=akamai netsession interface |

"{74520BF2-B6D2-44E0-96A0-C3E019115CC7}" = lport=55917 | protocol=6 | dir=in | name=akamai netsession interface |

"{74D1A1CB-2DDF-4622-A845-77FD89186BC9}" = lport=49653 | protocol=6 | dir=in | name=akamai netsession interface |

"{7618511A-35CC-4ACE-B521-CFB8D081DA18}" = lport=49394 | protocol=6 | dir=in | name=akamai netsession interface |

"{764713A3-11F5-4D22-9870-8BF5D6B77165}" = lport=52054 | protocol=6 | dir=in | name=akamai netsession interface |

"{76E5B2F2-6B2F-4969-A919-9459624B8609}" = lport=50415 | protocol=6 | dir=in | name=akamai netsession interface |

"{771C2FD5-AE3A-49E9-8D5E-C03F58853E4A}" = lport=49968 | protocol=6 | dir=in | name=akamai netsession interface |

"{77BC2128-F625-48E6-AAD8-07018A8D73AC}" = lport=50330 | protocol=6 | dir=in | name=akamai netsession interface |

"{7AD28A38-7C1D-47EF-9954-11E77EFDBEAD}" = lport=64815 | protocol=6 | dir=in | name=akamai netsession interface |

"{7B37028A-EB4B-45AF-BDB6-9E00749FFE07}" = lport=55965 | protocol=6 | dir=in | name=akamai netsession interface |

"{7B70CFB5-B970-431B-B50D-DD49A00F36BD}" = lport=52910 | protocol=6 | dir=in | name=akamai netsession interface |

"{7BB52E6C-F697-456E-AD20-02F51294DEE8}" = lport=52076 | protocol=6 | dir=in | name=akamai netsession interface |

"{7BF272D2-64DA-4DDC-BD77-96834913B54B}" = lport=49313 | protocol=6 | dir=in | name=akamai netsession interface |

"{7C5F8E25-B0CF-4A8A-9BC1-BABDD6369014}" = lport=50850 | protocol=6 | dir=in | name=akamai netsession interface |

"{7C6B5151-A926-4302-B440-C792171FC98B}" = lport=50571 | protocol=6 | dir=in | name=akamai netsession interface |

"{7CAF4CBF-E2C9-4318-93EB-CB7F5D6E436B}" = lport=50441 | protocol=6 | dir=in | name=akamai netsession interface |

"{7CC95ADA-7F0F-4676-B804-D0744A59F069}" = lport=49198 | protocol=6 | dir=in | name=akamai netsession interface |

"{7CDDDD05-FB0D-443B-BFB4-40B5BF1CD16A}" = lport=52168 | protocol=6 | dir=in | name=akamai netsession interface |

"{7D040BE5-8669-4D53-9951-368CC9AAEDD7}" = lport=49300 | protocol=6 | dir=in | name=akamai netsession interface |

"{7D1C4053-5B82-4DE4-A0FA-22E48A863F05}" = lport=55984 | protocol=6 | dir=in | name=akamai netsession interface |

"{7D1F442E-C7A1-4109-A618-8E1AFA3D6413}" = lport=51909 | protocol=6 | dir=in | name=akamai netsession interface |

"{7E892D49-6104-4FA7-AF28-52E01E001260}" = lport=50176 | protocol=6 | dir=in | name=akamai netsession interface |

"{7EB9D403-79A6-4730-8502-0743E088034B}" = lport=50223 | protocol=6 | dir=in | name=akamai netsession interface |

"{7EBAC53C-20BD-4008-A53A-F01F75B9323A}" = lport=49600 | protocol=6 | dir=in | name=akamai netsession interface |

"{7ECB8C0D-DD04-4BF4-8EA4-FE224707942E}" = lport=445 | protocol=6 | dir=in | app=system |

"{7F02279B-24E3-4A56-95F0-345188A55002}" = lport=51409 | protocol=6 | dir=in | name=akamai netsession interface |

"{7F1CCB18-8F88-4E80-A557-EB3BEE57B02E}" = lport=49811 | protocol=6 | dir=in | name=akamai netsession interface |

"{7F60E827-601F-4B3B-B666-A6D692AD8D8B}" = lport=50818 | protocol=6 | dir=in | name=akamai netsession interface |

"{7F87B9B4-A37C-462E-A904-60BF9054CB45}" = lport=52374 | protocol=6 | dir=in | name=akamai netsession interface |

"{7FBD744B-433A-45DC-A9AF-E82E57659B3F}" = lport=51367 | protocol=6 | dir=in | name=akamai netsession interface |

"{8008B52B-43FC-43A6-8844-2E4C21512110}" = lport=49195 | protocol=6 | dir=in | name=akamai netsession interface |

"{804E4FD4-99F8-4A37-8746-9C98F155FA50}" = lport=49171 | protocol=6 | dir=in | name=akamai netsession interface |

"{807799B6-25B7-4A1E-84D2-3BC5492C0901}" = lport=49570 | protocol=6 | dir=in | name=akamai netsession interface |

"{8125F271-4073-4958-A873-82CDD862C9A7}" = lport=50295 | protocol=6 | dir=in | name=akamai netsession interface |

"{815CC8C3-0847-4FF1-929F-66FA2B0D9822}" = lport=50456 | protocol=6 | dir=in | name=akamai netsession interface |

"{8209DAC5-9592-48C4-A9A2-D190A14EB2AD}" = lport=49529 | protocol=6 | dir=in | name=akamai netsession interface |

"{82B20C02-DB4D-4C2A-A998-42F2DDC2A4E7}" = lport=51220 | protocol=6 | dir=in | name=akamai netsession interface |

"{82BB38C1-3AF5-4E3A-B133-15FEFA40AF63}" = lport=49292 | protocol=6 | dir=in | name=akamai netsession interface |

"{834BA3D3-48C9-4225-9319-EAA4858C0787}" = lport=51775 | protocol=6 | dir=in | name=akamai netsession interface |

"{842CF452-592A-4FE3-B01E-E734DE626FAC}" = lport=51854 | protocol=6 | dir=in | name=akamai netsession interface |

"{84410C40-C141-4230-B2D2-AEC2049DAC3A}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |

"{844C8837-373E-4B20-8911-628A591539AF}" = lport=49764 | protocol=6 | dir=in | name=akamai netsession interface |

"{8505F4BE-203D-49B2-8608-F9E72D08BC5E}" = lport=52361 | protocol=6 | dir=in | name=akamai netsession interface |

"{8522D9EC-5FFA-41FE-B4DA-094D4C3D54F5}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |

"{859298E3-56D3-423E-B784-64F07153E70E}" = lport=49739 | protocol=6 | dir=in | name=akamai netsession interface |

"{865DFDFD-54E0-4D4E-83A2-0C11C8777E07}" = lport=51406 | protocol=6 | dir=in | name=akamai netsession interface |

"{86F3917C-D115-4AEC-BCDA-BB63E55FD339}" = lport=49335 | protocol=6 | dir=in | name=akamai netsession interface |

"{8712C519-AE60-46DE-B195-D8D4A32F0982}" = lport=50669 | protocol=6 | dir=in | name=akamai netsession interface |

"{87790628-AD50-4777-8773-7004EB7428EB}" = lport=49528 | protocol=6 | dir=in | name=akamai netsession interface |

"{877BB857-7F20-4481-9A7C-43436A1B7C2F}" = lport=51048 | protocol=6 | dir=in | name=akamai netsession interface |

"{87B9A0AF-76CD-41B9-A796-40448CAFC4BC}" = lport=49399 | protocol=6 | dir=in | name=akamai netsession interface |

"{87BDFE2A-A5BA-4110-BBCF-A20E306EDD03}" = lport=49993 | protocol=6 | dir=in | name=akamai netsession interface |

"{87CC543A-F13C-4CFB-A99D-EB5E5CE10C11}" = lport=52889 | protocol=6 | dir=in | name=akamai netsession interface |

"{87CF9EAA-811B-4B40-86BE-B61538DC31DD}" = lport=50827 | protocol=6 | dir=in | name=akamai netsession interface |

"{87E9255F-F0DD-477B-89CD-C40BFDA09F49}" = lport=49726 | protocol=6 | dir=in | name=akamai netsession interface |

"{880CC41D-A183-42C9-8AB5-56ED4E94DCB8}" = lport=51190 | protocol=6 | dir=in | name=akamai netsession interface |

"{898886AB-0BC7-4A96-9DB4-0E747AB72950}" = lport=49270 | protocol=6 | dir=in | name=akamai netsession interface |

"{89DE26E1-67F5-4BF1-8D0C-79AED5F633E2}" = lport=50822 | protocol=6 | dir=in | name=akamai netsession interface |

"{89EC5E41-4288-4B5E-82E6-75FCDC022F30}" = lport=49175 | protocol=6 | dir=in | name=akamai netsession interface |

"{8A03FB0D-1DCB-4890-9EEE-7B48473421E4}" = lport=51263 | protocol=6 | dir=in | name=akamai netsession interface |

"{8A476022-965C-493F-BD0E-5A7706D309CC}" = lport=50646 | protocol=6 | dir=in | name=akamai netsession interface |

"{8A527332-C887-4D0C-9EAF-3B3EB9B30E46}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |

"{8A5A8801-0B14-4ADE-B45A-A0CB65A17E4B}" = lport=49355 | protocol=6 | dir=in | name=akamai netsession interface |

"{8A7252A3-DAB3-4DF8-B33F-71B51B998D10}" = lport=52306 | protocol=6 | dir=in | name=akamai netsession interface |

"{8A9288E5-7512-4038-953F-E6BA8129E60D}" = lport=49191 | protocol=6 | dir=in | name=akamai netsession interface |

"{8AF07F70-4C1A-4DA4-952A-BA61BC4CB073}" = lport=49167 | protocol=6 | dir=in | name=akamai netsession interface |

"{8BA0F4F6-1093-403F-90A9-FCC76FBAA89B}" = lport=49276 | protocol=6 | dir=in | name=akamai netsession interface |

"{8BBB0EA8-585D-4A8F-BF69-E765DF4DA9D1}" = lport=55007 | protocol=6 | dir=in | name=akamai netsession interface |

"{8BD12C20-9ED7-47EA-8592-FA2473F5B453}" = lport=53548 | protocol=6 | dir=in | name=akamai netsession interface |

"{8C7D03B8-688C-4F7D-8FE2-C1D2ADA52B88}" = lport=54839 | protocol=6 | dir=in | name=akamai netsession interface |

"{8CA86506-050F-4F5E-BEFE-AEA4F5C8CDAF}" = lport=53962 | protocol=6 | dir=in | name=akamai netsession interface |

"{8D04306E-C1F7-4D9F-8133-D0560BDCB851}" = lport=49984 | protocol=6 | dir=in | name=akamai netsession interface |

"{8E1DD7E4-9497-48A2-99C1-5AB01FA1FB05}" = lport=49578 | protocol=6 | dir=in | name=akamai netsession interface |

"{8E7F804F-BFEB-4118-96E2-578FBD6487FE}" = lport=49511 | protocol=6 | dir=in | name=akamai netsession interface |

"{8E9F270C-7DBF-4BB4-9517-2977EC0AE464}" = lport=55899 | protocol=6 | dir=in | name=akamai netsession interface |

"{8F82F4C9-9E81-4368-AFD9-5FBDEAEA951B}" = lport=49339 | protocol=6 | dir=in | name=akamai netsession interface |

"{8FCB7DBE-49BC-48FB-80E1-FF375B755EB0}" = lport=50889 | protocol=6 | dir=in | name=akamai netsession interface |

"{907D8D1C-E19B-45A8-97A1-3077991584F4}" = lport=49835 | protocol=6 | dir=in | name=akamai netsession interface |

"{92AA9F57-95FE-473E-B5AD-825624D6B4AD}" = lport=50663 | protocol=6 | dir=in | name=akamai netsession interface |

"{93DD8785-6C84-4FCB-B98A-C82A0083E3B6}" = lport=54287 | protocol=6 | dir=in | name=akamai netsession interface |

"{946CDE64-36CB-4262-B799-5D2A54F875EC}" = lport=49452 | protocol=6 | dir=in | name=akamai netsession interface |

"{94F2B5FB-FE8D-4518-9FBC-926E9852B982}" = lport=65329 | protocol=6 | dir=in | name=akamai netsession interface |

"{96DD5984-6013-4776-A183-C95ADEA4C87E}" = lport=50430 | protocol=6 | dir=in | name=akamai netsession interface |

"{97A74E71-8D3D-4DEF-9DD2-EC7ECFDA5417}" = lport=50420 | protocol=6 | dir=in | name=akamai netsession interface |

"{97AF6046-7817-4D57-A389-58A4A9585861}" = lport=59433 | protocol=6 | dir=in | name=akamai netsession interface |

"{984C01AE-F249-4939-B31D-BF573AD98F58}" = lport=50137 | protocol=6 | dir=in | name=akamai netsession interface |

"{99855BF3-7035-4AC6-B74C-EA37601DBD6B}" = lport=49869 | protocol=6 | dir=in | name=akamai netsession interface |

"{9A942B92-76D9-4B03-8E50-516A87C9A3A0}" = lport=51086 | protocol=6 | dir=in | name=akamai netsession interface |

"{9C2BADE6-0DCE-4843-B92F-D3A9F63C1CA9}" = lport=52130 | protocol=6 | dir=in | name=akamai netsession interface |

"{9C3B1071-0447-4675-8F43-1BF125F3F01C}" = lport=49699 | protocol=6 | dir=in | name=akamai netsession interface |

"{9E76CB7D-4655-4080-B4AD-7F15C9B59535}" = lport=50736 | protocol=6 | dir=in | name=akamai netsession interface |

"{9F020646-3E8D-4DC9-9B29-81A37561B1D0}" = lport=50153 | protocol=6 | dir=in | name=akamai netsession interface |

"{9FF07C37-ACC2-49C7-A670-6084269C525E}" = lport=50452 | protocol=6 | dir=in | name=akamai netsession interface |

"{A0404ED6-A4EE-42D3-8531-85E82523B114}" = lport=49983 | protocol=6 | dir=in | name=akamai netsession interface |

"{A0460FB2-77E7-46BB-80CA-F4103C2E750B}" = lport=49783 | protocol=6 | dir=in | name=akamai netsession interface |

"{A1A3475B-592A-439B-9B38-F6A0DA86E77A}" = lport=49449 | protocol=6 | dir=in | name=akamai netsession interface |

"{A23FED31-D4BC-45D3-A898-5D7E944E5043}" = lport=50215 | protocol=6 | dir=in | name=akamai netsession interface |

"{A24E5614-3BA6-46BA-8BDF-31FBF6F952AB}" = lport=50979 | protocol=6 | dir=in | name=akamai netsession interface |

"{A2E30588-505F-4125-B526-12BC78D185EF}" = lport=52745 | protocol=6 | dir=in | name=akamai netsession interface |

"{A3CBC608-AAFB-4332-886D-E5A9A3F4E861}" = rport=137 | protocol=17 | dir=out | app=system |

"{A4448BFB-11DE-412B-B34B-372288E80A6C}" = lport=50521 | protocol=6 | dir=in | name=akamai netsession interface |

"{A54DA432-D487-4C59-A4BC-BA861CEBDD57}" = lport=50219 | protocol=6 | dir=in | name=akamai netsession interface |

"{A5C4996B-0B24-4987-BE11-29E0E4E4D5EF}" = lport=50106 | protocol=6 | dir=in | name=akamai netsession interface |

"{A711D0F8-ED1D-40E2-83DF-D99CC7C29913}" = lport=49571 | protocol=6 | dir=in | name=akamai netsession interface |

"{A85004D4-CDFF-45C4-A398-B325D3E9823F}" = lport=49170 | protocol=6 | dir=in | name=akamai netsession interface |

"{A8A0FCF6-1C9D-4545-9D64-ECE2FD39713D}" = lport=58812 | protocol=6 | dir=in | name=akamai netsession interface |

"{A8B34369-C31C-468C-A111-C3F0CF6D584C}" = lport=55425 | protocol=6 | dir=in | name=akamai netsession interface |

"{A8E84921-0B15-465D-AD8B-2EBAF5FC53F3}" = lport=50594 | protocol=6 | dir=in | name=akamai netsession interface |

"{A958EBCC-615D-43C0-97E8-3DF6523B3DBE}" = lport=54164 | protocol=6 | dir=in | name=akamai netsession interface |

"{A9A1D84D-293F-49D5-8B01-7B649178643C}" = lport=50633 | protocol=6 | dir=in | name=akamai netsession interface |

"{A9CDEB0E-73A1-4637-B650-4D2B4E67D3F0}" = lport=55910 | protocol=6 | dir=in | name=akamai netsession interface |

"{AA811AE6-4B05-40B7-95A8-A07E0F53F663}" = lport=49211 | protocol=6 | dir=in | name=akamai netsession interface |

"{AAB7498F-1F52-477B-A13F-E5E7548786BC}" = rport=139 | protocol=6 | dir=out | app=system |

"{ABEF1E48-D3B6-46D0-ACA2-EEBE5F5CA39F}" = lport=50853 | protocol=6 | dir=in | name=akamai netsession interface |

"{ACAB7E7A-298C-44BD-8B41-17ADC341B84C}" = lport=49592 | protocol=6 | dir=in | name=akamai netsession interface |

"{ACBA962B-F954-4481-8229-6FD97CBB596D}" = lport=49610 | protocol=6 | dir=in | name=akamai netsession interface |

"{AD2B6D5C-A627-4DC1-92E5-D01C305431F0}" = lport=50169 | protocol=6 | dir=in | name=akamai netsession interface |

"{AD4274F1-326E-4327-9F7C-ADC4669CA824}" = lport=49749 | protocol=6 | dir=in | name=akamai netsession interface |

"{AD517DFD-3CDC-4009-BA45-5593A4421C81}" = lport=49620 | protocol=6 | dir=in | name=akamai netsession interface |

"{AE6D6B1B-F8E9-47AD-8206-A09FEC9D5D79}" = lport=49368 | protocol=6 | dir=in | name=akamai netsession interface |

"{AED431EA-A94C-4E0B-B134-D6516B1322BE}" = lport=49625 | protocol=6 | dir=in | name=akamai netsession interface |

"{B14B9399-DE4B-4925-97DF-A85F471B7043}" = lport=50059 | protocol=6 | dir=in | name=akamai netsession interface |

"{B1AFC536-0834-466E-8DF9-8DFFD932C208}" = lport=53226 | protocol=6 | dir=in | name=akamai netsession interface |

"{B1D0044F-0707-4DBF-91B6-82F1BDF034A4}" = lport=50201 | protocol=6 | dir=in | name=akamai netsession interface |

"{B1D5A86B-D83F-43CD-B448-DA080E90F68C}" = lport=50234 | protocol=6 | dir=in | name=akamai netsession interface |

"{B1FC1B40-8B87-4010-8567-8FEE6CC76448}" = lport=49259 | protocol=6 | dir=in | name=akamai netsession interface |

"{B2B5FE76-9FBC-4D14-92F2-8BFB69697F36}" = lport=55410 | protocol=6 | dir=in | name=akamai netsession interface |

"{B2ED32B2-C3E3-41EA-B555-0C66A50871DF}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |

"{B2F68EE9-7072-4F58-845D-EAAD9ABA4D17}" = lport=49419 | protocol=6 | dir=in | name=akamai netsession interface |

"{B314EFAC-B4A3-4F8E-A684-E51596663C9B}" = lport=58432 | protocol=6 | dir=in | name=akamai netsession interface |

"{B335CD1D-7F1D-41DD-BF22-5BD922B15224}" = lport=49483 | protocol=6 | dir=in | name=akamai netsession interface |

"{B3580D34-FEF4-4CEB-95F8-D97E7A208D2E}" = lport=49341 | protocol=6 | dir=in | name=akamai netsession interface |

"{B3D3A66F-C282-4E82-A3D2-5A2A436A858F}" = lport=49775 | protocol=6 | dir=in | name=akamai netsession interface |

"{B4B2B076-7EB3-44EC-A251-A91938AED5C7}" = lport=49757 | protocol=6 | dir=in | name=akamai netsession interface |

"{B5E3C68F-8782-4257-9115-E271FAA6D3E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B68E2349-4D41-49B2-911E-F65A1EA32038}" = lport=49255 | protocol=6 | dir=in | name=akamai netsession interface |

"{B716B982-E560-4CB3-B4E0-01C5E02482A0}" = lport=49186 | protocol=6 | dir=in | name=akamai netsession interface |

"{B766D66D-F836-4AFC-9437-F6197E1C889A}" = lport=50434 | protocol=6 | dir=in | name=akamai netsession interface |

"{B7CFED3F-0FC4-4610-A033-224E5E7089A7}" = lport=50384 | protocol=6 | dir=in | name=akamai netsession interface |

"{B90D1F12-541A-4293-BB7D-26E755FB5020}" = lport=51145 | protocol=6 | dir=in | name=akamai netsession interface |

"{B971A64C-5851-4FA8-A882-23F8737AABB2}" = lport=50242 | protocol=6 | dir=in | name=akamai netsession interface |

"{B9FABE6D-B134-4A04-94D5-602B8066100B}" = lport=49491 | protocol=6 | dir=in | name=akamai netsession interface |

"{BA07D660-A4C8-45FC-A52A-A036EBBB214A}" = lport=50047 | protocol=6 | dir=in | name=akamai netsession interface |

"{BAF9070A-461F-4DD8-B0CB-6369DCEFA505}" = lport=49920 | protocol=6 | dir=in | name=akamai netsession interface |

"{BBB9C3B2-1882-4E87-B69F-A7CBAE775280}" = lport=51633 | protocol=6 | dir=in | name=akamai netsession interface |

"{BBCCECC0-CA44-4903-9707-7E36668F1777}" = lport=49878 | protocol=6 | dir=in | name=akamai netsession interface |

"{BC698DC0-0B6D-41EB-B5F6-7C613CB850F4}" = lport=49901 | protocol=6 | dir=in | name=akamai netsession interface |

"{BC77F4F9-6E6A-4536-9C92-F6985D3AE7CE}" = lport=50247 | protocol=6 | dir=in | name=akamai netsession interface |

"{BCA3E7A2-C877-4169-BF6F-EE5C39D1406E}" = lport=49688 | protocol=6 | dir=in | name=akamai netsession interface |

"{BCDF0E69-D750-4430-BFF1-FC53B8634FBD}" = lport=49477 | protocol=6 | dir=in | name=akamai netsession interface |

"{BD691216-E084-4BE9-8121-93D3809EBCEB}" = lport=50297 | protocol=6 | dir=in | name=akamai netsession interface |

"{BDF85BD8-172D-4EAC-8C25-DDAD71879D39}" = lport=52182 | protocol=6 | dir=in | name=akamai netsession interface |

"{BE0380EA-3C95-4436-9666-C3FEE18C6F58}" = lport=49517 | protocol=6 | dir=in | name=akamai netsession interface |

"{BEBB0B9B-9FFF-4E77-A5A2-0CDA02D4269D}" = lport=58323 | protocol=6 | dir=in | name=akamai netsession interface |

"{BF09452F-4D60-4B67-AA1F-62FF0529FE19}" = lport=50488 | protocol=6 | dir=in | name=akamai netsession interface |

"{BF7594C2-FE2C-455D-BC55-BC17801C12DF}" = lport=50365 | protocol=6 | dir=in | name=akamai netsession interface |

"{BFCA0261-9E62-42C3-BBB7-C9324DB573C6}" = lport=49240 | protocol=6 | dir=in | name=akamai netsession interface |

"{C012532E-F21D-4708-819B-189759200656}" = lport=49264 | protocol=6 | dir=in | name=akamai netsession interface |

"{C215678F-5968-4EFB-A441-446C52473320}" = lport=50081 | protocol=6 | dir=in | name=akamai netsession interface |

"{C28F2D32-AC45-4E5B-AEE0-434CC829CC53}" = lport=49930 | protocol=6 | dir=in | name=akamai netsession interface |

"{C2B45E84-2B05-4019-8698-A520894F3847}" = lport=55455 | protocol=6 | dir=in | name=akamai netsession interface |

"{C2B9DB87-81F3-469F-A288-C2003308C6F2}" = lport=55345 | protocol=6 | dir=in | name=akamai netsession interface |

"{C2F7858B-831C-41D5-A3B6-00EEE390E891}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{C3C5FAD3-7B4F-4AEA-BCD3-945FA3B5FBCD}" = lport=52897 | protocol=6 | dir=in | name=akamai netsession interface |

"{C4212920-B39F-4BE0-A448-30CD99D8C322}" = lport=57621 | protocol=6 | dir=in | name=akamai netsession interface |

"{C42B56AF-3943-434A-A881-C929E79E8F98}" = lport=52259 | protocol=6 | dir=in | name=akamai netsession interface |

"{C4AD4814-6383-4EF9-B43A-183D7DF7EB94}" = lport=52760 | protocol=6 | dir=in | name=akamai netsession interface |

"{C5394792-100B-492D-8048-D59E3F9E1E15}" = lport=50121 | protocol=6 | dir=in | name=akamai netsession interface |

"{C559E611-4A14-4760-B524-D4C0B2D8B06A}" = lport=49474 | protocol=6 | dir=in | name=akamai netsession interface |

"{C5868FAB-43C7-4AC3-BA28-BE161C28B5EA}" = lport=50180 | protocol=6 | dir=in | name=akamai netsession interface |

"{C5C85BEF-89A8-4F10-8340-188F157E7F43}" = lport=57300 | protocol=6 | dir=in | name=akamai netsession interface |

"{C6C62BE1-E5D4-4E9E-8393-7F6A00A5A0DD}" = lport=49229 | protocol=6 | dir=in | name=akamai netsession interface |

"{C707D439-D0F6-4172-A118-700DC9E53E75}" = lport=57728 | protocol=6 | dir=in | name=akamai netsession interface |

"{C73B6ED5-EB38-497B-82E2-C44F1130E2F7}" = lport=49257 | protocol=6 | dir=in | name=akamai netsession interface |

"{C7FBD00B-990F-4F52-A356-77300205FEF4}" = lport=50411 | protocol=6 | dir=in | name=akamai netsession interface |

"{C8BF472B-1746-41E4-AA5C-1B38E2CFA686}" = lport=55647 | protocol=6 | dir=in | name=akamai netsession interface |

"{C93CDE23-FDE0-4A66-A0F9-3C3351AE3E04}" = lport=49706 | protocol=6 | dir=in | name=akamai netsession interface |

"{C95B285A-AEC4-4B0F-B6F4-0B71B1FD54B4}" = lport=53233 | protocol=6 | dir=in | name=akamai netsession interface |

"{C9C0460A-A375-4643-84F6-26BF179E5B3A}" = lport=53851 | protocol=6 | dir=in | name=akamai netsession interface |

"{CA7F8747-CAAC-4B5D-BBB4-EDF9CE822F43}" = lport=49865 | protocol=6 | dir=in | name=akamai netsession interface |

"{CAF06E10-3E91-424B-B850-E90D508303F2}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface |

"{CB34C246-7EA4-4228-83C1-920BA5ECBBF1}" = lport=50431 | protocol=6 | dir=in | name=akamai netsession interface |

Edited December 30, 2011 by Newtothis

Newtothis · December 30, 2011

OTL REPORT 1

"{CBB95802-7148-43AD-A064-7B8612B15129}" = lport=50018 | protocol=6 | dir=in | name=akamai netsession interface |

"{CBD15B9E-3AE8-4C68-B1A1-595921687CB1}" = lport=49946 | protocol=6 | dir=in | name=akamai netsession interface |

"{CBEF7F14-FEC2-4FB4-975C-2770F9588246}" = lport=52628 | protocol=6 | dir=in | name=akamai netsession interface |

"{CC5ED611-EC19-4279-BAB0-7D08177D4FC5}" = lport=50647 | protocol=6 | dir=in | name=akamai netsession interface |

"{CD39D5D1-2E1D-4222-9101-E15AE5466471}" = lport=50894 | protocol=6 | dir=in | name=akamai netsession interface |

"{CD844FD1-BAF5-40B1-A70B-DB3BD71CFB2A}" = lport=49209 | protocol=6 | dir=in | name=akamai netsession interface |

"{CD995A89-2829-4D29-A556-239104C2EA85}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface |

"{CD9A2F11-7A5F-436E-A575-E52BAFE44B91}" = lport=49258 | protocol=6 | dir=in | name=akamai netsession interface |

"{CDCD812C-4BD4-4B21-91D8-A5F923D76B42}" = lport=50549 | protocol=6 | dir=in | name=akamai netsession interface |

"{CF0C26A7-BDD4-4C40-B6B8-D3EEE1FFFB99}" = lport=50935 | protocol=6 | dir=in | name=akamai netsession interface |

"{CF9754AD-FD57-4A4D-82E1-D84141E2ACFB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{CF97D624-979C-48D1-BA40-1F73336103F6}" = lport=50404 | protocol=6 | dir=in | name=akamai netsession interface |

"{CFD1500C-A384-4612-B298-B0242F7632D2}" = lport=49465 | protocol=6 | dir=in | name=akamai netsession interface |

"{D014EC55-8B95-4EA6-8C83-BAEE143AE749}" = lport=50048 | protocol=6 | dir=in | name=akamai netsession interface |

"{D07437F7-C282-4CE5-8954-474101084661}" = lport=54824 | protocol=6 | dir=in | name=akamai netsession interface |

"{D0AF740C-C285-4761-8C10-AD5489D4DE0B}" = lport=50154 | protocol=6 | dir=in | name=akamai netsession interface |

"{D1133F3C-CAA3-4971-AB09-1866394013FB}" = lport=55664 | protocol=6 | dir=in | name=akamai netsession interface |

"{D246A6C6-EDF9-4E24-B58C-ED157DCA1FDC}" = lport=61966 | protocol=6 | dir=in | name=akamai netsession interface |

"{D25584DF-543C-43D5-97ED-D39CCA4607CF}" = lport=49555 | protocol=6 | dir=in | name=akamai netsession interface |

"{D2863085-C152-4C0B-A8A1-400307233C2A}" = lport=52655 | protocol=6 | dir=in | name=akamai netsession interface |

"{D2C1D876-CEFF-486C-BB86-7430090E4ACC}" = lport=49390 | protocol=6 | dir=in | name=akamai netsession interface |

"{D3470B19-6BDA-491D-BAEF-D08AE6AB7160}" = lport=49383 | protocol=6 | dir=in | name=akamai netsession interface |

"{D37C76F6-FFB7-400A-ACCF-7B70F7E38E35}" = lport=49239 | protocol=6 | dir=in | name=akamai netsession interface |

"{D3A09D36-1E94-4808-9292-FDEBF5AC5842}" = lport=49473 | protocol=6 | dir=in | name=akamai netsession interface |

"{D42C06D3-71CD-4BC4-BCB5-0AB3E3A144A5}" = lport=51343 | protocol=6 | dir=in | name=akamai netsession interface |

"{D4367707-1D13-4E94-B102-C3A1999F0548}" = lport=49344 | protocol=6 | dir=in | name=akamai netsession interface |

"{D451C0F9-B14A-48A6-8FC2-291D4DB0D8C3}" = lport=50151 | protocol=6 | dir=in | name=akamai netsession interface |

"{D49F35B3-DEE7-46AB-BAEF-3A2C533094AE}" = lport=55575 | protocol=6 | dir=in | name=akamai netsession interface |

"{D5653331-BB29-4CEA-9263-0BE6E7F74CE3}" = lport=49815 | protocol=6 | dir=in | name=akamai netsession interface |

"{D70594D7-3AE5-4DB5-8E51-C767AF0BB30D}" = lport=52049 | protocol=6 | dir=in | name=akamai netsession interface |

"{D7D2A197-AD40-4C2F-AB9A-2ABFCB794774}" = lport=49486 | protocol=6 | dir=in | name=akamai netsession interface |

"{D7D97881-1097-4163-8CE4-1A43CC6CEC6A}" = lport=49884 | protocol=6 | dir=in | name=akamai netsession interface |

"{D8242EF1-E0CF-4F06-B6A5-43466342CA56}" = lport=50554 | protocol=6 | dir=in | name=akamai netsession interface |

"{D87FE239-99BC-423E-ABF8-ECDD33EAC58D}" = lport=55377 | protocol=6 | dir=in | name=akamai netsession interface |

"{D8B195EC-9345-4572-ACDA-2C1DCD1C3C1D}" = lport=51667 | protocol=6 | dir=in | name=akamai netsession interface |

"{D974487C-0A41-49EA-A957-1B5944E4AE93}" = lport=53831 | protocol=6 | dir=in | name=akamai netsession interface |

"{D9CA38C5-9A9A-4280-A003-6D7C57AB3353}" = lport=49467 | protocol=6 | dir=in | name=akamai netsession interface |

"{DBE8E131-49E9-4829-BCC1-143D57C8CD08}" = lport=51731 | protocol=6 | dir=in | name=akamai netsession interface |

"{DC4EC23A-4CE0-4BF5-A5A6-90EAEBAF26BD}" = lport=49615 | protocol=6 | dir=in | name=akamai netsession interface |

"{DC7B1940-9364-4B73-8A55-DBAC64E80382}" = lport=54697 | protocol=6 | dir=in | name=akamai netsession interface |

"{DCAD1E1C-42D2-463B-A6BC-AFD57D1F833C}" = rport=445 | protocol=6 | dir=out | app=system |

"{DCBA3448-5203-4530-97F5-8EBCD2359E2A}" = lport=53236 | protocol=6 | dir=in | name=akamai netsession interface |

"{DD6C3F99-DDCC-4415-BEDE-01418C011FA1}" = lport=51611 | protocol=6 | dir=in | name=akamai netsession interface |

"{DE828440-BC1F-47BA-ABB9-57F90244F410}" = lport=52816 | protocol=6 | dir=in | name=akamai netsession interface |

"{DE9C31A5-0EF8-40B6-96CA-21BE7EF1DEE4}" = lport=49607 | protocol=6 | dir=in | name=akamai netsession interface |

"{DED12901-65FF-4ABF-8021-8CCD7A7D98E1}" = lport=49643 | protocol=6 | dir=in | name=akamai netsession interface |

"{DF0352F0-5535-44B3-9AD7-D8F34EDDFF6C}" = lport=49271 | protocol=6 | dir=in | name=akamai netsession interface |

"{DFA571C7-2522-4D31-9AB1-1AF631303E87}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |

"{E017CEB2-849E-4489-9CAF-EB9A391AAC81}" = lport=50604 | protocol=6 | dir=in | name=akamai netsession interface |

"{E0F94728-D137-4C67-8A44-78C41CCFB4B1}" = lport=49522 | protocol=6 | dir=in | name=akamai netsession interface |

"{E1649088-7A66-4801-8098-A1B93A20DE94}" = lport=50469 | protocol=6 | dir=in | name=akamai netsession interface |

"{E1FC796B-6921-42BD-BEFB-0D62B876FCD5}" = lport=56390 | protocol=6 | dir=in | name=akamai netsession interface |

"{E3905AB0-9EDE-4DAB-854F-E8BC18489B6B}" = lport=49736 | protocol=6 | dir=in | name=akamai netsession interface |

"{E3F0AFF4-6F41-4B36-BCA3-A0BCC6A01CCD}" = lport=63015 | protocol=6 | dir=in | name=akamai netsession interface |

"{E4E262CE-4579-4209-A019-1811E0A79306}" = lport=51176 | protocol=6 | dir=in | name=akamai netsession interface |

"{E5994E4A-FD4E-430C-9963-B377D1F4F877}" = lport=51497 | protocol=6 | dir=in | name=akamai netsession interface |

"{E7E02B37-9C13-457F-A725-442F48B40305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{E7FC6268-45F2-44C0-9412-A38C34E2FCEE}" = lport=50643 | protocol=6 | dir=in | name=akamai netsession interface |

"{E8644D57-4F95-45DB-964E-900C15A5EA65}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E8E4B75B-4DEB-4DF1-8EC6-F62A3C02CBF6}" = lport=56308 | protocol=6 | dir=in | name=akamai netsession interface |

"{E93354ED-7929-4961-AD0D-06EE2667CF08}" = lport=59734 | protocol=6 | dir=in | name=akamai netsession interface |

"{E9FE52F9-11DC-4E9A-8966-B2754A993AA4}" = lport=50241 | protocol=6 | dir=in | name=akamai netsession interface |

"{EA0E1FE9-EAFE-4022-997C-A620BEA38EA1}" = lport=58329 | protocol=6 | dir=in | name=akamai netsession interface |

"{EA27839A-3CF3-4BCF-9FB9-DEFC743B1B25}" = lport=63016 | protocol=6 | dir=in | name=akamai netsession interface |

"{EA3B8A9B-354C-42B7-93F3-ACBEC6C0979A}" = lport=52912 | protocol=6 | dir=in | name=akamai netsession interface |

"{EAB2FBB1-0A8A-4DB9-8D6A-62B8AC6F349F}" = lport=49801 | protocol=6 | dir=in | name=akamai netsession interface |

"{EACD531F-3A67-45A6-9FCC-5011DCA36E25}" = lport=49450 | protocol=6 | dir=in | name=akamai netsession interface |

"{EB43E8BD-21E1-459A-B946-FC006B8E431A}" = lport=49996 | protocol=6 | dir=in | name=akamai netsession interface |

"{EBD80F6C-EF89-4229-9D76-B1FEBC1F5DD1}" = lport=49776 | protocol=6 | dir=in | name=akamai netsession interface |

"{EC2B9A04-393F-4B1B-8C57-F66E7C02F6B4}" = lport=50922 | protocol=6 | dir=in | name=akamai netsession interface |

"{EC4FE7EE-B718-4DA2-BABF-B3ECD9AE00EC}" = lport=50108 | protocol=6 | dir=in | name=akamai netsession interface |

"{EC96DB91-2226-48B1-8960-2D34AF7C29F6}" = lport=49640 | protocol=6 | dir=in | name=akamai netsession interface |

"{ECF249E1-A88E-4BA2-A4D3-85383F48D524}" = lport=51183 | protocol=6 | dir=in | name=akamai netsession interface |

"{ED23AACE-C546-4163-8512-53137FAAD735}" = lport=50445 | protocol=6 | dir=in | name=akamai netsession interface |

"{ED5C3EBA-DC6D-4638-BDA1-C6C5C31CA9CD}" = lport=65310 | protocol=6 | dir=in | name=akamai netsession interface |

"{EDB678C4-380A-4F2B-9799-B3F43AA06391}" = lport=50464 | protocol=6 | dir=in | name=akamai netsession interface |

"{EDB9AF3B-B099-40E9-A999-33F933D27968}" = lport=49964 | protocol=6 | dir=in | name=akamai netsession interface |

"{EF367E70-5D51-4079-B34C-1F5326EC4526}" = lport=51127 | protocol=6 | dir=in | name=akamai netsession interface |

"{EF3DBF32-100A-4112-8F63-6F20DD349F61}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F0241536-55CF-49BD-B178-D8BA5080EB8F}" = lport=49272 | protocol=6 | dir=in | name=akamai netsession interface |

"{F0DC5D80-6727-4D33-870E-60371DA35026}" = lport=50577 | protocol=6 | dir=in | name=akamai netsession interface |

"{F1615DA2-FB83-4854-A76C-047CB5FBA9BF}" = lport=52371 | protocol=6 | dir=in | name=akamai netsession interface |

"{F1741626-A57C-45ED-83C0-5516FA29CFF3}" = lport=49828 | protocol=6 | dir=in | name=akamai netsession interface |

"{F1BBBBC0-8F0A-420B-9280-4ED7B9AD4B09}" = lport=49908 | protocol=6 | dir=in | name=akamai netsession interface |

"{F261A5EB-2EDC-4C65-99C8-A7C109130226}" = lport=49207 | protocol=6 | dir=in | name=akamai netsession interface |

"{F2C0188D-F32F-4B42-8049-CE7A032D1209}" = lport=50847 | protocol=6 | dir=in | name=akamai netsession interface |

"{F2DEB93A-6038-4BF1-A2D5-19EF77F776C2}" = lport=49942 | protocol=6 | dir=in | name=akamai netsession interface |

"{F3024C2F-5998-4C82-B967-1F1C3149718E}" = lport=51477 | protocol=6 | dir=in | name=akamai netsession interface |

"{F349AEDB-0C8E-45EC-BE0E-BE3235301876}" = lport=9420 | protocol=6 | dir=in | name=akamai netsession interface |

"{F3A34119-DF8F-4D51-B0F7-57D15F72948E}" = lport=50803 | protocol=6 | dir=in | name=akamai netsession interface |

"{F461A3DB-EAE7-42AF-A456-35DF7858BC0E}" = lport=49188 | protocol=6 | dir=in | name=akamai netsession interface |

"{F51587CB-AB2B-475B-B8BE-B535C970E05F}" = lport=51238 | protocol=6 | dir=in | name=akamai netsession interface |

"{F5D4B9C3-92B7-4A39-8163-6F7D7543E6F7}" = lport=52380 | protocol=6 | dir=in | name=akamai netsession interface |

"{F6A385B9-CF1D-4EB8-962E-542D90CB57B7}" = lport=49597 | protocol=6 | dir=in | name=akamai netsession interface |

"{F6C320AC-EB35-4381-B0DE-3A7D3D13D1E2}" = lport=49222 | protocol=6 | dir=in | name=akamai netsession interface |

"{F6C68785-5857-424B-80E7-4AA9D3D85F60}" = lport=49634 | protocol=6 | dir=in | name=akamai netsession interface |

"{F70DFC60-BE62-45A8-B370-2D37EA1DD446}" = lport=51626 | protocol=6 | dir=in | name=akamai netsession interface |

"{F74A5975-C05F-426E-97F9-63638AEAE684}" = lport=49178 | protocol=6 | dir=in | name=akamai netsession interface |

"{F7BD217F-734B-4946-8962-FA7ED1651D90}" = lport=49636 | protocol=6 | dir=in | name=akamai netsession interface |

"{F7DC7722-FD0A-4347-8E44-4248F18F169F}" = lport=59203 | protocol=6 | dir=in | name=akamai netsession interface |

"{F80E9537-0677-44F4-9E3F-EB163EAFA2EF}" = lport=49288 | protocol=6 | dir=in | name=akamai netsession interface |

"{F84E8194-035C-4205-91AF-671EDA813316}" = lport=51149 | protocol=6 | dir=in | name=akamai netsession interface |

"{F851FE7E-9046-40B4-ACE3-DB26E00FB283}" = lport=63690 | protocol=6 | dir=in | name=akamai netsession interface |

"{F88CE139-062E-4524-80CA-C1BCA826578B}" = lport=64187 | protocol=6 | dir=in | name=akamai netsession interface |

"{F906642B-D698-4A69-93F3-0A097E9B82B2}" = lport=51373 | protocol=6 | dir=in | name=akamai netsession interface |

"{FAA91F45-BCB8-4CE9-A6C1-EEA672527EE6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{FAD42821-EEA6-4053-991D-0C0D065B5E93}" = lport=50462 | protocol=6 | dir=in | name=akamai netsession interface |

"{FB0567C6-B45A-432B-942A-8662FD4B7F6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{FB3FE3CB-4ED8-4723-9E21-57D46B7DBA97}" = lport=52376 | protocol=6 | dir=in | name=akamai netsession interface |

"{FB8A2CEE-68D4-49EF-BEF0-A026ECDAB88F}" = lport=50235 | protocol=6 | dir=in | name=akamai netsession interface |

"{FC378828-AD76-42B5-BC8D-39CF38B9DC23}" = lport=49412 | protocol=6 | dir=in | name=akamai netsession interface |

"{FCDFEAB0-CABD-4357-B2B0-3A46999DE650}" = lport=50116 | protocol=6 | dir=in | name=akamai netsession interface |

"{FD447FDE-816C-443D-82A6-58A868F21171}" = lport=50681 | protocol=6 | dir=in | name=akamai netsession interface |

"{FD7E4C51-CD98-47D1-93FE-124D70A590D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{FE343FF8-7C7F-4844-B204-00EADCB3F4D5}" = lport=50329 | protocol=6 | dir=in | name=akamai netsession interface |

"{FF29DF3D-6261-44A6-9D58-C833E721C2A3}" = lport=50782 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07021918-07A8-4635-B305-8EE50BFAD7AB}" = protocol=6 | dir=out | app=system |

"{07F07D2F-69CD-4E12-B500-85753D0F807D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{0C97E6C3-A5EA-4C23-9998-63F38D1C8E04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{0CB2D15F-F1D9-46C6-B082-D201852EB74A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{177439B1-7CBF-469A-B194-31C28EB8DBCA}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |

"{1A9CAD89-CED9-4B17-8482-CD455D111E08}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |

"{1B59F56D-5F1A-4EB9-A2B3-5FF7CD8F2421}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{1EC600BE-4E00-41D6-A775-6CB820AFB65B}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |

"{2F1640A8-653E-444D-8D88-D0B9451B4FE1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{37459FCF-6309-41F4-8E0A-9109D3FDFC08}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{392179F4-9CD0-487E-85F5-E7D70E1338E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{3E89E0D6-7B66-42C8-BB16-40049CE654D6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{41138DB4-BBCD-4BAF-945B-861C95B0DDE9}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |

"{438D45EE-F09A-44DF-9437-E377566760C1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{47E98F7A-19D8-4A13-9F1F-449D71711283}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{502EFF59-9E4F-450A-A05D-483FA9C7B53A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{50ABB4F2-91A0-48EA-9D49-2BF92098D4C3}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |

"{6388985F-305B-493F-8E6D-21C268C1BE75}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{6B98F122-2540-4D31-A0A0-14728B138D90}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{6C255D20-482D-4185-9F4C-C50418209D9C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{6D7DF09B-3848-4818-9DB8-2A4A73F05386}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{71F13983-FF90-4767-B59F-F5E343358430}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{72188814-B137-4A14-980F-5B68B5C87E80}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{765F3AAC-5DD1-4E0F-9074-4CB46893AAEB}" = protocol=17 | dir=in | app=c:\users\hasan\appdata\local\temp\purplebean.exe |

"{7FDD6265-1E31-43E1-A505-95806EFCDBF3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{83C47873-E4F0-4AC6-B85E-954157501FD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{85B6BC09-C301-4F87-B2EC-61AB74629BFB}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |

"{89F06251-8125-4913-9730-EA0D7CBBE982}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8D5654BF-F206-4169-BA9B-B74767195CDD}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |

"{926A86AD-16B1-4A52-949E-A96A4F1E33F8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{94C63367-35C4-4305-A531-D6FA8FE982CC}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |

"{9FFE6E09-8B0A-4D54-AFA7-8F118F9F298B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A2D6EE22-3F1C-43EB-9FFC-66B659835CA4}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |

"{A54BD73B-1AC6-48FC-9589-3E5CAEBB53FD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{A961456F-312F-4EEF-9849-7170BDABFA23}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{AAF48065-8A21-4FE7-A6EF-BDFADC1A8E9E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{AF6DAB12-6B8E-421D-8F02-ED96EC2AF652}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |

"{B09B0D5D-BCA4-4D9D-86DA-5EF71E64EC1A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{B09CC2D2-B493-4E32-BD73-A33032246D46}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |

"{B3336090-DC01-4F41-89D4-D42D9D2A2D60}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |

"{B76C3789-478B-488D-9B58-53AA9A8D8EAF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{B7C8BB0F-93BB-4502-8D71-DCA850FE01A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{BA35B6A4-06F4-4C74-9E14-FE7F6350055F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |

"{C210E5AD-AA23-4BA3-9F79-D6CC4BC73DA9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{C4348CFE-FEA9-4C6F-BEF7-2B86A8E03EF2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{C5B7FC09-C3F9-4A73-B065-BD79DCC2C97C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{C615D263-BA8C-4F33-9B50-8CF25F8C5B26}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{CDE44F96-65C2-4929-A2C3-AD0D6E20C5E1}" = protocol=6 | dir=in | app=c:\users\hasan\appdata\local\temp\purplebean.exe |

"{D0A57953-7249-477B-89AE-8A441E899AD7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{D63514EA-8439-40E5-ACBF-A04EFF9AF584}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{D72A6764-2F2E-46F0-9979-83351885A495}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{D8E82CE0-DAB8-4314-8AD5-95DA6F1A7437}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |

"{DE183C67-06D2-4ABF-9006-450A70088FEE}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |

"{E74C1006-5449-4245-ADE4-5CB6F4B8C4D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{EC7037B4-8416-4CF4-8ACD-AA0384297A9F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{EC96CB48-EDC4-4FC2-A2B5-BC61628DEF9A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{EE64F247-36FE-44C3-9295-E89138A26EF2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{F3A8AB92-9957-408E-89EF-1A772F3C16AC}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |

"{F96310B4-05DC-4DEC-A18C-DFC0B0C05B15}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |

"TCP Query User{075544F8-50F7-4D28-8CC8-4DBE6096AA9D}C:\ijji\english\u_skid.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_skid.exe |

"TCP Query User{0EE3C4B3-1869-4C59-98EA-290B6C2EDFC9}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"TCP Query User{0FE53325-68A4-4BE3-AB87-051FF4D3AAEA}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |

"TCP Query User{18D3FF11-5F7C-4164-8D42-EE5D9A1FC89E}C:\users\hasan\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\hasan\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{221D6EF5-B6C2-4BD1-BD4A-293AECACDC10}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{278F72F7-AF54-4065-BAC4-E2AFB73564A4}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |

"TCP Query User{27FBD0BE-B4AE-4332-8CC9-1F2D061F8918}C:\program files\savage 2 - a tortured soul\savage2.exe" = protocol=6 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |

"TCP Query User{32C0B399-567F-4220-A5D4-C4AAB0BEEA1F}C:\users\hasan\documents\1.exe" = protocol=6 | dir=in | app=c:\users\hasan\documents\1.exe |

"TCP Query User{3BDC0381-5905-46D2-87D7-5144B8CA0F08}C:\users\hasan\documents\quake3.exe" = protocol=6 | dir=in | app=c:\users\hasan\documents\quake3.exe |

"TCP Query User{3F203271-C348-4A8A-9192-E2EDDD6FB863}C:\users\hasan\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\hasan\program files\dna\btdna.exe |

"TCP Query User{4955B487-1F48-4FF6-A70E-857E06DAC553}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |

"TCP Query User{4B31BC0D-8B9A-4432-8E9F-8F4852CA24CA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"TCP Query User{578DF05C-1760-481C-A4EC-F47758166206}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{7969B8FF-9C2E-43E5-9D9C-CF7E662A8227}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"TCP Query User{8257B0C2-E542-4614-BBDD-8BF15131F0DE}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"TCP Query User{863D3DD9-E7AC-4D83-9FEB-870C30B125BE}C:\users\hasan\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\hasan\program files\dna\btdna.exe |

"TCP Query User{87E4DA4F-F7AC-4347-B154-35B0C8A09C6A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"TCP Query User{954E1E7C-2A7A-4825-A491-71E868484B8C}C:\users\hasan\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\hasan\downloads\utorrent.exe |

"TCP Query User{B453A14D-C984-4D62-949E-52B70DB49CFF}C:\users\hasan\downloads\emoticon.4.9.exe" = protocol=6 | dir=in | app=c:\users\hasan\downloads\emoticon.4.9.exe |

"TCP Query User{B8671D46-AAFA-45CC-8A27-E97D75A93B85}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

"TCP Query User{E3C6EC62-BC44-4C22-A55B-6579840FCE2A}C:\users\hasan\documents\3.exe" = protocol=6 | dir=in | app=c:\users\hasan\documents\3.exe |

"TCP Query User{EC7A6682-C8FC-45C8-A235-1BEC69DB13FE}C:\downloads\software\utorrent.exe" = protocol=6 | dir=in | app=c:\downloads\software\utorrent.exe |

"TCP Query User{F1A6E0D5-6647-4C12-8ABA-0B94C89CFF7C}C:\programdata\ijjigame\plauncher.exe" = protocol=6 | dir=in | app=c:\programdata\ijjigame\plauncher.exe |

"TCP Query User{F2CA0258-AB9E-4CDF-9850-2DE679AF0767}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"TCP Query User{F7B16929-FE52-48D1-88D0-05BBF20B8C16}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |

"UDP Query User{01DF19EB-B2BD-4E2E-AC3D-195BF099C49A}C:\users\hasan\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\hasan\program files\dna\btdna.exe |

"UDP Query User{1C060524-E148-4F62-9C9C-220B3B31C337}C:\users\hasan\documents\3.exe" = protocol=17 | dir=in | app=c:\users\hasan\documents\3.exe |

"UDP Query User{1E0DA42D-1CB0-4CE9-B53A-14D28560204E}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |

"UDP Query User{2630A941-B381-4302-B014-14DE6C4D0427}C:\users\hasan\documents\quake3.exe" = protocol=17 | dir=in | app=c:\users\hasan\documents\quake3.exe |

"UDP Query User{265D8DF5-FF63-4380-A201-D9A3909D6FA6}C:\users\hasan\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\hasan\program files\dna\btdna.exe |

"UDP Query User{2A984B1B-39F1-44A6-B0D2-25EB443D1A73}C:\programdata\ijjigame\plauncher.exe" = protocol=17 | dir=in | app=c:\programdata\ijjigame\plauncher.exe |

"UDP Query User{34435762-588C-45B3-8145-4FB6C93F6575}C:\users\hasan\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\hasan\downloads\utorrent.exe |

"UDP Query User{34D3F6EA-5B8E-4F98-B565-4C4A0AF35CB6}C:\program files\savage 2 - a tortured soul\savage2.exe" = protocol=17 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |

"UDP Query User{3A91A3EE-102F-4247-8B4A-99247EB3020F}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

"UDP Query User{44883A35-93D7-411F-85CE-70671A3276BD}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"UDP Query User{50DF38D7-CC3B-4143-814B-E03B8AA3C55B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"UDP Query User{5528806B-39C9-40FA-A722-1650C76B35B5}C:\users\hasan\documents\1.exe" = protocol=17 | dir=in | app=c:\users\hasan\documents\1.exe |

"UDP Query User{55ACA815-1F72-409D-92D1-7C435478A953}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"UDP Query User{5D884983-A7E0-446C-9CD5-CFAFCC609DF2}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"UDP Query User{766AECA1-827D-412D-AB9F-4FFC7CC5CFD1}C:\ijji\english\u_skid.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_skid.exe |

"UDP Query User{7948C12A-2357-46A9-8A16-C5433B3289BB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{7BD4AB52-86D6-4126-9501-C1D70CE50A22}C:\downloads\software\utorrent.exe" = protocol=17 | dir=in | app=c:\downloads\software\utorrent.exe |

"UDP Query User{895626E6-F907-4685-8AAF-E2F7C13B8A93}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |

"UDP Query User{8A079E56-9FB6-4518-99DD-7E69334434E9}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"UDP Query User{8A591BD8-34B4-41A6-96FA-E162D5FB2D6A}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

"UDP Query User{A8A01554-FAB8-47AC-BB4B-14CB94446EFE}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |

"UDP Query User{B56F074E-399A-4008-9040-68B039416F94}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{CD06E7F9-B7B0-42A5-94DE-1ADB6B85646A}C:\users\hasan\downloads\emoticon.4.9.exe" = protocol=17 | dir=in | app=c:\users\hasan\downloads\emoticon.4.9.exe |

"UDP Query User{D14B90E7-C67B-462F-B492-5248903EEB68}C:\users\hasan\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\hasan\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{DE1A8C87-5390-4620-887C-E9E428055CB0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484)

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D09E359-0C98-4D93-B6F9-1FF68ED4B27C}" = Nokia Multimedia Player

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15AF6E9C-9169-4A9E-A738-FD28D898091D}" = Iminent

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 30

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{50CCB141-1380-4922-8B21-D62B5233FD0E}" = HD View

"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5EE48155-BD54-46E2-8D81-A57A69726A95}" = SearchTheWeb

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{656A70D4-98FD-41F8-B172-575F60C922BB}" = AVG 2011

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0

"{7C977DE7-EC85-46E1-A7D9-52C04EB52AE6}" = S2 Mobile Modem

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_947" = Adobe Acrobat 9.4.7 - CPSID_83708

"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{C0FB18FC-326C-4D1F-B72B-8C68BC862C9A}" = UKCAT Practice Tests

"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{FA1162AE-AF27-44A9-9C78-0C46BD44D75F}" = AVG 2011

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"525B631E25DA7D8F03CAFCB6E66A95DA0F0B57CB" = Windows Driver Package - Amoi Incorporated (S2usbser) Ports (01/01/2007 2.0.5.0)

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 6.0" = Adobe Photoshop 6.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AVG" = AVG 2011

"AviSynth" = AviSynth 2.5

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2

"BabylonToolbar" = Babylon toolbar on IE

"Bandoo" = Bandoo

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Comodo Dragon" = Comodo Dragon

"COMODO GeekBuddy" = COMODO GeekBuddy

"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"Debut" = Debut Video Capture Software

"DicomWorks 1.3.5b_is1" = DicomWorks 1.3.5b

"EB8470242F68F946AB0A751A9E60217725DCA27F" = Windows Driver Package - Amoi Incorporated (S2usbser) Modem (01/01/2007 2.0.5.0)

"ENTERPRISER" = Microsoft Office Enterprise 2007

"ffdshow_is1" = ffdshow [rev 2202] [2008-10-10]

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 4.2.11

"Free Window Registry Repair" = Free Window Registry Repair

"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9

"Google Updater" = Google Updater

"GoToAssist" = GoToAssist 8.0.0.514

"HDMI" = Intel® Graphics Media Accelerator Driver

"iLivid" = iLivid

"IMBoosterARP" = Iminent

"InstallShield_{0D09E359-0C98-4D93-B6F9-1FF68ED4B27C}" = Nokia Multimedia Player

"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MixPad" = MixPad Audio Mixer

"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)

"NCH Toolbar" = NCH Toolbar

"NetDevil_LEGO_Universe_is1" = LEGO Universe

"Norton PC Checkup" = Norton PC Checkup

"NSS" = Norton Security Scan

"Pidgin" = Pidgin

"PROSetDX" = Intel® PRO Network Connections 12.1.11.0

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"PunkBusterSvc" = PunkBuster Services

"Quake 3 Arena Demo" = Quake 3 Arena Demo

"Recuva" = Recuva

"SearchCore for Browsers" = SearchCore for Browsers

"Searchqu 406 MediaBar" = Windows iLivid Toolbar

"SearchTheWebARP" = SearchTheWeb

"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar

"TomTom HOME" = TomTom HOME

"Uninstall_is1" = Uninstall 1.0.0.1

"Update Engine" = Sony Ericsson Update Engine

"VideoPad" = VideoPad Video Editor

"VLC media player" = VLC media player 1.1.4

"WavePad" = WavePad Sound Editor

"WinLiveSuite" = Windows Live Essentials

"ysexcc" = Favorit

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent DNA" = DNA

"blinkx beat" = blinkx beat

"Dropbox" = Dropbox

"ijji.com" = ijji

"tc08_bbc-GBR_BBC_MAIN" = BBC Mountainbike Challenge 08

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 27/12/2011 10:49:27 | Computer Name = Hasan-PC | Source = Application Error | ID = 1000

Description = Faulting application Photoshop.exe, version 12.0.0.0, time stamp 0x4bbc56b6,

faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception

code 0xc06d007e, fault offset 0x0003fc56, process id 0x1780, application start time

0x01ccc4a6b98f712d.

Error - 27/12/2011 10:51:11 | Computer Name = Hasan-PC | Source = MsiInstaller | ID = 10005

Description =

Error - 27/12/2011 10:51:16 | Computer Name = Hasan-PC | Source = MsiInstaller | ID = 10005

Description =

Error - 27/12/2011 13:07:38 | Computer Name = Hasan-PC | Source = Application Error | ID = 1000

Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp

0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,

exception code 0xc0000142, fault offset 0x00009f7d, process id 0xa08, application

start time 0x01ccc4ba08cb9fb7.

Error - 27/12/2011 15:12:23 | Computer Name = Hasan-PC | Source = Application Error | ID = 1000

Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp

0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,

exception code 0xc0000142, fault offset 0x00009f7d, process id 0xfc0, application

start time 0x01ccc4cb76dbcd27.

Error - 27/12/2011 17:44:04 | Computer Name = Hasan-PC | Source = Application Error | ID = 1000

Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp

0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,

exception code 0xc0000142, fault offset 0x00009f7d, process id 0x1660, application

start time 0x01ccc4e0a70678a7.

Error - 30/12/2011 06:35:08 | Computer Name = Hasan-PC | Source = Windows Search Service | ID = 3038

Description =

Error - 30/12/2011 06:35:11 | Computer Name = Hasan-PC | Source = Windows Search Service | ID = 3028

Description =

Error - 30/12/2011 06:35:11 | Computer Name = Hasan-PC | Source = Windows Search Service | ID = 3058

Description =

Error - 30/12/2011 12:32:24 | Computer Name = Hasan-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.6001.19154 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1194 Start Time: 01ccc70523dadc17 Termination Time: 8

[ OSession Events ]

Error - 31/03/2011 14:39:38 | Computer Name = Hasan-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33

seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/04/2011 17:41:40 | Computer Name = Hasan-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9592

seconds with 2700 seconds of active time. This session ended with a crash.

Error - 07/04/2011 11:22:36 | Computer Name = Hasan-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5613

seconds with 660 seconds of active time. This session ended with a crash.

Error - 08/04/2011 15:22:02 | Computer Name = Hasan-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0

seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/04/2011 17:22:03 | Computer Name = Hasan-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8813

seconds with 7320 seconds of active time. This session ended with a crash.

Error - 30/04/2011 13:24:32 | Computer Name = Hasan-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 6

seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/05/2011 17:15:26 | Computer Name = Hasan-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5

seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/05/2011 17:15:35 | Computer Name = Hasan-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

seconds with 0 seconds of active time. This session ended with a crash.

Error - 26/05/2011 10:41:35 | Computer Name = Hasan-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/05/2011 13:50:39 | Computer Name = Hasan-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 30/12/2011 06:36:10 | Computer Name = Hasan-PC | Source = Service Control Manager | ID = 7023

Description =

Error - 30/12/2011 06:36:10 | Computer Name = Hasan-PC | Source = Service Control Manager | ID = 7003

Description =

Error - 30/12/2011 06:36:10 | Computer Name = Hasan-PC | Source = Service Control Manager | ID = 7003

Description =

Error - 30/12/2011 06:36:10 | Computer Name = Hasan-PC | Source = Service Control Manager | ID = 7024

Description =

Error - 30/12/2011 06:36:10 | Computer Name = Hasan-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 30/12/2011 06:36:10 | Computer Name = Hasan-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 30/12/2011 06:36:10 | Computer Name = Hasan-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 30/12/2011 06:36:10 | Computer Name = Hasan-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 30/12/2011 06:36:17 | Computer Name = Hasan-PC | Source = Service Control Manager | ID = 7032

Description =

Error - 30/12/2011 06:37:43 | Computer Name = Hasan-PC | Source = Service Control Manager | ID = 7009

Description =

< End of report >

Newtothis · December 30, 2011

OTL REPORT 2

OTL logfile created on: 30/12/2011 16:51:25 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hasan\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19154)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 48.19% Memory free

6.20 Gb Paging File | 4.71 Gb Available in Paging File | 75.92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.04 Gb Total Space | 60.71 Gb Free Space | 21.08% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.50 Gb Free Space | 45.02% Space Free | Partition Type: NTFS

Computer Name: HASAN-PC | User Name: Hasan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hasan\Downloads\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)

PRC - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)

PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)

PRC - C:\Users\Hasan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)

PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPS.exe (COMODO)

PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)

PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files\Bandoo\Bandoo.exe (Bandoo Media Inc.)

PRC - C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)

PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()

PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe ()

PRC - C:\Program Files\Iminent\IMBooster\IMBooster.exe (Iminent)

PRC - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)

PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe (Symantec Corporation)

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b88a2bf58d8529fc33f8f3437a7ff06\System.Web.Services.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PhoneUpdate.dll ()

MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()

MOD - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe ()

MOD - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll ()

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files\Iminent\IMBooster\Iminent.Services.dll ()

MOD - C:\Program Files\Iminent\IMBooster\Iminent.Booster.UI.dll ()

MOD - C:\Program Files\Iminent\IMBooster\Iminent.Windows.dll ()

MOD - C:\Program Files\Iminent\IMBooster\Iminent.Workflow.dll ()

MOD - C:\Program Files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll ()

MOD - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\Report.dll ()

MOD - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\VObject.dll ()

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)

SRV - (CLPSLS) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)

SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (Bandoo Coordinator) -- C:\Program Files\Bandoo\Bandoo.exe (Bandoo Media Inc.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (MrHealthyService) -- C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe (Symantec Corporation)

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

========== Driver Services (SafeList) ==========

DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)

DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)

DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (ElRawDisk) -- C:\Windows\System32\drivers\ElRawDsk.sys (EldoS Corporation)

DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (S2usbser) -- C:\Windows\System32\drivers\S2usbser.sys (AMOI Incorporated)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (MobileAdapter) -- C:\Windows\System32\drivers\hmvmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5080603

IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC2.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 66 1C EE 45 8C 5B 96 49 B2 37 5E AF 27 AA 0E E9 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found

IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"

FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@bit*******.com/Bit*******DNA: C:\Program Files\DNA\plugins\npbtdna.dll (Bit*******, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files\Microsoft Research\HD View\nphdview.dll (Microsoft Research)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@bit*******.com/Bit*******DNA: File not found

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Hasan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010/12/18 21:06:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/23 12:31:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/27 13:58:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/28 18:29:19 | 000,000,000 | ---D | M]

[2011/12/28 18:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/02/12 16:57:17 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com

[2011/12/21 07:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/05/06 19:39:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/08/17 06:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll

[2011/12/21 05:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/07/18 16:39:50 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2011/12/21 05:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/21 05:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

[2011/12/21 05:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/03/23 12:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml

[2011/10/02 18:13:40 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

[2010/07/10 02:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml

[2011/12/21 05:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)

O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC2.dll (Conduit Ltd.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)

O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files\NCH\prxtbNC2.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe (Symantec Corporation)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [babylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)

O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)

O4 - HKLM..\Run: [iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)

O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)

O4 - HKCU..\Run: [sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)

O4 - HKCU..\RunOnce: [.IMinentUpdate] C:\Users\Hasan\AppData\Local\Temp\NotifierSetup.exe File not found

O4 - Startup: C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hasan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: &Search - Reg Error: Value error. File not found

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Hasan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{530A1077-6093-4772-A8EE-D4542DDE1444}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{530A1077-6093-4772-A8EE-D4542DDE1444}: NameServer = 8.26.56.26,156.154.70.22

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)

O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\datamngr.dll) -c:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)

O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) -c:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)

O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)

O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) -c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O28 - HKLM ShellExecuteHooks: {39E06D62-AA5E-4E40-8ADC-E22CCB4BD55C} - Reg Error: Value error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{3b5e3b80-ea72-11de-a1e5-001ec96e8bfe}\Shell - "" = AutoRun

O33 - MountPoints2\{3b5e3b80-ea72-11de-a1e5-001ec96e8bfe}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{55f0de8b-924a-11df-8bfe-001ec96e8bfe}\Shell - "" = AutoRun

O33 - MountPoints2\{55f0de8b-924a-11df-8bfe-001ec96e8bfe}\Shell\AutoRun\command - "" = K:\SafeStick.exe

O33 - MountPoints2\{5b1929a1-94e1-11df-9249-001ec96e8bfe}\Shell - "" = AutoRun

O33 - MountPoints2\{5b1929a1-94e1-11df-9249-001ec96e8bfe}\Shell\AutoRun\command - "" = J:\AutoInstall.exe

O33 - MountPoints2\{71c1d569-616c-11de-87ac-001ec96e8bfe}\Shell - "" = AutoRun

O33 - MountPoints2\{71c1d569-616c-11de-87ac-001ec96e8bfe}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O33 - MountPoints2\{83848889-0bf2-11df-8c18-001ec96e8bfe}\Shell - "" = AutoRun

O33 - MountPoints2\{83848889-0bf2-11df-8c18-001ec96e8bfe}\Shell\AutoRun\command - "" = J:\AutoInstall.exe

O33 - MountPoints2\{a3369442-39b7-11e0-bc86-001ec96e8bfe}\Shell - "" = AutoRun

O33 - MountPoints2\{a3369442-39b7-11e0-bc86-001ec96e8bfe}\Shell\AutoRun\command - "" = J:\autoplay.exe

O33 - MountPoints2\{ace631bf-439b-11dd-a897-001ec96e8bfe}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe

O33 - MountPoints2\{cb4245a7-86c1-11df-9423-001ec96e8bfe}\Shell - "" = AutoRun

O33 - MountPoints2\{cb4245a7-86c1-11df-9423-001ec96e8bfe}\Shell\AutoRun\command - "" = J:\AutoInstall.exe

O33 - MountPoints2\{d7a9bc45-92c0-11dd-9670-001ec96e8bfe}\Shell\Auto\command - "" = Folders.exe

O33 - MountPoints2\{d7a9bc45-92c0-11dd-9670-001ec96e8bfe}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Folders.exe

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk /p \??\N:)

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Starbuck · December 31, 2011

Hi Newtothis

Yes, that's a bit of a mess isn't it.

I'll move this thread to the malware removal forum until we've finished.

P2P Warning

Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. That is no longer true.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.

If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

Step 1

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avg or Comodo Internet Security.

Step 2

The main OTL report was cut off.

Let's get a fresh set after removing one of the AV programs.

Double click on OTL.exe to run it.

Under Extra Registry section, select Use SafeList.
Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

In your next reply, please submit:

new OTL reports

Thanks.

Sign In

Has anyone else had this?

Recommended Posts

Newtothis

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Newtothis

Plastic Nev

Newtothis

KenB

Starbuck

Newtothis

Newtothis

Newtothis

Newtothis

Starbuck

Join the conversation

Browse

Activity

Site Info