I had a virus about 6 months ago and have to admit that I didn't do anything about it, other than attempting to delete it using the free version of 'Avast'. Initially, my computer literally wouldn't work, but after performing this step I had the basic functions of my computer back, which I have been using ever since. I have tried to restore the files using free software recommended on a forum (can't remember the name of the forum or software used, sorry!) but with no luck.
6 months on and it's still very unresponsive, and I've still got lots of missing files (mainly word documents, music files, pictures etc.). Until very recently I had no Start menu either, but I ran the unhide.exe program I found on another forum site and it seems to have worked. The main problem for me is that my graphics card appears to not be working properly. It has major issues establishing a connection whilst video calling someone on Skype, and won't play any games that require at least some level of graphics card, when it definately used to!
I'm sure someone can help as I've used this site before and got a solution. I will post the OTL reports I received below this text. As well as the initial 'OTL.txt' report, I also got an 'Extras.Txt' report that I will post aswell.
OTL logfile created on: 20/05/2012 22:04:52 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Grizzle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
892.46 Mb Total Physical Memory | 223.54 Mb Available Physical Memory | 25.05% Memory free
2.01 Gb Paging File | 1.10 Gb Available in Paging File | 54.74% Paging File free
Paging file location(s): c:\pagefile.sys 0 0s:\pagefile.sys 16 1300 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.95 Gb Total Space | 24.75 Gb Free Space | 23.58% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.40 Gb Free Space | 95.54% Space Free | Partition Type: NTFS
Computer Name: GRIZZLES-LAPTOP | User Name: Grizzle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/20 22:03:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Grizzle\Downloads\OTL.exe
PRC - [2012/05/20 21:56:06 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Grizzle\Downloads\unhide.exe
PRC - [2012/05/08 23:47:36 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/22 13:34:50 | 002,408,448 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/25 02:32:59 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2007/11/28 16:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
PRC - [2007/11/14 15:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/10 11:00:00 | 000,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006/05/24 07:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/14 15:10:39 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/14 15:06:09 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\24556241d64589a6b95b7eaa7432295b\System.Web.Services.ni.dll
MOD - [2012/05/14 15:04:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/14 14:24:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/14 14:23:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0ed12b32a03191e6415e12a061aeef5e\System.Windows.Forms.ni.dll
MOD - [2012/05/14 14:22:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c653820b5a3858c99eb5e524b1a71440\System.Drawing.ni.dll
MOD - [2012/05/14 14:16:56 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/14 14:15:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/05/08 23:47:35 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/20 11:29:25 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2007/11/28 16:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\C&E\OSD\OsdService\OsdService.exe -- (OsdService)
SRV - [2012/05/08 23:47:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/05/24 07:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SISGRKMD.sys -- (SiS6350)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Grizzle\AppData\Local\Temp\pnicml.sys -- (pnicml)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys -- (cKBFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\C&E\OSD\OsdService\ceio.sys -- (CEIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\C&E\OSD\OsdService\cebuffer.sys -- (CEBFilter)
DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/06/25 12:32:58 | 000,175,576 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2009/06/25 12:32:58 | 000,009,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2009/06/25 12:32:58 | 000,009,560 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2008/11/24 00:05:52 | 000,021,672 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008/11/24 00:05:52 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/10/09 13:46:21 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/01/21 03:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/12/10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007/12/10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007/12/10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007/12/10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007/12/10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007/12/10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007/12/10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007/11/15 21:09:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007/08/07 22:39:00 | 000,283,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2006/09/27 04:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/02 07:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADBS_en
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Grizzle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/08 23:47:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/07/04 17:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grizzle\AppData\Roaming\Mozilla\Extensions
[2012/05/02 20:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grizzle\AppData\Roaming\Mozilla\Firefox\Profiles\et4eyd27.default\extensions
[2012/04/26 00:18:32 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Grizzle\AppData\Roaming\Mozilla\Firefox\Profiles\et4eyd27.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/09 16:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/18 21:56:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/08 23:47:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/08 23:47:34 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/24 14:58:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/08 23:47:34 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/08 23:47:34 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/08 23:47:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/08 23:47:34 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
O1 HOSTS File: ([2009/04/06 16:22:27 | 000,304,259 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10481 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpareMessaging] C:\Program Files\Spare Messaging\MessagingApp.exe ()
O4 - HKCU..\Run: [GameShadow] C:\Program Files\GameShadow\GameShadow.exe /q File not found
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [yHafnqNqpiqS.exe] C:\ProgramData\yHafnqNqpiqS.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CC8A12E-0595-46FA-A8D6-C9B508FC1557}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA71C4D1-05BE-42C3-B612-7DEC0507F700}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Grizzle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Grizzle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f64a572-688d-11de-be0e-001644d88bec}\Shell - "" = AutoRun
O33 - MountPoints2\{0f64a572-688d-11de-be0e-001644d88bec}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{0f64a573-688d-11de-be0e-001644d88bec}\Shell - "" = AutoRun
O33 - MountPoints2\{0f64a573-688d-11de-be0e-001644d88bec}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{0f64a58b-688d-11de-be0e-001644d88bec}\Shell - "" = AutoRun
O33 - MountPoints2\{0f64a58b-688d-11de-be0e-001644d88bec}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{78de747c-721d-11de-9360-00030d99e1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{78de747c-721d-11de-9360-00030d99e1ef}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{78de747e-721d-11de-9360-00030d99e1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{78de747e-721d-11de-9360-00030d99e1ef}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b6619e05-9600-11dd-a57f-00030d99e1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{b6619e05-9600-11dd-a57f-00030d99e1ef}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{d1116928-c912-11dd-9908-00030d99e1ef}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EpicBot
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daniusoft
[2012/05/20 18:07:05 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{1E3578C1-E2A5-4626-BC3F-ED5E9B8E9A46}
[2012/05/18 17:04:00 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{FC02EF42-0CF5-4FEB-B6F1-261156785ED7}
[2012/05/14 14:15:23 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{F562B9FD-A834-4A30-AC71-860215FCA2B4}
[2012/05/14 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{188AA393-93CE-4063-B96F-D2A6FC830D67}
[2012/05/09 19:47:43 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{C77AF45E-A34E-4303-A15E-A96A773A343A}
[2012/05/08 23:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/08 23:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/07 20:45:42 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{DA4945A5-2DA1-48D2-9EC8-D5ABE7F4B852}
[2012/05/01 20:05:42 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{938F9B0A-1FC6-490A-B34E-D27DE9A9A04D}
[2012/04/23 18:05:16 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{7E9DE419-15A8-4248-AC4A-F510CDAE518E}
[2012/04/21 11:59:35 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{2C284D28-CCAA-40C3-8CCB-AECB1E78D5B5}
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/20 22:04:05 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 22:04:05 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 21:47:50 | 000,000,680 | ---- | M] () -- C:\Users\Grizzle\AppData\Local\d3d9caps.dat
[2012/05/20 18:03:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/19 12:41:25 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegistryConvoy.job
[2012/05/14 14:10:26 | 000,327,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/14 13:39:24 | 000,631,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/14 13:39:24 | 000,118,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/08 19:33:08 | 000,003,790 | ---- | M] () -- C:\Users\Grizzle\Desktop\Documents\Guitar1.jpg
[2012/05/02 21:21:27 | 000,002,595 | ---- | M] () -- C:\Users\Grizzle\Desktop\Microsoft Word.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/20 22:12:00 | 000,000,943 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/20 22:12:00 | 000,000,943 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/05/20 22:12:00 | 000,000,875 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/20 22:12:00 | 000,000,258 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/20 22:12:00 | 000,000,240 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/08 19:32:56 | 000,003,790 | ---- | C] () -- C:\Users\Grizzle\Desktop\Documents\Guitar1.jpg
[2011/11/05 21:22:33 | 000,000,312 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/05 21:22:33 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/05 21:22:21 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/24 19:16:45 | 000,000,011 | ---- | C] () -- C:\Users\Grizzle\AppData\Roaming\RSBuddy Login.ini
[2011/07/27 00:05:34 | 000,000,336 | ---- | C] () -- C:\Users\Grizzle\AppData\Roaming\RSBuddy_ThenWhenson.ini
[2011/07/26 22:11:48 | 000,000,048 | ---- | C] () -- C:\Users\Grizzle\AppData\Roaming\RSBot_Accounts.ini
[2011/06/17 21:39:46 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/17 18:49:33 | 000,000,552 | ---- | C] () -- C:\Users\Grizzle\AppData\Local\d3d8caps.dat
[2010/07/13 18:57:57 | 000,017,408 | ---- | C] () -- C:\Windows\System32\minimp3.exe
========== LOP Check ==========
[2010/10/18 16:51:30 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\BILEVSE
[2008/10/09 13:46:00 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\DAEMON Tools
[2012/04/15 21:06:06 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Electronic Arts
[2012/04/15 19:02:13 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\GetRightToGo
[2010/10/17 19:31:08 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Gogii
[2012/04/15 00:25:52 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\HandBrake
[2010/10/18 19:20:16 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\IObit
[2009/03/09 21:44:58 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\LimeWire
[2012/04/16 11:12:09 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Publish Providers
[2012/04/16 11:36:28 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Sony
[2011/09/20 09:50:32 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Spotify
[2011/08/29 01:28:43 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\TS3Client
[2011/08/28 23:12:54 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\ts3overlay
[2010/01/03 16:21:40 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Ulead Systems
[2012/05/20 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\uTorrent
[2009/06/07 13:02:15 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Windows Live Writer
[2012/05/19 12:41:25 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\RegistryConvoy.job
[2012/05/19 22:40:48 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 20/05/2012 22:04:52 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Grizzle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
892.46 Mb Total Physical Memory | 223.54 Mb Available Physical Memory | 25.05% Memory free
2.01 Gb Paging File | 1.10 Gb Available in Paging File | 54.74% Paging File free
Paging file location(s): c:\pagefile.sys 0 0s:\pagefile.sys 16 1300 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.95 Gb Total Space | 24.75 Gb Free Space | 23.58% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.40 Gb Free Space | 95.54% Space Free | Partition Type: NTFS
Computer Name: GRIZZLES-LAPTOP | User Name: Grizzle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011B7F96-C38D-4D00-9DF5-CE6491707383}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{03F7958A-FC4E-42CA-B052-2D4CB6CACA48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{063C6028-876F-48CE-85CF-5565F7CF45A6}" = rport=5358 | protocol=6 | dir=out | app=system |
"{102E82BB-54B4-4980-AE69-41E9AC65937B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15E07899-8E58-4BB7-8112-0B8785A73AD1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EE22C98-634A-40BE-90AC-D08AC26F4D51}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F7575BE-928D-4848-94F5-CB85B6B4AC56}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2E9670D6-75CE-4DAB-AABF-FCA55A43DFC6}" = rport=5357 | protocol=6 | dir=out | app=system |
"{2F5DC678-FEA1-4DE7-A2F8-7564BD4FA27A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{323524C3-A056-453E-9BAE-26FC1ABA7AC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34B42122-140F-42EB-ABD3-6F8A28B99168}" = lport=139 | protocol=6 | dir=in | app=system |
"{35D4B6F3-AA4B-4485-9837-5953EA4805DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{428A1736-383C-4BC2-9A14-1AB91FDA0A58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43BEEAED-B3F0-46B6-9520-8D2B47E4C179}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D021EF9-41D4-4C18-8EE7-656D8C12FE5B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4F5F23D0-A7AA-4AF7-9C94-3E60828AA282}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5031DE94-3F8F-4A43-91CD-C48201F4F16C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5B7F822F-6731-48A9-BA86-3C9D2C9CF630}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5C977FF8-5E02-4DD6-8333-51205717F302}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E5158CA-8600-4B57-82CD-E7329F6EF3C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{66E82A91-65A2-4FDA-8473-67B46EB10CA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{68DCD3BB-483C-406D-A322-896926493C0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F7CF263-5804-416A-AB43-923200D6DE52}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D7D1AF6-FB0C-4183-8DCF-C1C68A21DD49}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81B39BEC-0792-40DB-BF0A-A7FF9DAB1FCC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{85F8461E-E0DA-4CB4-86F7-63871C303F8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{913E42C7-8AF8-4DA8-BCEE-2843D497DC05}" = lport=10243 | protocol=6 | dir=in | app=system |
"{96EC068A-7D1C-4B7C-B84D-016010B53302}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{9E630E12-8445-4379-8A47-51043860AB29}" = lport=5357 | protocol=6 | dir=in | app=system |
"{A1D54193-2493-40C0-AF7E-003DA236F348}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A2FD8E77-FE4D-451D-9365-802FA7B4AB7C}" = rport=139 | protocol=6 | dir=out | app=system |
"{A9374DDE-877F-4126-9E41-C8FAC4CAB9BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1605F92-6812-4BAD-B6EA-7F5206C2D917}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C73D2CAC-BD7C-44D8-A2F8-7AC01C0C29F3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA48DD3D-74DD-452E-9864-B883F1F0A91C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D91364A9-E30C-4326-A81F-2BDC25EB74DD}" = lport=5358 | protocol=6 | dir=in | app=system |
"{DCCEF37E-4AA1-4E1C-904A-D6E90850076A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ECE8650B-1C56-4D63-918F-6737FC8E00EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EF6FCD9A-196A-41D7-ACD9-538D59B7657F}" = lport=445 | protocol=6 | dir=in | app=system |
"{F8B262BF-1DC4-408F-922C-DA538B306491}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D90DF1-28F9-4EF6-80FB-258B49F68539}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{026ECB05-83EF-49D9-A29C-A22B288E4DD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08B72DDC-BF21-4382-A200-C66D6B9AA8F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0C30635C-36A9-4138-B85E-7372392C9774}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe |
"{116687E3-6FBC-455F-AC26-8D17906703B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14CBB497-57DA-4CE9-8B66-EBBC54C4D1AD}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{21ED5722-C201-47FD-9096-8B0E036CBBE5}" = protocol=58 | dir=out | [email protected],-28546 |
"{254FE958-2D30-44FE-BC26-3D4B33C557D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{28A7727E-C5AB-4255-AE78-088DC0D81E0A}" = protocol=1 | dir=out | [email protected],-28544 |
"{321E1778-8FEF-4D6B-AE2C-523E6BE7D2C2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{33A8DFDE-5217-4A12-A4D0-3DCC0625E703}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{33F5C981-4CDC-4523-95D8-D594B02C2420}" = protocol=6 | dir=out | app=system |
"{54050873-3EAB-4108-9E03-800836D3D4FC}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{5B17D916-F71A-483E-B989-D9EA19217769}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6624E564-5597-4BB6-9B7F-8931F4906037}" = protocol=58 | dir=in | [email protected],-28545 |
"{6BF05BA3-2D86-4FED-BE2A-A588572C85B8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6D229780-2423-4CF4-ADEC-FCE25CE4E20A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6FF4D604-B5C6-4026-BBE2-A8B89E47A8DE}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{7959E082-958E-4F45-BCF3-21507C6DA221}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C4F5AE5-90C2-4135-9DB1-39C414FB44A7}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{8EB10534-6756-4AEB-83C5-E25663DD4889}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{96554E03-5017-45C8-BAED-50A995D94479}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A5BE1D2A-3C2A-46E2-A3A6-71B1BC0E1913}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AEDCC2AF-3ABE-429F-9632-11D7B5CFB207}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B0801B1C-0F2D-41B3-8E79-2496FD44E841}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B349E2DA-9D3E-4DD7-A96E-6006064046B7}" = protocol=1 | dir=in | [email protected],-28543 |
"{B461D1BB-54C9-47EB-9888-C2AAFA133854}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{B55279E8-71F5-4124-A326-3C1C66DF396A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B58C0F50-2F48-4696-AF00-CCDF133550D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BE09F1BC-B69D-476E-85E2-D0099D7D3A3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C107794C-D77B-4CE6-897E-FE85E20FA62D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe |
"{C883557E-A56C-4EAC-A9E6-10874BB28274}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CB65121B-0F2F-4094-B873-4293CDADF61A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CD0D7B9E-11B9-43FC-B9CF-6DDA00C33BFE}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{CD0F7816-8B7E-482D-A032-8FD7845C5E08}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{CD28C370-1857-4D9A-BC2E-C6F85E94AF9E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CEED2987-9DDD-473C-96CB-7D43DF15603B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{D11369F8-273E-495D-9787-01109B1CC506}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2306FE3-509A-4CF7-9650-64F597D17761}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe |
"{D3C248A4-9E68-45E8-BD3C-5DD2918051DC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D42FDBAA-922C-49F9-92B9-285BBCE16C35}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{DE15ED25-5D30-4806-8E00-D3978401E272}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{E548ACF1-30A2-49DA-BDD5-FE57EFBE65C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EAAF55EB-5E03-4ED2-9444-364F7AF2A528}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{ED40AEF0-C5AE-4B08-9E0B-F27747FA2D88}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{EF8FCA22-B710-457B-ABCB-C77E2CEEB840}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F47F5546-A5A2-4C45-A6C0-0FA70BE19A71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F69B2DE6-9CD7-4970-8A33-447154FB97B1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe |
"{F9EA0F14-A997-46F4-9F7E-87FD6EA80337}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FDA3615C-2189-4DAC-B550-5FEEE6C444CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{12B680F2-7AFA-44E1-A891-589313138C40}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{131E1602-37C6-456B-A161-5FEB7E585727}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3ABABA8E-D6C2-4CD2-9F37-D902ACE242E7}C:\users\grizzle\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\grizzle\program files\dna\btdna.exe |
"TCP Query User{58B39EBB-33D2-4A41-9363-F92BD3A56A82}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{5FD0C117-8525-4A42-9F6A-BC72F3B7F341}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{65AD1F73-C600-499C-B7A0-F0B5202096D8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6F1EF448-5719-4074-9E73-ABB970BEDBA3}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{79D357BE-C55C-4C5F-BB64-0AD809063A08}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{7E8A1F21-72E7-4F4B-8882-582BCCD5F061}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8078E4C4-9B95-408C-9F16-48C475608537}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{933A478C-DDF9-4363-A1F4-5A0230C48FC4}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{941A80E3-D605-4CC3-B60E-F18C55692F6A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{96DB2FFD-F6C2-474E-9754-868A039CF583}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{991F79B1-6669-41BF-99C9-A6C3407A0E48}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{99478D8D-28A0-48CC-82F8-CA26C812AEC8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{A68FD514-75F3-4C5F-9C55-903D389473AF}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{E188B625-0C14-4DDA-9965-CF56760BDC03}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"TCP Query User{E2950A71-22EE-43CA-8905-22C120EE9C22}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{F6308739-01E7-4384-AFCC-3B4CD597F98E}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"TCP Query User{FFDCADB9-1A38-4C58-9AEE-570BADCE29EE}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{139E409A-22CB-4AEC-9BDA-4AB5A20EC6AA}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{148BB692-1DA1-47F9-8C0C-7A41BA443813}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2056F818-BFE3-4CC2-9961-B4CFBBEE7ACF}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{32061C43-2703-4B14-91E9-53B55F3C2D4C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{474FF107-76D9-41E7-A363-7B6F8CD30C0A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{4C05D607-2272-428C-8804-92A81580D382}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{50B1ADBE-63B4-4061-A106-D450217C1714}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{541C8F5A-C29A-4A05-AF90-5B0BC1D04C05}C:\users\grizzle\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\grizzle\program files\dna\btdna.exe |
"UDP Query User{572EA2CF-279F-4F1D-A9DE-9ED3A1A52045}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{5FAF734D-BEA6-4423-BF74-4AE84AEDD879}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{6177282C-8705-4444-AA6A-011FE44BCC36}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{71B8060B-278A-47F4-91DA-933C35A33222}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |
"UDP Query User{7D2F6170-EEDF-4E9B-9027-DF6EF1E68BAA}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"UDP Query User{A0597BCC-3B1D-4E68-AB9E-BF3F87CE470F}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{AD18C961-4134-4849-A373-01A95D2DCFE7}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{CF128F48-D06B-40F2-B4BB-0B434187D680}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{D9242BA9-090D-4ECA-AEE3-B01CC355916D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E21D1FDC-F381-4B53-9989-275901F500A0}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{FDB10F14-7229-43A6-A919-1217C144BBB0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FE47871C-B8F7-4996-B044-A476DEDDC135}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F414901-5ED4-11E1-86F3-F04DA23A5C58}" = Vegas Pro 11.0
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 26
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java SE Development Kit 6 Update 26
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EA173EC-0349-4612-9F06-2106F49DC2B2}" = Game Capture HD MP4 Builder
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB TV Device Driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"4oD" = 4oD
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Debut" = Debut Video Capture Software
"EPSON Printer and Utilities" = EPSON Printer Software
"InstallShield_{4EA173EC-0349-4612-9F06-2106F49DC2B2}" = Game Capture HD MP4 Builder
"InstallShield_{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB TV Device Driver
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NBFree Mp3 to Wav Converter v2_is1" = NBFree Mp3 to Wav Converter v2
"OpenAL" = OpenAL
"Recuva" = Recuva
"Spotify" = Spotify
"ToolBox" = NCH Toolbox
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip
"XP Codec Pack" = XP Codec Pack
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >