Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect virus


  • Please log in to reply

#1
Alex1111

Alex1111

    New Member

  • Member
  • Pip
  • 7 posts
lately aswell as soon as i type a search in the google search bar i get a white screen and no page loads.

after checking out this http://www.geekstogo...us-t252807.html google redirect virus steps i've started following the instructions so hopefully we can carry on from where i'm at?

Here is the sysprot log
Spoiler

avz stuffs:
cpaste from history.txt

9/16/2009 12:16:14 AM: System Analysis with MRM enabled was run successfully
9/16/2009 12:27:10 AM: AVZPM is active
9/16/2009 12:28:21 AM: System Analysis was run successfully

Attached File  virusinfo_syscheck.zip   141.03KB   68 downloadsAttached File  virusinfo_syscure.zip   139.5KB   73 downloads

OTL stuffs:
OTL.txt:
OTL logfile created on: 9/16/2009 12:37:41 AM - Run 1
OTL by OldTimer - Version 3.0.14.0	 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.02% Memory free
4.00 Gb Paging File | 3.01 Gb Available in Paging File | 75.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 5.33 Gb Free Space | 7.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.76 Gb Total Space | 0.63 Gb Free Space | 16.62% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GDAYBRU
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\PnkBstrA.exe ()
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe ()
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\MagicTune Premium\GammaTray.exe ()
PRC - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (avg8emc [Auto | Stopped]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MagicTuneEngine [Auto | Running]) -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (pgsql-8.3 [Auto | Running]) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\System32\PnkBstrA.exe ()
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (Steam Client Service [On_Demand | Running]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (MagicTune [On_Demand | Stopped]) -- C:\Windows\System32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\ASACPI.sys ()
DRV - (NCPro [System | Running]) -- C:\Windows\system32\drivers\MTictwl.sys (Samsung Electronics, Inc. )
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvstor32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8192su [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\RTL8192su.sys (Realtek Semiconductor Corporation						   )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (uzi3nzc1 [System | Running]) -- C:\Windows\System32\Drivers\uzi3nzc1.sys ()
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "google.co.uk"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/20 19:25:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/11 21:18:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 21:06:04 | 00,000,000 | ---D | M]
 
[2009/01/07 00:49:33 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2009/01/07 00:49:33 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/15 13:29:56 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bek1jjvv.default\extensions
[2009/07/20 20:41:54 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bek1jjvv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/30 01:32:59 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bek1jjvv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/17 01:21:01 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bek1jjvv.default\extensions\[email protected]
[2009/09/15 13:29:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 21:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/07 00:22:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/03/18 17:26:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/18 05:12:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/25 12:47:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/29 12:39:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/10 21:05:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 21:05:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/11/09 17:25:00 | 00,057,344 | ---- | M] () -- C:\Program Files\mozilla firefox\components\MGSHelper.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/12/19 02:58:04 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/10 21:05:57 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/01/06 21:46:58 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/03/27 22:27:24 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/10 07:41:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/03/27 22:27:39 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/03/27 22:27:17 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/09/10 21:05:59 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/10 21:05:59 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/10 21:05:59 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/10 21:05:59 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/10 21:05:59 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/10 21:05:59 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/10 21:05:59 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (336385 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 	localhost
O1 - Hosts: 127.0.0.1 	www.007guard.com
O1 - Hosts: 127.0.0.1 	007guard.com
O1 - Hosts: 127.0.0.1 	008i.com
O1 - Hosts: 127.0.0.1 	www.008k.com
O1 - Hosts: 127.0.0.1 	008k.com
O1 - Hosts: 127.0.0.1 	www.00hq.com
O1 - Hosts: 127.0.0.1 	00hq.com
O1 - Hosts: 127.0.0.1 	010402.com
O1 - Hosts: 127.0.0.1 	www.032439.com
O1 - Hosts: 127.0.0.1 	032439.com
O1 - Hosts: 127.0.0.1 	www.0scan.com
O1 - Hosts: 127.0.0.1 	0scan.com
O1 - Hosts: 127.0.0.1 	1000gratisproben.com
O1 - Hosts: 127.0.0.1 	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 	1001namen.com
O1 - Hosts: 127.0.0.1 	www.1001namen.com
O1 - Hosts: 127.0.0.1 	100888290cs.com
O1 - Hosts: 127.0.0.1 	www.100888290cs.com
O1 - Hosts: 127.0.0.1 	www.100sexlinks.com
O1 - Hosts: 127.0.0.1 	100sexlinks.com
O1 - Hosts: 127.0.0.1 	10sek.com
O1 - Hosts: 127.0.0.1 	www.10sek.com
O1 - Hosts: 127.0.0.1 	www.1-2005-search.com
O1 - Hosts: 127.0.0.1 	1-2005-search.com
O1 - Hosts: 11154 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [removecpl]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/09/16 00:35:49 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/09/16 00:16:14 | 00,011,264 | ---- | C] () -- C:\Windows\System32\drivers\uzi3nzc1.sys
[2009/09/16 00:11:28 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\avz4
[2009/09/16 00:11:04 | 05,125,238 | ---- | C] () -- C:\Users\Administrator\Desktop\avz4.zip
[2009/09/16 00:04:24 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\SysProt
[2009/09/16 00:03:55 | 00,354,396 | ---- | C] () -- C:\Users\Administrator\Desktop\SysProt.zip
[2009/09/14 12:17:49 | 00,516,608 | ---- | C] (Realtek Semiconductor Corporation						   ) -- C:\Windows\System32\drivers\RTL8192su.sys
[2009/09/14 12:17:49 | 00,000,000 | ---D | C] -- C:\Program Files\Belkin
[2009/09/14 12:17:22 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2009/09/12 13:06:55 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009/09/12 13:06:52 | 00,000,000 | ---D | C] -- C:\Windows\ERUNT
[2009/09/12 13:06:52 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/12 13:06:40 | 00,000,000 | ---D | C] -- C:\!FixIEDef
[2009/09/12 12:56:25 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/09/10 10:16:29 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\photog books
[2009/09/09 17:36:32 | 00,199,640 | ---- | C] () -- C:\Users\Administrator\Desktop\1252510728891.jpg
[2009/09/09 15:41:55 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/09/09 15:32:21 | 00,897,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/09 15:32:20 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/09 15:32:19 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/09 15:32:19 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/09 15:32:19 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/09 15:32:19 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/09 15:32:19 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/09 15:32:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/09 15:32:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/09 15:32:19 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/09 15:32:03 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/09/09 15:32:01 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/09/09 15:31:57 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/09/09 15:31:57 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/09/09 15:31:57 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/09/09 15:31:57 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/09/09 15:31:56 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/09/09 15:31:56 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/09/09 15:31:56 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/09/09 15:31:56 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/09/09 15:31:52 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/09 15:31:52 | 00,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/09 15:31:52 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/09 15:31:52 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/09 15:31:52 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/09 15:31:47 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/09 15:31:37 | 03,583,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/09/09 15:31:37 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/09/09 15:31:36 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/09/09 15:31:34 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/09/09 15:31:33 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/09/09 15:31:33 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/09/09 15:31:33 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/09/09 15:31:33 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/09/09 15:31:32 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/09/09 15:31:32 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/09/09 15:31:32 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/09/09 15:31:32 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/09/09 15:31:32 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/09/09 15:31:32 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/09/09 15:31:31 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/09/09 15:31:18 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/09/09 15:31:12 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/09 15:31:09 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/09/09 15:31:04 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/09/09 15:29:43 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/09/09 15:29:36 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/09/09 15:27:19 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/09/09 15:27:18 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/09/09 15:27:17 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/09/09 15:27:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/09/09 15:27:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/09/09 15:27:10 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/09/09 15:27:10 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/09/09 15:27:10 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/09/09 15:04:24 | 00,016,800 | ---- | C] () -- C:\Users\Administrator\Desktop\asa2.jpg
[2009/09/09 15:03:49 | 00,017,110 | ---- | C] () -- C:\Users\Administrator\Desktop\asa1.jpg
[2009/09/06 16:14:15 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Downloads
[2009/09/04 12:58:13 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lr exported photos
[2009/09/02 23:29:16 | 00,132,344 | ---- | C] () -- C:\Users\Administrator\Documents\tij11v.wav
[2009/09/02 17:24:27 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/09/02 12:52:59 | 00,026,624 | ---- | C] () -- C:\Users\Administrator\Desktop\TimetableY2S109.doc
[2009/09/01 23:15:24 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Osmos
[2009/09/01 23:15:01 | 00,000,760 | ---- | C] () -- C:\Users\Administrator\Desktop\Osmos.lnk
[2009/09/01 23:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\Osmos
[2009/09/01 17:56:03 | 00,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2009/09/01 17:56:03 | 00,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2009/09/01 17:56:03 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\OsmosDemo
[2009/09/01 17:56:03 | 00,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2009/08/31 00:23:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/08/31 00:23:52 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/30 19:14:21 | 00,000,256 | -H-- | C] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/30 19:11:05 | 00,009,200 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys
[2009/08/30 19:11:05 | 00,009,072 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys
[2009/08/30 19:11:00 | 00,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Lightroom 2.4.lnk
[2009/08/30 19:07:01 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Adobe
[2009/08/30 17:55:42 | 06,083,274 | ---- | C] () -- C:\Users\Administrator\Desktop\Bittersweet Dirt Off Your Shoulder.mp3
[2009/08/29 12:39:02 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/29 12:39:02 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/29 12:39:02 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/08/28 18:21:52 | 01,197,980 | ---- | C] () -- C:\Users\Administrator\Desktop\DSC_0603.NEF.jpg
[2009/08/27 13:59:25 | 00,008,165 | ---- | C] () -- C:\Users\Administrator\Desktop\golfy.ods
[2009/08/23 17:28:53 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Atlus
[2009/08/23 17:28:49 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2009/08/23 17:28:49 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2009/08/23 17:28:49 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2009/08/23 17:28:48 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2009/08/23 17:28:48 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2009/08/23 17:28:48 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2009/08/23 17:28:48 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2009/08/23 17:28:46 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2009/08/23 17:28:46 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2009/08/23 17:28:45 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2009/08/23 13:11:53 | 14,408,120 | ---- | C] (Holdem Manager, [email protected]) -- C:\Users\Administrator\Desktop\HmBetaUpdate.exe
[2009/08/19 23:06:12 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\HDRsoft
[2009/08/19 23:02:09 | 00,001,765 | ---- | C] () -- C:\Users\Administrator\Desktop\Photomatix Pro 3.lnk
[2009/08/19 23:02:08 | 00,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro3
[2009/08/17 22:27:09 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\My Battle for Middle-earth Files
[2009/08/17 22:24:06 | 00,002,031 | ---- | C] () -- C:\Users\Public\Desktop\The Battle for Middle-earth (tm).lnk
[2009/08/17 22:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2009/06/11 20:46:33 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/06/11 20:46:33 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/06/11 20:46:33 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/05/03 15:36:35 | 00,138,944 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/02/01 13:39:21 | 00,000,082 | ---- | C] () -- C:\Windows\mafosav.INI
[2009/01/08 22:46:13 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/07 22:48:21 | 00,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/01/07 05:22:08 | 00,008,303 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2006/11/02 11:23:31 | 00,000,311 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 09:43:04 | 00,062,464 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/11 04:33:58 | 00,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2004/08/13 10:56:20 | 00,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/09/16 00:35:49 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/09/16 00:30:07 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/16 00:30:05 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/16 00:30:03 | 00,000,256 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/16 00:30:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/16 00:29:57 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/16 00:28:24 | 04,242,432 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/09/16 00:28:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/09/16 00:28:23 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/09/16 00:16:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/09/16 00:16:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/09/16 00:16:14 | 00,011,264 | ---- | M] () -- C:\Windows\System32\drivers\uzi3nzc1.sys
[2009/09/16 00:11:11 | 05,125,238 | ---- | M] () -- C:\Users\Administrator\Desktop\avz4.zip
[2009/09/16 00:03:57 | 00,354,396 | ---- | M] () -- C:\Users\Administrator\Desktop\SysProt.zip
[2009/09/15 20:47:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/09/15 20:47:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/09/15 19:06:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/09/15 19:06:12 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/09/15 17:14:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/09/15 17:14:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/09/15 15:07:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/09/15 15:07:39 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/09/15 14:39:39 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/15 14:39:39 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/15 14:39:39 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/15 11:00:11 | 41,158,093 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/15 11:00:11 | 00,105,246 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/15 07:15:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/09/15 07:15:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/09/14 18:48:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/09/14 18:48:07 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/09/14 17:05:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/09/14 17:05:32 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/09/14 12:20:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/09/14 12:20:24 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/09/14 00:25:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/14 00:25:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/13 11:25:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/13 11:25:45 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/13 11:01:44 | 00,008,165 | ---- | M] () -- C:\Users\Administrator\Desktop\golfy.ods
[2009/09/13 09:48:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/13 09:48:07 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/13 01:40:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/13 01:40:51 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/12 12:56:45 | 00,336,385 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/09/12 00:09:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/09/12 00:09:14 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/11 13:21:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/11 13:21:20 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/09/11 00:36:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/09/11 00:36:49 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/09/10 19:05:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/09/10 19:05:31 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/09/10 16:29:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/09/10 16:29:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/09/09 17:36:33 | 00,199,640 | ---- | M] () -- C:\Users\Administrator\Desktop\1252510728891.jpg
[2009/09/09 15:04:24 | 00,016,800 | ---- | M] () -- C:\Users\Administrator\Desktop\asa2.jpg
[2009/09/09 15:03:49 | 00,017,110 | ---- | M] () -- C:\Users\Administrator\Desktop\asa1.jpg
[2009/09/08 00:28:12 | 00,000,508 | ---- | M] () -- C:\Users\Administrator\Documents\My Sharing Folders.lnk
[2009/09/02 23:29:20 | 00,132,344 | ---- | M] () -- C:\Users\Administrator\Documents\tij11v.wav
[2009/09/02 12:53:07 | 00,026,624 | ---- | M] () -- C:\Users\Administrator\Desktop\TimetableY2S109.doc
[2009/09/01 23:15:01 | 00,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2009/09/01 23:15:01 | 00,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2009/09/01 23:15:01 | 00,000,760 | ---- | M] () -- C:\Users\Administrator\Desktop\Osmos.lnk
[2009/08/30 19:11:00 | 00,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Lightroom 2.4.lnk
[2009/08/30 17:56:12 | 06,083,274 | ---- | M] () -- C:\Users\Administrator\Desktop\Bittersweet Dirt Off Your Shoulder.mp3
[2009/08/28 18:21:52 | 01,197,980 | ---- | M] () -- C:\Users\Administrator\Desktop\DSC_0603.NEF.jpg
[2009/08/28 14:38:22 | 24,689,600 | ---- | M] () -- C:\Windows\System32\mrt.exe
[2009/08/28 13:39:07 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/08/28 11:15:30 | 04,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/08/26 22:35:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/26 22:35:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/25 22:12:50 | 00,100,352 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/23 13:12:42 | 14,408,120 | ---- | M] (Holdem Manager, [email protected]) -- C:\Users\Administrator\Desktop\HmBetaUpdate.exe
[2009/08/19 23:02:09 | 00,001,765 | ---- | M] () -- C:\Users\Administrator\Desktop\Photomatix Pro 3.lnk
[2009/08/17 22:24:06 | 00,002,031 | ---- | M] () -- C:\Users\Public\Desktop\The Battle for Middle-earth (tm).lnk
[2009/08/17 12:59:09 | 00,097,068 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/09/14 12:17:22 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming
[2009/06/23 20:24:11 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\3M
[2009/08/23 17:28:53 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Atlus
[2009/01/10 11:44:44 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bioshock
[2009/03/26 18:33:47 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Broken Rules
[2009/05/25 22:17:43 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2009/06/23 20:23:03 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2009/08/19 23:06:12 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HDRsoft
[2009/06/17 14:10:18 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mIRC
[2009/08/18 22:53:08 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\My Battle for Middle-earth Files
[2009/03/30 15:56:04 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2009/08/12 20:24:23 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PTGui
[2009/09/06 21:07:06 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\teamspeak2
[2009/06/19 22:45:00 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tibia
[2009/09/09 00:15:18 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2009/01/28 01:05:07 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ventrilo
[2009/09/16 00:30:00 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/16 00:28:27 | 00,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/16 00:30:03 | 00,000,256 | -H-- | M] () -- C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

extras.txt:
OTL Extras logfile created on: 9/16/2009 12:37:41 AM - Run 1
OTL by OldTimer - Version 3.0.14.0	 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.02% Memory free
4.00 Gb Paging File | 3.01 Gb Available in Paging File | 75.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 5.33 Gb Free Space | 7.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.76 Gb Total Space | 0.63 Gb Free Space | 16.62% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GDAYBRU
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1654579155-3963353159-2717170993-500]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1227EE89-AFCE-410A-B4BF-901CA55A62F0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{394BD173-B18B-46E6-AEA2-795D87C1FB59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{494C3D20-3810-41A6-B6BC-66F8A5CE4FF3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4C24421F-53D5-46DB-80DE-463C73543E66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4EF74D32-2857-4103-9567-229DEEC49972}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7B4A08E6-9434-42BF-A942-C2FE245F151F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7BCF842A-008D-48AC-A9CA-A7B71C38A3C5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7C5C1EFE-25F7-4115-9775-4CEAEADF3667}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7D78E2B2-24BE-4A84-BADB-CA63784DCFCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{840C4611-F588-4271-AAAE-CA0F58DF320F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{94ADCD3B-9421-42FA-A50A-76F67C90C5B9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9EA11174-A6E5-4025-A6F8-6B8A778C357D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A55C18E1-606F-4739-8C1F-6920BC3DE1BB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AD0CB114-20C2-431C-BB69-6FDBC6173D17}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CFBE7FDB-55B4-49DD-BB8F-CE855D77CC3C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D92A1AC4-1F1F-4818-BA18-5CDF5C61BBDE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E19EC7B7-23FF-42EA-BABE-14C05E4D39EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E662AB29-545C-43EC-BA8B-91E827627DAE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EA99C2BC-F472-4467-9BF2-625229761AAE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{F8FD4C9A-A433-43D7-9DD3-5BD81FAF6C62}" = rport=138 | protocol=17 | dir=out | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02008B63-DDF2-4674-8F0D-FB216CA2D7DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{029637E5-528A-4FDC-AA13-0B2E57C24C19}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06443C1F-8D2B-42DD-B58C-D3506AA613AE}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{06D55E84-36F9-4BDB-9EF0-B9DAA80F4EA2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{06F3C180-A9F5-491B-BD15-119CB5EB8A11}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0906975B-E96B-4437-AA0B-A6A9B2DBC831}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{09856F4A-2AE6-48E3-BAA4-5308F45A79EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A7B9E78-EE9F-44A1-B064-196639757B58}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0BC87BDE-2AB7-42AE-9416-36542B964E66}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0BF3D38F-040D-4D6B-BB85-8DA565F75030}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0D6F0D66-4464-4C00-A9BC-DF300B61045F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\peggle deluxe\peggle.exe | 
"{10F15FBD-2ADA-406F-A3BA-EF99A8244540}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13BD20AD-E585-4841-B358-1D42275588E4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{16D4003A-298B-4B10-B0ED-7534B9FA7AFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{187E8925-76A7-4740-87C6-41BF6154C563}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1AC0B5D5-678C-4270-A598-BC69880F7F7E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B29E5E3-7362-481C-AC91-E3FF19827E0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{202F4EB8-C2CF-4C85-BAF6-207D36E8FCCE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{208EFE58-E26B-47F4-AE05-5B41621DE9B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21771214-A57A-4827-AC40-F35A5F4BAC39}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23C64492-C8CB-43F7-91C2-2D7AD578A271}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{27EDD641-F119-46CA-8147-90FB8F59034F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28C748B8-4950-4478-8972-8643DE647513}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A73FD68-90F3-4113-8FFA-1A701E3B541A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2B58CB55-80E2-47DE-9834-50D3F87E0C3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2B5DFCE2-771F-4377-8C36-82EA087CD11C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E5FEE88-0BCE-4C7A-8924-1E23C8ACA06F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{324FEB5D-D5C2-4C53-800A-03984560FF32}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33E523C2-370A-482C-B05B-55EE7748232C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{358BB42C-4A2C-44C2-A815-CA51ADE0525E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{369882B8-2B6A-47B1-8635-E52434DD72CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{383EE5C6-180A-42EB-A33A-8C681CF7A98B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3A0DDB3C-8794-4584-9C20-466FFB70095A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3A7899BB-ADF4-4CCC-A099-EC301CAD620F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3AE6B0B7-CE60-4188-8006-3B75D1E77B42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3CA9147A-4A5C-46DF-8923-C86FD0C5AC3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3CE8121E-94CC-4DB2-8F41-00A700A6C44D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EC03B6C-5696-4714-9BB5-2D0CCCE5733D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F38914A-748E-4C39-8420-602790ADFA18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F82FC94-F6AD-4F9A-9E3A-0A21D0FD1149}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{43D60696-C490-4C8D-961D-32B24239216F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{43DFE05F-8A27-457A-A0B4-B43DE71EB652}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{45DAF818-0399-4717-871E-50C663D0B027}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4891B038-1741-4B20-BD20-A2B3E314EABA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A2EE61D-D2F7-4155-8D8A-4035FD1B7C3D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4B22F56C-D3AA-415D-9CF5-006E07E31CA8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\peggle deluxe\peggle.exe | 
"{4EF03982-486F-4075-946C-75290283B83E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{501726BB-56DB-4DE0-9ACE-C585F31317C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{50581AFA-0431-47D2-9878-11B1AAA1DE55}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{508D32DD-B679-44B4-89ED-1809BF063D2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53E618A8-61B3-4164-BA80-0AC77F62ABCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{580DE614-43D5-4185-89EB-1ED294C3BBF2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58F55F1E-0242-483E-9652-96AA300CF55E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{59F54CED-8DAA-4218-82CC-37BD18A9A109}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5A6332D4-43BC-4034-9386-5DA097615A17}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5B365469-3A64-4671-80F7-48ABF5151879}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C4A09DD-9B83-49FF-A1D6-8308A4E19A08}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61F0CE23-1E49-4D6C-B7C5-F5A2308F555A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6369A41F-CC4C-4D77-B937-0FEDD358FAFD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6391C794-E2E0-4D83-9750-C5046280C7C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{65A42BE7-6BCD-4898-95A1-5073D860FA37}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6642F9DA-3D18-4146-8FF3-99FF38DCEEC4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{685B1BA1-267C-4746-8CB4-B3F146FCD398}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{69CAF089-C63D-4EE2-BD43-1CFCF0D9D405}" = protocol=1 | dir=out | [email protected],-28544 | 
"{6DA87997-6233-479A-A92A-9C095F0C0F05}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6EF7AA4D-8830-4DAC-8230-4CEFAE338A47}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{700862FA-C720-4097-81D2-8F47C5138714}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{70C1056A-75E5-4289-BC75-3CF107D52FB9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{70EA916E-011B-4DCE-AEF7-092CBA5DF072}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{743D9611-BD23-4001-B058-989446EB7CA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{75E80EC2-F308-4769-AD30-C8FE88FA0DF4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7603989E-83FA-4554-A28B-7E223C60CEEC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{793470A7-717B-4F2C-8A42-FBB5EE45D544}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{799DC2DE-0CFC-4975-B34B-4D9ED25F14DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A13237E-8E48-47CF-B6EA-337ADDA7167B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A901CE8-8BD1-45A7-BB7C-2E51D5629728}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7B0A78B1-BC4D-4FA4-A3D3-A269DAE174EF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FC46F81-3600-4A53-9AD3-03E01CF7749F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{80452D39-612E-4817-B967-BFCE13935C25}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{80A389C3-45C3-4DAD-AADD-EEB2A6243FBF}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | 
"{80D98E9E-15DA-4318-BB39-A3E56898359C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{828B934A-A5A5-47F6-BD00-A735BEC3DAA9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{843EE5BD-4B7C-48EE-BDAC-3355C63DAF16}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{85838765-9C84-4026-83A5-8BC6802B3873}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{85949895-54A6-4263-9376-4A97C8BAABE9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87053AE7-A444-4625-ABE8-F461A8CE5B3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87BF6F2A-DD3E-4FE1-A343-1C13DCF4C202}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8C16A375-1B5D-4491-B567-A44F53198DE5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{8D6732FE-26EC-4955-AA35-4B97AFEC63B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8EBF4406-9D3D-4BEE-ACE6-8F18D2B994A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9063F037-FF88-4C13-8248-7D7A327E5D1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{917D479B-8A7F-4BC1-8E94-93BDDA57DFC9}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{92FEB4FD-BBF8-4934-AC3F-AE8775F20B57}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{939D2075-96D8-410B-858B-82E4104437B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94A2E864-DE19-434A-AFF3-C388DB1F2150}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9517AC22-EF71-49E9-8CEB-DAEE1640BDE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9813C7E6-39CE-4A62-9047-DDEEBFD32435}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98B152CF-164A-4D16-BBFB-509129958A81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{99B53F9A-1887-4E75-AC77-DA7BC90C705E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9BABC383-0087-4845-895D-9CE3602B2B00}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{9BDF1523-2992-4B0A-85B9-8E843B98BDBB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CF983C7-DE31-4D5E-AF58-8075DFB4AFB2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9FB961F5-142A-47CF-8AA0-C7441BC00D1D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A0731E87-76AC-46C1-9856-3AF0D1D56EED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A098B909-5C09-43B8-A50E-18F1ACE1AFFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A790E36F-526F-4ABA-92C9-ED2445CE8CE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A97E8AC0-0387-45B6-8854-9BA02B420B45}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{AA3E4437-A3D3-461C-B35E-5DE918904BE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AAAD3D6D-2E86-4D3F-AC3D-4503FD9E5FD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE3C4D4F-2307-4A73-9918-793D88859D54}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AF5F2E24-21AA-41EA-AC71-229C283C0936}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B131B855-28C0-4931-A8AB-8B9EC0BC8D26}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B15C5C08-831C-43E6-BDF8-681A45CB0606}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B3D166A5-367B-40B9-9666-F0CF485481E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B51BB3D1-539A-489A-8C0E-C66497F5E24C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B69A8B70-5770-403B-9635-B4913D09B5C6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{B8890F8C-A1A8-4104-85D8-3D5F640C4DD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B962B892-D316-4DFC-A499-50C2F9A09786}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B9BF3611-53DA-48D0-A928-454C865D778A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BA7ADF10-9456-4F8D-A39E-3C15F275E4DA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{BAB837AF-E603-4FF4-86D0-4BD8E400BCA1}" = protocol=58 | dir=out | [email protected],-28546 | 
"{BBBC326B-A342-4828-B654-53D5F28415DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BD534AFE-B0AF-4D41-A6B1-BD8D09D2BCC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BE7EDA54-F238-486F-B076-6613808C6104}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF1064E0-EC3E-4D08-9941-F206D6E6DF6D}" = protocol=58 | dir=in | [email protected],-28545 | 
"{BFCE1930-87E3-4E46-A271-C4B8A813DF2A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C082FB34-4547-46AB-BA2F-639B2AD51DFF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C12301A4-0E63-4990-8D40-FA2014AB9683}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C2535BB8-D0C0-47A8-A56F-907A3E2C076E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2D73515-9E04-4FA5-ACDB-A55EF8197962}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C597823C-8317-4AB7-B185-38AF55A8D98D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\osmos demo\osmosdemo.exe | 
"{C62843C6-9B4D-4231-AE94-26E6D866E7AC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{C6BC0B6A-8513-4F0F-A689-CA7160872DA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C709D216-E8D1-48A7-88CE-F6E30A63E376}" = protocol=17 | dir=in | app=c:\program files\ea games\the battle for middle-earth (tm)\game.dat | 
"{C9CDC0BA-128F-479C-BCC7-B4711143B92C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{CD8A5180-53F5-43D6-B6BE-340CC5C8BBB8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CF682C21-7A0C-44A6-9CE5-25FE0F778B52}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CF9FE22B-001B-4AC7-8568-84700DF17AFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D074345F-FF36-4587-A3DA-FE19E015BA9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D133E3DC-C2E2-47CA-97D3-6B03BA84ED07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D2BAF581-934E-42EF-A28B-B4097C7BA030}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D531657B-A796-459A-A815-FC3E25920AA0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D566E859-5CBB-40FC-BB93-556E97CF4807}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5916BA3-AAEC-4FB7-A2B7-320B8E45CB2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6FF0FCA-FA0E-4F18-B681-6482C4DE2F71}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{D844DB5C-C6C5-4225-8032-A3970696769F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D9F371C7-404E-41AB-9C29-00105A4796AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA4F9774-2C53-4561-A183-DB2E2751F28E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DAABA187-4C46-42EE-9509-3AC2E1B2ADAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD9C03E6-8C3C-48F1-8135-D60B4D06DD08}" = protocol=6 | dir=in | app=c:\program files\ea games\the battle for middle-earth (tm)\game.dat | 
"{DF10EE15-438D-4209-85D6-5AEB14D18D87}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E0691DBA-88C1-4B0A-BF8B-061680247832}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E0B673FF-4BC7-4EF7-A71F-069893A69FB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E17CAA33-3712-484D-8ED3-63F5AD47A5F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E1A2E0DC-0504-4189-9E79-FFBB20CEDC78}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3FCBD4B-3CDE-4C70-9802-658979505732}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E4179D0D-AE79-425D-9312-B6D743C94EEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7DAACE7-0652-442B-99CF-0CB6C112F8D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E93E64E4-1012-4346-9F05-FEEB97352CC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9FA73D9-4CA4-4A6F-8724-C1A0DA8222AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EB0A7CBF-4D91-44C8-B726-84978389272B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EC0F67E7-B6C0-43D6-9E20-76083CA48199}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF0BE23A-5DEE-4677-9C6D-C98743067E40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F24EFBEB-218B-463E-A5DF-BE06E34F016C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F2C24518-08AF-4FCB-AD72-42BD407B958E}" = protocol=1 | dir=in | [email protected],-28543 | 
"{F3FE99DA-8CB6-4975-AE99-00CDCF4520C7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\osmos demo\osmosdemo.exe | 
"{F5F12AE8-343E-4252-8908-1AC752672D7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F5F7D8B6-7BD5-485C-AEAE-8769BB932B7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FB183718-7FDD-4758-BD60-B18E59C5BD98}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FBC5119D-38B1-4E33-A28E-4D5570370811}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{4AEEA569-C44C-4D3C-BC26-1ECC6CE63C3D}C:\program files\ea games\the battle for middle-earth (tm)\patchget.dat" = protocol=6 | dir=in | app=c:\program files\ea games\the battle for middle-earth (tm)\patchget.dat | 
"TCP Query User{4E3D2621-49E0-4742-8543-5822825CF512}C:\program files\steam\steamapps\crocodilius\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\crocodilius\team fortress 2\hl2.exe | 
"TCP Query User{554A5DF0-6FB3-466A-9331-4501220E0EA5}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{5642D888-A4D2-4A7B-9C31-1975246F030D}C:\program files\steam\steamapps\piroozali2\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\piroozali2\counter-strike source\hl2.exe | 
"TCP Query User{56DF7078-31A6-4D1D-A1E0-6B52EC1BC548}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | 
"TCP Query User{76080775-641E-47BC-90BE-00BD4D1E3FBC}C:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe | 
"TCP Query User{76F3E745-9979-449A-84EE-6688B5F5FE62}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{829D011B-F33E-45F3-9273-B61DB4C2BCF1}C:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe | 
"TCP Query User{90B9F76C-058D-438E-AB1F-3DB29FA4D395}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | 
"TCP Query User{92687241-089C-45F4-A4DD-3B628E0E8BC6}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | 
"TCP Query User{945E38CB-5CEC-44EA-B580-CCB746F6CC79}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{96A9F518-DF16-44AA-9329-8B3EE34F7C33}C:\users\administrator\desktop\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\diablo ii\game.exe | 
"TCP Query User{9712DE22-6CED-45BC-8A1D-191F56096EAD}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{A4761F8C-E36D-4D64-BDCD-758FF88106A9}C:\program files\b2bpoker\5betpoker\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\b2bpoker\5betpoker\jre\bin\javaw.exe | 
"TCP Query User{C59ED34E-F57C-4BC4-9BF1-5888BD2398B3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{D9F4F08B-F906-4F52-A742-8D159913A9A5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{DCFBFCF4-9888-4C37-8776-65A154C679B8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{1DEAB577-5E7C-48BA-B5E1-71FB2A930060}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{4049910E-2514-44D3-80ED-6E870F46A256}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | 
"UDP Query User{52BDF11A-A93A-47D8-9AF5-7FB003A7873C}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | 
"UDP Query User{6D730E24-C2D1-4586-B84E-1D1790630FAB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6DBA8545-BA92-4A54-BDFE-F5C75DA6A65F}C:\program files\ea games\the battle for middle-earth (tm)\patchget.dat" = protocol=17 | dir=in | app=c:\program files\ea games\the battle for middle-earth (tm)\patchget.dat | 
"UDP Query User{814EF05A-8DDB-4079-9AB2-CD3788EE0038}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{88B35EC6-9641-45C0-90C4-D58A18FCB8DE}C:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe | 
"UDP Query User{8BF690DA-3451-489B-A038-12CDD0FA8E35}C:\program files\steam\steamapps\piroozali2\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\piroozali2\counter-strike source\hl2.exe | 
"UDP Query User{9D4F5BA2-F754-4E4B-8B42-2AD50B67B364}C:\program files\steam\steamapps\crocodilius\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\crocodilius\team fortress 2\hl2.exe | 
"UDP Query User{A90CF645-E799-4674-88AB-8351C21FDDCF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{BB990305-04C6-4ABC-914D-EF20A5AD774B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{CA3C6C53-C497-489E-B3DA-D47AFFB4D4E5}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{D3FAD91A-B29F-4934-9CDF-19A155CC0489}C:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\crocodilius\counter-strike source\hl2.exe | 
"UDP Query User{DD42D858-0F13-40A6-838C-251CF13521D1}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{E877044C-5E0D-48AB-99BB-B6B88853DE09}C:\program files\b2bpoker\5betpoker\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\b2bpoker\5betpoker\jre\bin\javaw.exe | 
"UDP Query User{EF3928DE-0235-4AAD-A3D2-A2A5CB4AC399}C:\users\administrator\desktop\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\diablo ii\game.exe | 
"UDP Query User{F269B920-2884-4501-B4B7-4A773045CFE5}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{10AB76C4-BE3C-44ED-A902-885BBF37B4C0}" = ASIX AX88772 Vista 32Bit Driver
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33FF2328-8CE0-425E-AEDC-BEF9AED09153}" = Tourney Manager
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{3EB3B7E8-1466-405A-B5BC-44513AF85E34}_is1" = UltimateBet
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = The Battle for Middle-earth (tm)
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup
"{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}" = Adobe Photoshop Lightroom 2.4
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.21
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AFC02C27-473F-4EC5-9372-30771EFFB35F}" = VC80_CRT_x86
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AudibleManager" = AudibleManager
"Autopano Pro" = Autopano Pro
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner (remove only)
"InstallShield_{10AB76C4-BE3C-44ED-A902-885BBF37B4C0}" = ASIX AX88772 Vista 32Bit Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mIRC" = mIRC
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PartyPoker" = PartyPoker
"PartyPokerNet" = PartyPokerNet
"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2.1
"Picasa 3" = Picasa 3
"PropagandaPoker" = PropagandaPoker
"PunkBusterSvc" = PunkBuster Services
"Soulseek" = SoulSeek Client 156c
"Steam App 11020" = TrackMania Nations Forever
"Steam App 240" = Counter-Strike: Source
"Steam App 29200" = Osmos Demo
"Steam App 3482" = Peggle Deluxe Demo
"Steam App 400" = Portal
"SysInfo" = Creative System Information
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR archiver
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"uTorrent" = µTorrent
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

thanks in advance

Edited by Alex1111, 15 September 2009 - 06:00 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP