after checking out this http://www.geekstogo...us-t252807.html google redirect virus steps i've started following the instructions so hopefully we can carry on from where i'm at?
Here is the sysprot log
Spoiler
avz stuffs:
cpaste from history.txt
9/16/2009 12:16:14 AM: System Analysis with MRM enabled was run successfully
9/16/2009 12:27:10 AM: AVZPM is active
9/16/2009 12:28:21 AM: System Analysis was run successfully
virusinfo_syscheck.zip 141.03KB 97 downloads virusinfo_syscure.zip 139.5KB 103 downloads
OTL stuffs:
OTL.txt:
OTL logfile created on: 9/16/2009 12:37:41 AM - Run 1 OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Administrator\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.02% Memory free 4.00 Gb Paging File | 3.01 Gb Available in Paging File | 75.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 5.33 Gb Free Space | 7.15% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 3.76 Gb Total Space | 0.63 Gb Free Space | 16.62% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GDAYBRU Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Windows\System32\PnkBstrA.exe () PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation) PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe () PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Program Files\MagicTune Premium\GammaTray.exe () PRC - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (avg8emc [Auto | Stopped]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (MagicTuneEngine [Auto | Running]) -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe () SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (pgsql-8.3 [Auto | Running]) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\System32\PnkBstrA.exe () SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (Steam Client Service [On_Demand | Running]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation) DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation) DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (MagicTune [On_Demand | Stopped]) -- C:\Windows\System32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. ) DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\ASACPI.sys () DRV - (NCPro [System | Running]) -- C:\Windows\system32\drivers\MTictwl.sys (Samsung Electronics, Inc. ) DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (nvstor32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (RTL8192su [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (uzi3nzc1 [System | Running]) -- C:\Windows\System32\Drivers\uzi3nzc1.sys () DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.co.uk" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: [email protected]:0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/20 19:25:20 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/11 21:18:53 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 21:06:04 | 00,000,000 | ---D | M] [2009/01/07 00:49:33 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2009/01/07 00:49:33 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/09/15 13:29:56 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bek1jjvv.default\extensions [2009/07/20 20:41:54 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bek1jjvv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/08/30 01:32:59 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bek1jjvv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/03/17 01:21:01 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bek1jjvv.default\extensions\[email protected] [2009/09/15 13:29:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/09/10 21:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/01/07 00:22:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2009/03/18 17:26:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/02/18 05:12:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/03/25 12:47:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/08/29 12:39:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/09/10 21:05:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/09/10 21:05:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/11/09 17:25:00 | 00,057,344 | ---- | M] () -- C:\Program Files\mozilla firefox\components\MGSHelper.dll [2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2007/12/19 02:58:04 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009/09/10 21:05:57 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009/01/06 21:46:58 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/03/27 22:27:24 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008/03/27 22:27:39 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2008/03/27 22:27:17 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009/09/10 21:05:59 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/09/10 21:05:59 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/09/10 21:05:59 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/09/10 21:05:59 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/09/10 21:05:59 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/09/10 21:05:59 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/09/10 21:05:59 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (336385 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 11154 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [removecpl] File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [F.lux] C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe () O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe () O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009/09/16 00:35:49 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2009/09/16 00:16:14 | 00,011,264 | ---- | C] () -- C:\Windows\System32\drivers\uzi3nzc1.sys [2009/09/16 00:11:28 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\avz4 [2009/09/16 00:11:04 | 05,125,238 | ---- | C] () -- C:\Users\Administrator\Desktop\avz4.zip [2009/09/16 00:04:24 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\SysProt [2009/09/16 00:03:55 | 00,354,396 | ---- | C] () -- C:\Users\Administrator\Desktop\SysProt.zip [2009/09/14 12:17:49 | 00,516,608 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\RTL8192su.sys [2009/09/14 12:17:49 | 00,000,000 | ---D | C] -- C:\Program Files\Belkin [2009/09/14 12:17:22 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield [2009/09/12 13:06:55 | 00,000,000 | ---D | C] -- C:\ERDNT [2009/09/12 13:06:52 | 00,000,000 | ---D | C] -- C:\Windows\ERUNT [2009/09/12 13:06:52 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT [2009/09/12 13:06:40 | 00,000,000 | ---D | C] -- C:\!FixIEDef [2009/09/12 12:56:25 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2009/09/10 10:16:29 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\photog books [2009/09/09 17:36:32 | 00,199,640 | ---- | C] () -- C:\Users\Administrator\Desktop\1252510728891.jpg [2009/09/09 15:41:55 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2009/09/09 15:32:21 | 00,897,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys [2009/09/09 15:32:20 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2009/09/09 15:32:19 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2009/09/09 15:32:19 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2009/09/09 15:32:19 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2009/09/09 15:32:19 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2009/09/09 15:32:19 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2009/09/09 15:32:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2009/09/09 15:32:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE [2009/09/09 15:32:19 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2009/09/09 15:32:03 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll [2009/09/09 15:32:01 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2009/09/09 15:31:57 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2009/09/09 15:31:57 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll [2009/09/09 15:31:57 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll [2009/09/09 15:31:57 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll [2009/09/09 15:31:56 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys [2009/09/09 15:31:56 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll [2009/09/09 15:31:56 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll [2009/09/09 15:31:56 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe [2009/09/09 15:31:52 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2009/09/09 15:31:52 | 00,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll [2009/09/09 15:31:52 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2009/09/09 15:31:52 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2009/09/09 15:31:52 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2009/09/09 15:31:47 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2009/09/09 15:31:37 | 03,583,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/09/09 15:31:37 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/09/09 15:31:36 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/09/09 15:31:34 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/09/09 15:31:33 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/09/09 15:31:33 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/09/09 15:31:33 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/09/09 15:31:33 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/09/09 15:31:32 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/09/09 15:31:32 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/09/09 15:31:32 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/09/09 15:31:32 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/09/09 15:31:32 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/09/09 15:31:32 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/09/09 15:31:31 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009/09/09 15:31:18 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll [2009/09/09 15:31:12 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2009/09/09 15:31:09 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2009/09/09 15:31:04 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll [2009/09/09 15:29:43 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2009/09/09 15:29:36 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2009/09/09 15:27:19 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll [2009/09/09 15:27:18 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll [2009/09/09 15:27:17 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2009/09/09 15:27:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2009/09/09 15:27:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2009/09/09 15:27:10 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2009/09/09 15:27:10 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2009/09/09 15:27:10 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2009/09/09 15:04:24 | 00,016,800 | ---- | C] () -- C:\Users\Administrator\Desktop\asa2.jpg [2009/09/09 15:03:49 | 00,017,110 | ---- | C] () -- C:\Users\Administrator\Desktop\asa1.jpg [2009/09/06 16:14:15 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Downloads [2009/09/04 12:58:13 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lr exported photos [2009/09/02 23:29:16 | 00,132,344 | ---- | C] () -- C:\Users\Administrator\Documents\tij11v.wav [2009/09/02 17:24:27 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/09/02 12:52:59 | 00,026,624 | ---- | C] () -- C:\Users\Administrator\Desktop\TimetableY2S109.doc [2009/09/01 23:15:24 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Osmos [2009/09/01 23:15:01 | 00,000,760 | ---- | C] () -- C:\Users\Administrator\Desktop\Osmos.lnk [2009/09/01 23:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\Osmos [2009/09/01 17:56:03 | 00,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2009/09/01 17:56:03 | 00,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2009/09/01 17:56:03 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\OsmosDemo [2009/09/01 17:56:03 | 00,000,000 | ---D | C] -- C:\Program Files\OpenAL [2009/08/31 00:23:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2009/08/31 00:23:52 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009/08/30 19:14:21 | 00,000,256 | -H-- | C] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/08/30 19:11:05 | 00,009,200 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys [2009/08/30 19:11:05 | 00,009,072 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys [2009/08/30 19:11:00 | 00,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Lightroom 2.4.lnk [2009/08/30 19:07:01 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Adobe [2009/08/30 17:55:42 | 06,083,274 | ---- | C] () -- C:\Users\Administrator\Desktop\Bittersweet Dirt Off Your Shoulder.mp3 [2009/08/29 12:39:02 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009/08/29 12:39:02 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009/08/29 12:39:02 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009/08/28 18:21:52 | 01,197,980 | ---- | C] () -- C:\Users\Administrator\Desktop\DSC_0603.NEF.jpg [2009/08/27 13:59:25 | 00,008,165 | ---- | C] () -- C:\Users\Administrator\Desktop\golfy.ods [2009/08/23 17:28:53 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Atlus [2009/08/23 17:28:49 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2009/08/23 17:28:49 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2009/08/23 17:28:49 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2009/08/23 17:28:48 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2009/08/23 17:28:48 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2009/08/23 17:28:48 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2009/08/23 17:28:48 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2009/08/23 17:28:46 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2009/08/23 17:28:46 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2009/08/23 17:28:45 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2009/08/23 13:11:53 | 14,408,120 | ---- | C] (Holdem Manager, [email protected]) -- C:\Users\Administrator\Desktop\HmBetaUpdate.exe [2009/08/19 23:06:12 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\HDRsoft [2009/08/19 23:02:09 | 00,001,765 | ---- | C] () -- C:\Users\Administrator\Desktop\Photomatix Pro 3.lnk [2009/08/19 23:02:08 | 00,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro3 [2009/08/17 22:27:09 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\My Battle for Middle-earth Files [2009/08/17 22:24:06 | 00,002,031 | ---- | C] () -- C:\Users\Public\Desktop\The Battle for Middle-earth (tm).lnk [2009/08/17 22:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES [2009/06/11 20:46:33 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009/06/11 20:46:33 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009/06/11 20:46:33 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009/05/03 15:36:35 | 00,138,944 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009/02/01 13:39:21 | 00,000,082 | ---- | C] () -- C:\Windows\mafosav.INI [2009/01/08 22:46:13 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009/01/07 22:48:21 | 00,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2009/01/07 05:22:08 | 00,008,303 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2006/11/02 11:23:31 | 00,000,311 | ---- | C] () -- C:\Windows\win.ini [2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2006/11/02 09:43:04 | 00,062,464 | ---- | C] () -- C:\Windows\System32\cngaudit.dll [2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/10/11 04:33:58 | 00,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2004/08/13 10:56:20 | 00,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009/09/16 00:35:49 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2009/09/16 00:30:07 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/09/16 00:30:05 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/09/16 00:30:03 | 00,000,256 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/09/16 00:30:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/09/16 00:29:57 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/09/16 00:28:24 | 04,242,432 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db [2009/09/16 00:28:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2009/09/16 00:28:23 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm [2009/09/16 00:16:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2009/09/16 00:16:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm [2009/09/16 00:16:14 | 00,011,264 | ---- | M] () -- C:\Windows\System32\drivers\uzi3nzc1.sys [2009/09/16 00:11:11 | 05,125,238 | ---- | M] () -- C:\Users\Administrator\Desktop\avz4.zip [2009/09/16 00:03:57 | 00,354,396 | ---- | M] () -- C:\Users\Administrator\Desktop\SysProt.zip [2009/09/15 20:47:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2009/09/15 20:47:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2009/09/15 19:06:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2009/09/15 19:06:12 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm [2009/09/15 17:14:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2009/09/15 17:14:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm [2009/09/15 15:07:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2009/09/15 15:07:39 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm [2009/09/15 14:39:39 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/09/15 14:39:39 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009/09/15 14:39:39 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009/09/15 11:00:11 | 41,158,093 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009/09/15 11:00:11 | 00,105,246 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009/09/15 07:15:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2009/09/15 07:15:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2009/09/14 18:48:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2009/09/14 18:48:07 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2009/09/14 17:05:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2009/09/14 17:05:32 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm [2009/09/14 12:20:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2009/09/14 12:20:24 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm [2009/09/14 00:25:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2009/09/14 00:25:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm [2009/09/13 11:25:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2009/09/13 11:25:45 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2009/09/13 11:01:44 | 00,008,165 | ---- | M] () -- C:\Users\Administrator\Desktop\golfy.ods [2009/09/13 09:48:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2009/09/13 09:48:07 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2009/09/13 01:40:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2009/09/13 01:40:51 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm [2009/09/12 12:56:45 | 00,336,385 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2009/09/12 00:09:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2009/09/12 00:09:14 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm [2009/09/11 13:21:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2009/09/11 13:21:20 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm [2009/09/11 00:36:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2009/09/11 00:36:49 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm [2009/09/10 19:05:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2009/09/10 19:05:31 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm [2009/09/10 16:29:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2009/09/10 16:29:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm [2009/09/09 17:36:33 | 00,199,640 | ---- | M] () -- C:\Users\Administrator\Desktop\1252510728891.jpg [2009/09/09 15:04:24 | 00,016,800 | ---- | M] () -- C:\Users\Administrator\Desktop\asa2.jpg [2009/09/09 15:03:49 | 00,017,110 | ---- | M] () -- C:\Users\Administrator\Desktop\asa1.jpg [2009/09/08 00:28:12 | 00,000,508 | ---- | M] () -- C:\Users\Administrator\Documents\My Sharing Folders.lnk [2009/09/02 23:29:20 | 00,132,344 | ---- | M] () -- C:\Users\Administrator\Documents\tij11v.wav [2009/09/02 12:53:07 | 00,026,624 | ---- | M] () -- C:\Users\Administrator\Desktop\TimetableY2S109.doc [2009/09/01 23:15:01 | 00,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2009/09/01 23:15:01 | 00,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2009/09/01 23:15:01 | 00,000,760 | ---- | M] () -- C:\Users\Administrator\Desktop\Osmos.lnk [2009/08/30 19:11:00 | 00,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Lightroom 2.4.lnk [2009/08/30 17:56:12 | 06,083,274 | ---- | M] () -- C:\Users\Administrator\Desktop\Bittersweet Dirt Off Your Shoulder.mp3 [2009/08/28 18:21:52 | 01,197,980 | ---- | M] () -- C:\Users\Administrator\Desktop\DSC_0603.NEF.jpg [2009/08/28 14:38:22 | 24,689,600 | ---- | M] () -- C:\Windows\System32\mrt.exe [2009/08/28 13:39:07 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2009/08/28 11:15:30 | 04,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2009/08/26 22:35:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2009/08/26 22:35:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm [2009/08/25 22:12:50 | 00,100,352 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/23 13:12:42 | 14,408,120 | ---- | M] (Holdem Manager, [email protected]) -- C:\Users\Administrator\Desktop\HmBetaUpdate.exe [2009/08/19 23:02:09 | 00,001,765 | ---- | M] () -- C:\Users\Administrator\Desktop\Photomatix Pro 3.lnk [2009/08/17 22:24:06 | 00,002,031 | ---- | M] () -- C:\Users\Public\Desktop\The Battle for Middle-earth (tm).lnk [2009/08/17 12:59:09 | 00,097,068 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [color=#E56717]========== LOP Check ==========[/color] [2009/09/14 12:17:22 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming [2009/06/23 20:24:11 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\3M [2009/08/23 17:28:53 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Atlus [2009/01/10 11:44:44 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bioshock [2009/03/26 18:33:47 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Broken Rules [2009/05/25 22:17:43 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss [2009/06/23 20:23:03 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo [2009/08/19 23:06:12 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HDRsoft [2009/06/17 14:10:18 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mIRC [2009/08/18 22:53:08 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\My Battle for Middle-earth Files [2009/03/30 15:56:04 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org [2009/08/12 20:24:23 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PTGui [2009/09/06 21:07:06 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\teamspeak2 [2009/06/19 22:45:00 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tibia [2009/09/09 00:15:18 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent [2009/01/28 01:05:07 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ventrilo [2009/09/16 00:30:00 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT [2009/09/16 00:28:27 | 00,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/09/16 00:30:03 | 00,000,256 | -H-- | M] () -- C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [color=#E56717]========== Purity Check ==========[/color] < End of report >
extras.txt:
OTL Extras logfile created on: 9/16/2009 12:37:41 AM - Run 1 OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Administrator\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.02% Memory free 4.00 Gb Paging File | 3.01 Gb Available in Paging File | 75.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 5.33 Gb Free Space | 7.15% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 3.76 Gb Total Space | 0.63 Gb Free Space | 16.62% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GDAYBRU Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1654579155-3963353159-2717170993-500] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1227EE89-AFCE-410A-B4BF-901CA55A62F0}" = lport=138 | protocol=17 | dir=in | app=system | "{394BD173-B18B-46E6-AEA2-795D87C1FB59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{494C3D20-3810-41A6-B6BC-66F8A5CE4FF3}" = lport=139 | protocol=6 | dir=in | app=system | "{4C24421F-53D5-46DB-80DE-463C73543E66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4EF74D32-2857-4103-9567-229DEEC49972}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7B4A08E6-9434-42BF-A942-C2FE245F151F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7BCF842A-008D-48AC-A9CA-A7B71C38A3C5}" = rport=445 | protocol=6 | dir=out | app=system | "{7C5C1EFE-25F7-4115-9775-4CEAEADF3667}" = rport=139 | protocol=6 | dir=out | app=system | "{7D78E2B2-24BE-4A84-BADB-CA63784DCFCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{840C4611-F588-4271-AAAE-CA0F58DF320F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{94ADCD3B-9421-42FA-A50A-76F67C90C5B9}" = lport=2869 | protocol=6 | dir=in | app=system | "{9EA11174-A6E5-4025-A6F8-6B8A778C357D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A55C18E1-606F-4739-8C1F-6920BC3DE1BB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{AD0CB114-20C2-431C-BB69-6FDBC6173D17}" = lport=445 | protocol=6 | dir=in | app=system | "{CFBE7FDB-55B4-49DD-BB8F-CE855D77CC3C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D92A1AC4-1F1F-4818-BA18-5CDF5C61BBDE}" = rport=137 | protocol=17 | dir=out | app=system | "{E19EC7B7-23FF-42EA-BABE-14C05E4D39EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E662AB29-545C-43EC-BA8B-91E827627DAE}" = lport=137 | protocol=17 | dir=in | app=system | "{EA99C2BC-F472-4467-9BF2-625229761AAE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{F8FD4C9A-A433-43D7-9DD3-5BD81FAF6C62}" = rport=138 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02008B63-DDF2-4674-8F0D-FB216CA2D7DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{029637E5-528A-4FDC-AA13-0B2E57C24C19}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{06443C1F-8D2B-42DD-B58C-D3506AA613AE}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{06D55E84-36F9-4BDB-9EF0-B9DAA80F4EA2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{06F3C180-A9F5-491B-BD15-119CB5EB8A11}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0906975B-E96B-4437-AA0B-A6A9B2DBC831}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{09856F4A-2AE6-48E3-BAA4-5308F45A79EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0A7B9E78-EE9F-44A1-B064-196639757B58}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0BC87BDE-2AB7-42AE-9416-36542B964E66}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0BF3D38F-040D-4D6B-BB85-8DA565F75030}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0D6F0D66-4464-4C00-A9BC-DF300B61045F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\peggle deluxe\peggle.exe | "{10F15FBD-2ADA-406F-A3BA-EF99A8244540}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{13BD20AD-E585-4841-B358-1D42275588E4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | "{16D4003A-298B-4B10-B0ED-7534B9FA7AFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{187E8925-76A7-4740-87C6-41BF6154C563}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1AC0B5D5-678C-4270-A598-BC69880F7F7E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1B29E5E3-7362-481C-AC91-E3FF19827E0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{202F4EB8-C2CF-4C85-BAF6-207D36E8FCCE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{208EFE58-E26B-47F4-AE05-5B41621DE9B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{21771214-A57A-4827-AC40-F35A5F4BAC39}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{23C64492-C8CB-43F7-91C2-2D7AD578A271}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{27EDD641-F119-46CA-8147-90FB8F59034F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{28C748B8-4950-4478-8972-8643DE647513}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2A73FD68-90F3-4113-8FFA-1A701E3B541A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2B58CB55-80E2-47DE-9834-50D3F87E0C3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2B5DFCE2-771F-4377-8C36-82EA087CD11C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2E5FEE88-0BCE-4C7A-8924-1E23C8ACA06F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{324FEB5D-D5C2-4C53-800A-03984560FF32}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{33E523C2-370A-482C-B05B-55EE7748232C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{358BB42C-4A2C-44C2-A815-CA51ADE0525E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{369882B8-2B6A-47B1-8635-E52434DD72CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{383EE5C6-180A-42EB-A33A-8C681CF7A98B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3A0DDB3C-8794-4584-9C20-466FFB70095A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3A7899BB-ADF4-4CCC-A099-EC301CAD620F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3AE6B0B7-CE60-4188-8006-3B75D1E77B42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3CA9147A-4A5C-46DF-8923-C86FD0C5AC3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3CE8121E-94CC-4DB2-8F41-00A700A6C44D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3EC03B6C-5696-4714-9BB5-2D0CCCE5733D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3F38914A-748E-4C39-8420-602790ADFA18}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3F82FC94-F6AD-4F9A-9E3A-0A21D0FD1149}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{43D60696-C490-4C8D-961D-32B24239216F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | "{43DFE05F-8A27-457A-A0B4-B43DE71EB652}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{45DAF818-0399-4717-871E-50C663D0B027}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4891B038-1741-4B20-BD20-A2B3E314EABA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4A2EE61D-D2F7-4155-8D8A-4035FD1B7C3D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4B22F56C-D3AA-415D-9CF5-006E07E31CA8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\peggle deluxe\peggle.exe | "{4EF03982-486F-4075-946C-75290283B83E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{501726BB-56DB-4DE0-9ACE-C585F31317C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{50581AFA-0431-47D2-9878-11B1AAA1DE55}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{508D32DD-B679-44B4-89ED-1809BF063D2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{53E618A8-61B3-4164-BA80-0AC77F62ABCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{580DE614-43D5-4185-89EB-1ED294C3BBF2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{58F55F1E-0242-483E-9652-96AA300CF55E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | "{59F54CED-8DAA-4218-82CC-37BD18A9A109}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5A6332D4-43BC-4034-9386-5DA097615A17}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5B365469-3A64-4671-80F7-48ABF5151879}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C4A09DD-9B83-49FF-A1D6-8308A4E19A08}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{61F0CE23-1E49-4D6C-B7C5-F5A2308F555A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6369A41F-CC4C-4D77-B937-0FEDD358FAFD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6391C794-E2E0-4D83-9750-C5046280C7C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{65A42BE7-6BCD-4898-95A1-5073D860FA37}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6642F9DA-3D18-4146-8FF3-99FF38DCEEC4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{685B1BA1-267C-4746-8CB4-B3F146FCD398}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{69CAF089-C63D-4EE2-BD43-1CFCF0D9D405}" = protocol=1 | dir=out | [email protected],-28544 | "{6DA87997-6233-479A-A92A-9C095F0C0F05}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6EF7AA4D-8830-4DAC-8230-4CEFAE338A47}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{700862FA-C720-4097-81D2-8F47C5138714}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{70C1056A-75E5-4289-BC75-3CF107D52FB9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{70EA916E-011B-4DCE-AEF7-092CBA5DF072}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{743D9611-BD23-4001-B058-989446EB7CA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{75E80EC2-F308-4769-AD30-C8FE88FA0DF4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7603989E-83FA-4554-A28B-7E223C60CEEC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{793470A7-717B-4F2C-8A42-FBB5EE45D544}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{799DC2DE-0CFC-4975-B34B-4D9ED25F14DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7A13237E-8E48-47CF-B6EA-337ADDA7167B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7A901CE8-8BD1-45A7-BB7C-2E51D5629728}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7B0A78B1-BC4D-4FA4-A3D3-A269DAE174EF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7FC46F81-3600-4A53-9AD3-03E01CF7749F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{80452D39-612E-4817-B967-BFCE13935C25}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{80A389C3-45C3-4DAD-AADD-EEB2A6243FBF}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | "{80D98E9E-15DA-4318-BB39-A3E56898359C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{828B934A-A5A5-47F6-BD00-A735BEC3DAA9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{843EE5BD-4B7C-48EE-BDAC-3355C63DAF16}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{85838765-9C84-4026-83A5-8BC6802B3873}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{85949895-54A6-4263-9376-4A97C8BAABE9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{87053AE7-A444-4625-ABE8-F461A8CE5B3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{87BF6F2A-DD3E-4FE1-A343-1C13DCF4C202}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8C16A375-1B5D-4491-B567-A44F53198DE5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{8D6732FE-26EC-4955-AA35-4B97AFEC63B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8EBF4406-9D3D-4BEE-ACE6-8F18D2B994A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9063F037-FF88-4C13-8248-7D7A327E5D1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{917D479B-8A7F-4BC1-8E94-93BDDA57DFC9}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{92FEB4FD-BBF8-4934-AC3F-AE8775F20B57}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{939D2075-96D8-410B-858B-82E4104437B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{94A2E864-DE19-434A-AFF3-C388DB1F2150}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9517AC22-EF71-49E9-8CEB-DAEE1640BDE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9813C7E6-39CE-4A62-9047-DDEEBFD32435}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{98B152CF-164A-4D16-BBFB-509129958A81}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{99B53F9A-1887-4E75-AC77-DA7BC90C705E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9BABC383-0087-4845-895D-9CE3602B2B00}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{9BDF1523-2992-4B0A-85B9-8E843B98BDBB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9CF983C7-DE31-4D5E-AF58-8075DFB4AFB2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9FB961F5-142A-47CF-8AA0-C7441BC00D1D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A0731E87-76AC-46C1-9856-3AF0D1D56EED}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A098B909-5C09-43B8-A50E-18F1ACE1AFFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A790E36F-526F-4ABA-92C9-ED2445CE8CE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A97E8AC0-0387-45B6-8854-9BA02B420B45}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{AA3E4437-A3D3-461C-B35E-5DE918904BE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AAAD3D6D-2E86-4D3F-AC3D-4503FD9E5FD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AE3C4D4F-2307-4A73-9918-793D88859D54}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AF5F2E24-21AA-41EA-AC71-229C283C0936}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B131B855-28C0-4931-A8AB-8B9EC0BC8D26}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B15C5C08-831C-43E6-BDF8-681A45CB0606}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B3D166A5-367B-40B9-9666-F0CF485481E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B51BB3D1-539A-489A-8C0E-C66497F5E24C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B69A8B70-5770-403B-9635-B4913D09B5C6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | "{B8890F8C-A1A8-4104-85D8-3D5F640C4DD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B962B892-D316-4DFC-A499-50C2F9A09786}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B9BF3611-53DA-48D0-A928-454C865D778A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BA7ADF10-9456-4F8D-A39E-3C15F275E4DA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{BAB837AF-E603-4FF4-86D0-4BD8E400BCA1}" = protocol=58 | dir=out | [email protected],-28546 | "{BBBC326B-A342-4828-B654-53D5F28415DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BD534AFE-B0AF-4D41-A6B1-BD8D09D2BCC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BE7EDA54-F238-486F-B076-6613808C6104}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BF1064E0-EC3E-4D08-9941-F206D6E6DF6D}" = protocol=58 | dir=in | [email protected],-28545 | "{BFCE1930-87E3-4E46-A271-C4B8A813DF2A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C082FB34-4547-46AB-BA2F-639B2AD51DFF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C12301A4-0E63-4990-8D40-FA2014AB9683}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C2535BB8-D0C0-47A8-A56F-907A3E2C076E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C2D73515-9E04-4FA5-ACDB-A55EF8197962}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C597823C-8317-4AB7-B185-38AF55A8D98D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\osmos demo\osmosdemo.exe | "{C62843C6-9B4D-4231-AE94-26E6D866E7AC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{C6BC0B6A-8513-4F0F-A689-CA7160872DA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C709D216-E8D1-48A7-88CE-F6E30A63E376}" = protocol=17 | dir=in | app=c:\program files\ea games\the battle for middle-earth (tm)\game.dat | "{C9CDC0BA-128F-479C-BCC7-B4711143B92C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{CD8A5180-53F5-43D6-B6BE-340CC5C8BBB8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CF682C21-7A0C-44A6-9CE5-25FE0F778B52}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CF9FE22B-001B-4AC7-8568-84700DF17AFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D074345F-FF36-4587-A3DA-FE19E015BA9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D133E3DC-C2E2-47CA-97D3-6B03BA84ED07}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D2BAF581-934E-42EF-A28B-B4097C7BA030}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D531657B-A796-459A-A815-FC3E25920AA0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D566E859-5CBB-40FC-BB93-556E97CF4807}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D5916BA3-AAEC-4FB7-A2B7-320B8E45CB2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D6FF0FCA-FA0E-4F18-B681-6482C4DE2F71}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{D844DB5C-C6C5-4225-8032-A3970696769F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D9F371C7-404E-41AB-9C29-00105A4796AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DA4F9774-2C53-4561-A183-DB2E2751F28E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DAABA187-4C46-42EE-9509-3AC2E1B2ADAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DD9C03E6-8C3C-48F1-8135-D60B4D06DD08}" = protocol=6 | dir=in | app=c:\program files\ea games\the battle for middle-earth (tm)\game.dat | "{DF10EE15-438D-4209-85D6-5AEB14D18D87}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E0691DBA-88C1-4B0A-BF8B-061680247832}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E0B673FF-4BC7-4EF7-A71F-069893A69FB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E17CAA33-3712-484D-8ED3-63F5AD47A5F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E1A2E0DC-0504-4189-9E79-FFBB20CEDC78}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E3FCBD4B-3CDE-4C70-9802-658979505732}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E4179D0D-AE79-425D-9312-B6D743C94EEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E7DAACE7-0652-442B-99CF-0CB6C112F8D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E93E64E4-1012-4346-9F05-FEEB97352CC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9FA73D9-4CA4-4A6F-8724-C1A0DA8222AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EB0A7CBF-4D91-44C8-B726-84978389272B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EC0F67E7-B6C0-43D6-9E20-76083CA48199}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EF0BE23A-5DEE-4677-9C6D-C98743067E40}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F24EFBEB-218B-463E-A5DF-BE06E34F016C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F2C24518-08AF-4FCB-AD72-42BD407B958E}" = protocol=1 | dir=in | [email protected],-28543 | "{F3FE99DA-8CB6-4975-AE99-00CDCF4520C7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\osmos demo\osmosdemo.exe | "{F5F12AE8-343E-4252-8908-1AC752672D7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F5F7D8B6-7BD5-485C-AEAE-8769BB932B7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FB183718-7FDD-4758-BD60-B18E59C5BD98}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FBC5119D-38B1-4E33-A28E-4D5570370811}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{4AEEA569-C44C-4D3C-BC26-1ECC6CE63C3D}C:\program files\ea games\the battle for middle-earth (tm)\patchget.dat" = protocol=6 | dir=in | app=c:\program files\ea games\the battle for middle-earth (tm)\patchget.dat | "TCP Query User{4E3D2621-49E0-4742-8543-5822825CF512}C:\program files\steam\steamapps\crocodilius\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\crocodilius\team fortress 2\hl2.exe | "TCP Query User{554A5DF0-6FB3-466A-9331-4501220E0EA5}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{5642D888-A4D2-4A7B-9C31-1975246F030D}C:\program files\steam\steamapps\piroozali2\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\piroozali2\counter-strike source\hl2.exe | "TCP Query User{56DF7078-31A6-4D1D-A1E0-6B52EC1BC548}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | "TCP Query User{76080775-641E-47BC-90BE-00BD4D1E3FBC}C:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe | "TCP Query User{76F3E745-9979-449A-84EE-6688B5F5FE62}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{829D011B-F33E-45F3-9273-B61DB4C2BCF1}C:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe | "TCP Query User{90B9F76C-058D-438E-AB1F-3DB29FA4D395}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | "TCP Query User{92687241-089C-45F4-A4DD-3B628E0E8BC6}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | "TCP Query User{945E38CB-5CEC-44EA-B580-CCB746F6CC79}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | "TCP Query User{96A9F518-DF16-44AA-9329-8B3EE34F7C33}C:\users\administrator\desktop\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\diablo ii\game.exe | "TCP Query User{9712DE22-6CED-45BC-8A1D-191F56096EAD}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | "TCP Query User{A4761F8C-E36D-4D64-BDCD-758FF88106A9}C:\program files\b2bpoker\5betpoker\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\b2bpoker\5betpoker\jre\bin\javaw.exe | "TCP Query User{C59ED34E-F57C-4BC4-9BF1-5888BD2398B3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{D9F4F08B-F906-4F52-A742-8D159913A9A5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{DCFBFCF4-9888-4C37-8776-65A154C679B8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{1DEAB577-5E7C-48BA-B5E1-71FB2A930060}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | "UDP Query User{4049910E-2514-44D3-80ED-6E870F46A256}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | "UDP Query User{52BDF11A-A93A-47D8-9AF5-7FB003A7873C}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | "UDP Query User{6D730E24-C2D1-4586-B84E-1D1790630FAB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{6DBA8545-BA92-4A54-BDFE-F5C75DA6A65F}C:\program files\ea games\the battle for middle-earth (tm)\patchget.dat" = protocol=17 | dir=in | app=c:\program files\ea games\the battle for middle-earth (tm)\patchget.dat | "UDP Query User{814EF05A-8DDB-4079-9AB2-CD3788EE0038}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{88B35EC6-9641-45C0-90C4-D58A18FCB8DE}C:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe | "UDP Query User{8BF690DA-3451-489B-A038-12CDD0FA8E35}C:\program files\steam\steamapps\piroozali2\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\piroozali2\counter-strike source\hl2.exe | "UDP Query User{9D4F5BA2-F754-4E4B-8B42-2AD50B67B364}C:\program files\steam\steamapps\crocodilius\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\crocodilius\team fortress 2\hl2.exe | "UDP Query User{A90CF645-E799-4674-88AB-8351C21FDDCF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{BB990305-04C6-4ABC-914D-EF20A5AD774B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{CA3C6C53-C497-489E-B3DA-D47AFFB4D4E5}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{D3FAD91A-B29F-4934-9CDF-19A155CC0489}C:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe | "UDP Query User{DD42D858-0F13-40A6-838C-251CF13521D1}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | "UDP Query User{E877044C-5E0D-48AB-99BB-B6B88853DE09}C:\program files\b2bpoker\5betpoker\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\b2bpoker\5betpoker\jre\bin\javaw.exe | "UDP Query User{EF3928DE-0235-4AAD-A3D2-A2A5CB4AC399}C:\users\administrator\desktop\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\diablo ii\game.exe | "UDP Query User{F269B920-2884-4501-B4B7-4A773045CFE5}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{10AB76C4-BE3C-44ED-A902-885BBF37B4C0}" = ASIX AX88772 Vista 32Bit Driver "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{33FF2328-8CE0-425E-AEDC-BEF9AED09153}" = Tourney Manager "{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder "{3EB3B7E8-1466-405A-B5BC-44513AF85E34}_is1" = UltimateBet "{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = The Battle for Middle-earth (tm) "{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager "{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup "{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}" = Adobe Photoshop Lightroom 2.4 "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.21 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AFC02C27-473F-4EC5-9372-30771EFFB35F}" = VC80_CRT_x86 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0 "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3 "AudibleManager" = AudibleManager "Autopano Pro" = Autopano Pro "AVG8Uninstall" = AVG Free 8.5 "CCleaner" = CCleaner (remove only) "InstallShield_{10AB76C4-BE3C-44ED-A902-885BBF37B4C0}" = ASIX AX88772 Vista 32Bit Driver "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "mIRC" = mIRC "Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14) "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "PartyPoker" = PartyPoker "PartyPokerNet" = PartyPokerNet "PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2.1 "Picasa 3" = Picasa 3 "PropagandaPoker" = PropagandaPoker "PunkBusterSvc" = PunkBuster Services "Soulseek" = SoulSeek Client 156c "Steam App 11020" = TrackMania Nations Forever "Steam App 240" = Counter-Strike: Source "Steam App 29200" = Osmos Demo "Steam App 3482" = Peggle Deluxe Demo "Steam App 400" = Portal "SysInfo" = Creative System Information "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "VLC media player" = VLC media player 0.9.8a "WinRAR archiver" = WinRAR archiver [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Flux" = F.lux "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
thanks in advance
Edited by Alex1111, 15 September 2009 - 06:00 PM.