doing as instructed as best as i can

[echard77]

i cant get on more then 10 minutes it seems before my comp crashes. the zip folder is all the info i could gather. i cant run any antivirus or anything to try and fix my computer. whatever got into my computer is messing it up bad. so any help would be appreciated. my vista task bar and home page bars are messing up again, and i have the google re direct thing going back on. please help! i need my computer for school, and can not do my work without it. thx

 

[tom982]

i cant get on more then 10 minutes it seems before my comp crashes. the zip folder is all the info i could gather. i cant run any antivirus or anything to try and fix my computer. whatever got into my computer is messing it up bad. so any help would be appreciated. my vista task bar and home page bars are messing up again, and i have the google re direct thing going back on. please help! i need my computer for school, and can not do my work without it. thx

Hello echard77 and welcome to the forums

This sounds like a right mess! Fixing all of this will be a right pain.

1. Have you got a Vista installation DVD?
2. Have you got your files backed up?
3. Can you boot in safe mode?

I will have a look at your dumps depending on your answers to these questions

Tom

 

[echard77]

no, no, and yes..

 

[tom982]

Okay, it's good that you can boot into safe mode.

Do you have any recovery discs or anything? That came with the PC when you first bought it. Or are you aware of any recovery partition?

Can you fill out your System Specs please? With everything you know. Including changing "Vista" to something with the version (e.g. home premium) and the architecture (32 or 64 bit)

Do you need the files that you have on your computer? Also do you have anywhere you can back up your files to? We will be doing things that may jeopardise your files so it's always better to be safe

If you do, back up anything you need using this tutorial: Use Ubuntu Live CD to Backup Files from Your Dead Windows Computer - How-To Geek

I'm not allowed to help you with malware removal, so depending on the severity of the problem, I will have to ask someone else to do it for me, or I will refer you to a specialist forum

Tom

 

[echard77]

the thing is, i have all my school files and music, and personal pics on here..i have saved the pics to a thumb drive just in case. however the papers and music are way to big to store on that. my computer is rather old (4 years now) and i do not have the disks anymore, due to getting lost in the shuffle having moved across the country 3 times in those years. i really just want to be able to run a scan and get rid of whats happening, that way i can continue to run scans every couple of days or so

 

[tom982]

Okay, it's good that you can boot into safe mode.

Do you have any recovery discs or anything? That came with the PC when you first bought it. Or are you aware of any recovery partition?

Can you fill out your System Specs please? With everything you know. Including changing "Vista" to something with the version (e.g. home premium) and the architecture (32 or 64 bit)

Do you need the files that you have on your computer? Also do you have anywhere you can back up your files to? We will be doing things that may jeopardise your files so it's always better to be safe

If you do, back up anything you need using this tutorial: Use Ubuntu Live CD to Backup Files from Your Dead Windows Computer - How-To Geek

I'm not allowed to help you with malware removal, so depending on the severity of the problem, I will have to ask someone else to do it for me, or I will refer you to a specialist forum

Tom

I can't help you unless I know how is best to help you, please do these in bold.

the thing is, i have all my school files and music, and personal pics on here..i have saved the pics to a thumb drive just in case. however the papers and music are way to big to store on that. my computer is rather old (4 years now) and i do not have the disks anymore, due to getting lost in the shuffle having moved across the country 3 times in those years. i really just want to be able to run a scan and get rid of whats happening, that way i can continue to run scans every couple of days or so

Okay, I understand. Let's have a look what's wrong then. Can you boot into safe mode and run OTL for me please:

You will either have to boot into safe mode with networking OR download OTL to a flash drive and copy it across in safe mode

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Tom

 

[richc46]

Welcome
Based upon my experience and your one dump (one if rarely enough)
It looks like a driver. Take the driver verifier test


Driver Verifier Inst

Since the driver that crashed you has not been listed you shouldrun driver verifier
Please run Verifier with these settings:

Using Driver Verifier is an iffy proposition. Most times it'll crash and it'lltell you what the driver is. But sometimes it'll crash and won't tell you thedriver. Other times it'll crash before you can log in to Windows. If you can'tget to Safe Mode, then you'll have to resort to offline editing of the registryto disable Driver Verifier.
So, I'd suggest that you first backup your stuff and then make sure you've gotaccess to another computer so you can contact us if problems arise. Then make aSystem Restore point (so you can restore the system using the Vista/Windows 7Startup Repair feature).
Then, here's the procedure:
- Go to Start and type in "verifier" (without the quotes) and pressEnter
- Select "Create custom settings (for code developers)" and click"Next"
- Select "Select individual settings from a full list" and click"Next"
- Select everything EXCEPT FOR "Low Resource Simulation" and click"Next"
NOTE: You can use Low Resource Simulation if you'd like. From my limitedexperimentation it makes the BSOD's come faster.
- Select "Select driver names from a list" and click "Next"
Then select all drivers NOT provided by Microsoft and click "Next"
- Select "Finish" on the next page.
Reboot the system and wait for it to crash to the Blue Screen. Continue to useyour system normally, and if you know what causes the crash, do thatrepeatedly. The objective here is to get the system to crash because DriverVerifier is stressing the drivers out. If it doesn't crash for you, then let itrun for at least 36 hours of continuous operation (an estimate on my part).
Reboot into Windows (after the crash) and turn off Driver Verifier by goingback in and selecting "Delete existing settings" on the first page,then locate and zip up the memory dump file and upload it with your next post.
If you can't get into Windows because it crashes too soon, try it in Safe Mode.
If you can't get into Safe Mode, try using System Restore from yourinstallation DVD to set the system back to the previous restore point that youcreated.

Enable the driver verifier

www.sevenforums.com/crash-lockup-debug-how/65331-using-driver-verifier-identify-issues-drivers.html

 

[echard77]

ran otl in safe mode, here is the results. thx

OTL Extras logfile created on: 9/30/2011 10:37:29 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.56% Memory free
4.21 Gb Paging File | 3.97 Gb Available in Paging File | 94.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.38 Gb Total Space | 90.16 Gb Free Space | 31.26% Space Free | Partition Type: NTFS
Drive D: | 9.71 Gb Total Space | 1.61 Gb Free Space | 16.53% Space Free | Partition Type: NTFS
Drive E: | 2.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-336559941-1480386105-577895080-500]
"EnableNotificationsRef" = 2

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\PROGRA~1\TESTOUT\cmi\Navigator.exe" = C:\PROGRA~1\TESTOUT\cmi\Navigator.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation)
"C:\Program Files\TESTOUT\cmi\Navigator.exe" = C:\Program Files\TESTOUT\cmi\Navigator.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation)
"C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe" = C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\PROGRA~1\TESTOUT\cmi\Navigator.exe" = C:\PROGRA~1\TESTOUT\cmi\Navigator.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation)
"C:\Program Files\TESTOUT\CMI\NAVIGATOR.EXE" = C:\Program Files\TESTOUT\CMI\NAVIGATOR.EXE:*:Disabled:TestOut Navigator -- (TestOut Corporation)
"C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe" = C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095CDCAE-A633-4756-9D0E-4D7EF2234D53}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{30E1A745-1704-4F1E-BD20-B1C4B1A0BC72}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CB729AF-898E-4993-B4E3-3EAB25C781F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61DF4212-EE58-4EF4-8306-DEA4605B593E}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{979C580A-ED98-41D6-8DEA-6EBC1A27238D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A23DEEC1-2B37-4AA4-B7E5-FC09AA6CB59A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BD502291-660D-4BAE-9CAD-76DD53ECD753}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{CBAF4DC9-3304-4FDA-A8F0-3A4734F5B1F9}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0088F84E-64FF-4C28-A0F4-BCF02243B27E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02CE65FE-FE1B-4481-8D7A-362AE8D584AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04275A24-1521-496E-B2AE-0E86D7C519F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{044B7AA3-4B66-44B8-B514-F36F8D6BEBB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04683589-5957-4828-AE44-41DAF4FA23F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04E2ACB1-D73C-4C91-804A-25BF1E217B37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06BAAC91-3B51-49E4-9A69-15EBB4229DE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0733091E-C133-428A-B876-C4780F5C5D09}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{076AC4A7-C24F-4F1D-A12E-9134CEB83E2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A31A317-7FA1-41FE-B3F9-410E124250B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B60EB39-913C-430A-B1D3-4777E86B0F11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D130162-EF95-45BF-A995-0F488BC779CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{108009F4-C087-4E92-BC3D-50CCB30C315E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{109652B6-15BB-4281-9CF5-5D3FA81837EE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{135BC3E5-3E78-4E6A-A91C-A1297215B86B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16F90E75-03DF-4D26-8D33-5D05CE19E79D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19CDCDD9-4A14-4401-B2D5-EFE14597A6A0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1A242542-FF61-4989-8EB2-002D651274D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A6A0345-DF49-4289-AC5F-8C7063D0E85E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1C2B9008-EFC6-4400-9A4A-F19D0F9D79F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C54A434-B19D-4F05-854B-8B172755ADAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E12E57D-43EE-458D-A9E5-735F14C28A51}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E8EC3D3-B228-454B-BD68-DC3CCC4EEC83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F0FDC83-CBFE-4349-AE1F-679CFE3B1CAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20A35F7D-D104-454E-900E-2AFE06D28BC8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24ED7D33-9B68-46AC-9BD2-39958850284C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27D1C50E-6FDE-4979-900F-4AD0F88C540B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{2AD08DF4-4343-4F9D-BAE8-15D04FA917BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B2153CF-331F-4158-B2D1-5A3DB904A961}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C330557-9B1C-44A6-99A2-871AF2761656}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CC9C7FF-FC46-4060-B661-51DE384D1943}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D244B1F-26C4-4739-A955-7C26B06EFAC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E49D249-DB2A-43C5-844C-67E53F21D36C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F6D2A52-F882-4BD5-8CFE-D0D3AC96437E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FA0610D-1FAC-436A-8693-EFACE1F360B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{327979DE-D0FC-45B8-A80F-F33A400FDF62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{338A63BD-1E7A-4076-BB69-91CDD6B50E01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33C70799-435D-483D-9C71-942712635963}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33EF69A2-7B24-4AA6-A2D5-8FB0433D68D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33F7EF89-3865-4058-98BE-F6EBAEBCBDBE}" = protocol=17 | dir=in | app=c:\program files\ringfactory\ringfactory.exe |
"{363540E8-64BB-4614-8BEB-1C54CA5B268F}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{37D309CE-0C85-4104-B9A1-444310B9E9A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{382E0F8A-5414-47BF-8E26-5A57CBB17B5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A6D2985-43D3-40C1-92BB-4D35897BFD68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C37B695-C38D-4718-9A1E-6EDB2AAA4FCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D722A64-E268-4FD1-87A2-0DE7379CEC80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DEFAC44-A711-4CF1-A78C-2F0602A7ADE1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{3E1D6F26-DC8F-4AF1-B0E3-02F94D9D2D63}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ECA9EDF-CCE6-4D79-ABEB-B36F4DC8865A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F78D065-54F6-42C0-9393-9E0752E924ED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42717840-A1D3-4931-A4E8-B6BFF30D1867}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42BF7CB7-2CC6-4D2F-978C-952EED06C7FE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{42FE8306-2779-4359-9F6F-429675576F2C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4470629C-F493-4824-8DB2-4C2F98D294BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{45155AB3-410E-47AB-B974-DEF342958A55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{459ED0F7-985C-48D6-BDD2-9C5D3BFD8A74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47057B84-B5E6-4208-AC09-1069C66C76C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47800E68-F43F-446B-97C7-0E7C16A99DA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47C9CD19-1921-41C4-90E1-88E2B47FF4FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4804A471-DFD4-43A8-BC37-9B8C0A9A14B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{482065C0-BA33-42FB-93AA-DDBEA0B7BCFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{488C977C-BF0A-4610-BBB8-7EEF7DD01C56}" = protocol=6 | dir=out | app=system |
"{4A9F5B64-719D-4128-9DED-8AAB4AF31A3C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4B09093D-554E-432E-8948-93A8682C1C38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BBAD2B1-9225-4650-9C20-81B0FF35DBB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C27C205-AA67-449A-9DC2-6015BAE75844}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F3EBD2F-5AB4-4692-80EA-786DC38CF843}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{514364DD-B025-4F5E-B66C-3F246087F2C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{552A3734-A08E-43AA-B851-38EC20CF6FCF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5531E143-48EE-46A0-BAB2-1ED1206B8DB7}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{5736EE9C-DB91-411B-9B0F-D4A4373A2593}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{57520601-D2A6-41B4-A63D-9E9045A98337}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57681DDF-14AA-4A3A-9CBB-8DB2E4A7536C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57EE76CD-08C8-4DA0-BC25-FCA231B23EB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58AD396E-53D7-4ED9-BB8D-16F2510FA5D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B9BC5A0-6DB7-47C3-9AD9-B3FAF359C944}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BD2884D-9037-4B35-9847-271BE043962F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C2424C6-0FBD-4E56-866A-01E2D1628522}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DC1213D-7CF6-4502-8191-10F6B156AF8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F1589C4-F2B2-4F79-97C7-432BC9651211}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61245D14-DA2B-4B0E-A813-81AD1C819717}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61EE9FC9-5BCF-4182-90CE-833FB2A483E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{625C7265-58D8-49EC-BC1F-13F7851EBD02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{634CA296-DCEB-4860-8BB9-3DD8A007C19E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63932DDB-B3A2-438A-870E-96F1F9D0D06B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63EF8485-8EAD-4DE6-821F-CBA18E28E522}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6584E29D-1132-49C2-A454-8C4F028764D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6638BDBF-87ED-469E-8236-5F079CF30D52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{666BD00E-265F-4BF2-BF5F-42E130687EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6875ED0B-843F-45B3-A771-35AF18488F09}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{6A27E7FE-927D-43DC-86C0-CD93B84B99EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C796B52-A25D-439D-BC45-25CA73217B5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F0F4118-2232-458B-AFED-1FE78BF43CD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71AED2AD-3FB2-4CD7-95E4-4715D750CC38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{725C93B0-BD06-4D42-933A-9021A845F2FD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{742A8D4A-F1F9-4B18-851C-372903B387B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74965D49-EDA8-40AC-8EB8-AF3A97CD2866}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{786E371F-40E4-4145-AA92-5DAE720AA2EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78CABE45-5FD3-4A6C-A5F8-B43724FA0DF1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{78CDEAAA-CB85-4A0C-BD0A-A945A6712AE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{797BC1FF-D36E-4107-AD1A-7A40C7C972BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{798B5709-62C0-4D1F-83B2-E9C1E348D87B}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{7C9D16C7-5A09-42AA-B438-DBEF01283A4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E994D1B-90FC-48CD-A42F-8DE440E89AF9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7EA4B2E2-2A4E-40D9-B82F-544C66072031}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F04EDCD-BE02-4616-90B1-9A86B31DAF9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F2C1B37-1663-4543-B7C6-462C8D78709A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F3A3C9F-94EF-469E-AD73-27430AC36388}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FD2390F-FFDA-42CE-81B1-CDC260586803}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FF1016A-0965-4FAA-8073-AEE3354A9F96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80692BD3-C2CC-4372-9DD2-C227E52CFA8B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{82F43315-0004-465F-9CA6-FED1AB2800DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{844142F0-F983-4D5B-B718-5B87E9013412}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85532AC3-BB12-4098-ABDE-E31642B35BAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A12740A-5D27-4845-8AA1-CEBDFB7A78BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A1B00CD-CD00-44BF-BBA3-507083DA4400}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A1E6B7A-81AF-4AC4-84EE-BF6328FAE8B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BE59832-E3E5-4D7A-B612-954FA7E6DE42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C5FD27C-6268-441E-B0A5-30D10584BB84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CEF135D-3E76-4FCC-81FB-EC95FB944B92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DB2EA9B-6F31-4AFA-8245-8F871FA3EA72}" = protocol=6 | dir=in | app=c:\program files\ringfactory\ringfactory.exe |
"{8E3AA05A-3DE9-4DAB-BEE7-B6DD67E26F26}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9085E8A7-4FEC-4374-8C7B-4DC5B762D12F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90D8CE7E-2A8C-475C-8257-88F6C056D938}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{921FD859-8F7B-4B0C-A217-44A2C605FAD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93126B36-C4A3-4653-85D8-D19B00135809}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{939EA104-3BA8-486E-8871-3B26D59424CE}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{9413F77F-81AF-4475-BB92-5EFB71BCC5B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{943E6AE4-E232-4797-9DAE-574DAB780A35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95D6E80E-D451-4CE0-94C8-08B332E9A60E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96BADFD4-3D14-45B9-83FF-2038A2C16347}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96DFDDC3-A803-4D54-B2F1-ED07922C4D34}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9798FBAA-3AEF-4853-92B0-543461FAB897}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{9877AEF1-2A9C-457E-913F-E0397796349E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98AC0183-BCC2-4FFE-B9C8-60138EDB6FA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{996D9B6C-F4F1-497F-AF04-9EDBDB0A2672}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C8BB043-6AE5-4728-B5A6-8AD59D926BB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CBC428E-A430-49FD-B1AD-43EC321EF7AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D3B9F2E-4BEF-4C57-85B6-348F0F914CC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DD9C75F-DC8A-4ECD-8A15-85AA1EF89C38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A104D518-B4D9-4768-921F-E0FE2AD23CBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A296E2DE-2366-443E-B791-3DA51DD27B85}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{A40BF3D7-E82C-44B5-82D1-10D510F0D13D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A87EBEA6-EA33-4BB1-BF48-3EA807C71128}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA315D9C-A48B-4464-8C08-7E1D7676208D}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{AACB9192-AEE6-4F05-8193-E59B7D4D342C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE28E57F-C525-4B61-92DE-8B5FE3DE2E77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE8A46BF-FB66-4BB0-99AB-14754DB47235}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF5EBFCE-0CD0-45A9-8A01-6495BCBB79CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B28DC5BD-2417-4E17-A555-2CFF1E70AEB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2CF1177-454D-45AF-B927-5A167ECBBA13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5183F81-5BAA-4A21-89A8-E99D91168C03}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B65BB6EF-3902-4FDB-9315-DF8484B279FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6DC0721-B3B7-4430-97B0-20FF629E40E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8BA93B5-7A35-43BC-9535-F3059191252D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB1A1670-F171-46B8-88DA-0D74D99ED635}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BB99EC25-7036-4220-9884-FE7328C3E6A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BBFDCE0E-8F78-4400-9942-ED03E04628B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD80468F-9D2A-4115-8F7B-F1E6392FA560}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDE1D515-AA9D-45D2-8672-76210BE0D217}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE8B0515-1183-4684-9901-213DB890EBE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF36150F-2196-4E62-99C0-53430E12A1B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF6A2D53-7FA8-4B9E-AC58-CE612B480BAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0C9E45D-E434-406C-A005-8EA1C4BEC53A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1BB7396-40EF-4757-8D8F-986CDC77EF89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2AE6F9D-794F-4FAF-8DC2-53DAB1F6DA11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C311A8DA-AE70-44E7-8786-CACC107EC7CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C38B3924-8583-41BC-82E4-38211A33D66D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C495747A-327A-4404-8119-D20A712B58CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4C7576D-68AC-465C-ACFC-E1056C7D9B5F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C8476448-334D-4E8F-B83B-06D3B822B4B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9EC1316-F031-4956-A78D-F3728A608193}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAD73020-C0F1-46A8-A2C2-80879BFB5F7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC5F02E7-AD9F-4198-A7E2-39FECC4F77D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD96E39D-C6AC-4D44-BA1C-34F773CB274D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CE311470-814A-44D4-8527-566FD325A3E6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D1AC9881-CC5A-4023-946D-7B40D23B0E0B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D1CBF6B3-2DF2-4C90-8350-130534EFE1F0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D27C1B1E-9872-44F5-B6B4-B2B6DBE19791}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3A47DCF-3F6F-4843-98F2-CAA72D07C7F1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{D5E691DA-6C17-4B53-9C59-D7F6913E265A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D746A612-98B3-4477-8B0B-B600A2847A9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D762C1BC-38C9-4BB1-8B1B-FFE110306A97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7B98791-43E8-4DFF-9695-BA06EA2DD71D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D8837894-D334-4FC3-802A-D7D524A80BFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D88C948B-5D22-4ABA-B104-3A57E33C8437}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DB02C725-DF65-4C25-AAFE-4E67C09F8995}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB196295-7419-4EDC-883C-7F22EB9CB4FB}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{DEB42EFA-E7C8-404E-A59D-0768A2C27B37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF39AD67-3B5C-4EBF-9158-BEA8758DFF00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF54F25D-F85F-4A41-98F4-F4481F87EA2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF5A6BD7-F54B-41CF-8A63-110F1F782903}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0BF9292-4D5C-412F-BD08-D9A10F92AEC6}" = protocol=58 | dir=in | app=system |
"{E0E9457D-0A89-4A58-9FC3-5D83A7985769}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{E24C3924-868C-4DF8-9C6A-19E303728BFC}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{E4A171F0-E079-4359-B435-B9467941503B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6E92244-863B-40BC-91A4-DADEBB83DDD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6F79EF2-617A-42B3-8BEE-217E6F1C0FE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7AE321B-74A7-4C00-9B72-9D1779ECE809}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7AEBE06-451B-42F5-8F00-F116D49A26E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E85AFC3C-83F0-45EF-9475-2361D5C15492}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8837B94-BD7B-4FBF-8E49-45277D965A94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EAE5DBD0-6E77-48EA-97D2-27C6C2088AD8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC02C569-7784-47B9-B841-B749291FDAEB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{EC45B019-7993-4177-B08B-3243057A6DD1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDA000EB-416D-4468-8FA2-C1C1AD54A9FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EED26F1C-35E3-41DE-896D-E501115BB38B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EEEE567E-2D21-4944-BF3D-E77CA62428BA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{F0E96CD2-3E99-4518-B72A-4CD9A99D3B0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F20C3436-6D34-47ED-969C-13E8390017A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F50B367D-F1C1-4C2A-ACFF-E584F32245BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F62BCF2C-9436-49ED-AAE0-389892AE873D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F65E6EDB-BD3E-4149-AA8F-D30D469099A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F679A30F-2970-4105-BF23-74F489A0C5F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F76213FE-36F2-4701-BF55-A3E1EAF673D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F87A45D4-84EF-4684-B50B-F91BE288F65F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F88BE266-B3D5-4694-BB23-CB1E1B046BED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9842B3F-6E78-49CD-A9C5-01C92198C0E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB2934B7-E919-49A5-A315-3AD16472448A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB8B16D4-AE43-4D96-A8A1-0CD6D417BB62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD07E190-6727-4602-AE05-C1C5AE98447B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD5DB4C4-56E2-47E9-A16E-F117D1D529C7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FDD744B0-C880-41ED-95D3-7D14FA1F1B53}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE5EB239-CAE4-46B6-BB61-F63964B5A575}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0AD58340-01A9-4219-A8B4-76D0E9B8E61A}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{1D712449-1636-45F6-A6B2-F0FC06EF7650}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2C0CF522-034F-4738-AEC5-8ECF279906C7}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{38E727BD-7B97-417A-B9E2-F2D907649832}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{48106988-E7A2-4901-A090-A91A45361169}C:\windows\system32\drivers\svchost.exe" = protocol=6 | dir=in | app=c:\windows\system32\drivers\svchost.exe |
"TCP Query User{814A745D-8A07-4227-BB49-0F59AD935E81}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9051FE46-10D6-4DCA-95D8-83D3DC81B523}C:\windows\system32\drivers\svchost.exe" = protocol=6 | dir=in | app=c:\windows\system32\drivers\svchost.exe |
"TCP Query User{9DBA7C36-40EB-4FCA-8C75-7D3A23663FD7}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{9F85943D-2E78-4C69-BF99-85A291C1EBC6}C:\program files\wildtangent\blasterball 2\bb2.exe" = protocol=6 | dir=in | app=c:\program files\wildtangent\blasterball 2\bb2.exe |
"TCP Query User{C735F273-AD8C-4067-A68C-287B7A23F06A}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{EC158058-2680-48B9-97ED-E361ED3F8141}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{F142EDD1-7D23-4BC2-9E19-3B910106CE2D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F9BA9D73-55C6-4D73-882E-FAFF7766976F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{05AA5856-4479-4386-90A7-0ED52F605EE6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{0948D7C2-40C9-4A0C-AD0F-FA9FED36AFEF}C:\windows\system32\drivers\svchost.exe" = protocol=17 | dir=in | app=c:\windows\system32\drivers\svchost.exe |
"UDP Query User{390F65A1-F03B-4EE0-8931-8163C1B2CFF6}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{392960CC-7FFF-4D75-88C6-23A104FA2421}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{49D380F9-860E-4FBD-8FC7-B34184F68880}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{79F7A770-F79B-489C-AABF-C80E9E2B9D77}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{81BD08B6-6F32-4E99-B361-780C576E2B50}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{916F795A-7975-4A5B-890F-0DB588F85A0F}C:\windows\system32\drivers\svchost.exe" = protocol=17 | dir=in | app=c:\windows\system32\drivers\svchost.exe |
"UDP Query User{A61957F3-43BD-4798-B859-4A3AAD140BEB}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C889377C-B18F-4909-B96D-7AEF74BC9159}C:\program files\wildtangent\blasterball 2\bb2.exe" = protocol=17 | dir=in | app=c:\program files\wildtangent\blasterball 2\bb2.exe |
"UDP Query User{D0083EA8-9D35-48A9-A456-B3C36288A696}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{D158CAD6-253E-4189-93BA-9DD6BA63160B}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{EBE17C8C-E1C5-4F45-9AE9-64A03E55229B}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel(R) Viiv(TM) Software
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3039B4CC-4A06-4FDC-B380-11A358420B25}_is1" = NavNet NG
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91B3BEC8-748B-4912-82ED-29D38E140B2A}" = Linkit_eBay
"{91D2C605-AD2B-44C8-A0A1-9B116B3C91CB}" = AVG 2011
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A369904B-C3E5-40ED-A72B-718B5D60D725}" = LabSim
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6B69D92-6CD8-4086-8D1D-7945BDA4AE5A}" = F4100_Help
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9E848B3-A64D-4005-8DA1-DC3981C902A8}_is1" = NavNet
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C1771DDC-BEA1-4375-B2A2-B46F43ACB476}" = Wal-Mart Digital Photo Manager
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8FED11D-3584-4a72-8B26-E0951B655797}" = F4100
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Ares" = Ares 2.1.1
"AskSBar Uninstall" = Ask Toolbar
"AVG" = AVG 2011
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Fuzz Pack for Pocket Tanks Deluxe_is1" = Fuzz Pack v1.0 for Pocket Tanks Deluxe
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Intel(R) Configuration Center" = Intel(R) Viiv(TM) Software
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0
"L.S Games V2.0" = L.S Games V2.0
"MAGIX music maker 11 demo US" = MAGIX music maker 11 demo (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"PokerStars" = PokerStars
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 2.0.4
"TestOut Product Navigator (SA)" = TestOut Navigator (Online Version)
"TomTom HOME" = TomTom HOME 2.7.2.1825
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"wtwebdriver" = WildTangent Web Driver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2009" = SmartDraw 2009

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
OTL logfile created on: 9/30/2011 10:37:29 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.56% Memory free
4.21 Gb Paging File | 3.97 Gb Available in Paging File | 94.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.38 Gb Total Space | 90.16 Gb Free Space | 31.26% Space Free | Partition Type: NTFS
Drive D: | 9.71 Gb Total Space | 1.61 Gb Free Space | 16.53% Space Free | Partition Type: NTFS
Drive E: | 2.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\725079080:3609970900.exe File not found
PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe ()
SRV - (OrbisClient.Services) -- C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe ()
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ()
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (MxlW2k) -- C:\Windows\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (SSIDRV) -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD) -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (SSKBFD) -- C:\Windows\System32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (nmsgopro) -- C:\Windows\System32\drivers\nmsgopro.sys (Gteko Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53616

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53616
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2888: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2946: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.2806: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/11/12 12:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 06:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EC78F5BD-1930-44A8-AC80-E670CC072887}: C:\Users\Owner\AppData\Local\{EC78F5BD-1930-44A8-AC80-E670CC072887} [2010/02/22 02:35:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/03 09:08:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 13:14:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2008/12/24 21:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2008/12/24 21:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/26 07:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qvf5fw3t.default\extensions
[2011/04/25 22:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/02 13:14:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/06/03 09:08:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVF5FW3T.DEFAULT\EXTENSIONS\{E19DF523-EFFD-48D2-95A2-883CB3BA32A4}.XPI
[2009/09/01 06:57:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/02 13:14:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 01:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/01/01 01:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 01:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL ()
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ()
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: filelist.org ([]http in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {64D01C7F-810D-446E-A07E-456746835644} Myspace | Social Entertainment (AtlBoxWordCtlAttrib Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} Myspace | Social Entertainment (Oberon Flash Game Host)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} Error (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://accessfleet.webex.com/client/T26L/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5139195-F699-4BDC-9987-58A6DB6E92EA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll (MH)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/30 10:28:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/09/29 21:32:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/29 14:41:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Windows_NT6_BSOD_jcgriff2
[2011/09/29 07:24:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/15 03:09:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/09/15 02:58:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/12 17:15:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/12 17:10:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/11 11:11:06 | 000,000,000 | ---D | C] -- C:\rsit
[2011/09/10 23:41:05 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/09/10 23:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/09/10 23:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/30 10:35:55 | 000,000,000 | ---- | M] () -- C:\Windows\725079080
[2011/09/30 10:35:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/30 10:30:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/30 10:30:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/30 10:28:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/09/30 09:34:51 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2011/09/29 23:34:24 | 002,184,340 | ---- | M] () -- C:\Users\Owner\Documents\Windows_NT6_BSOD_jcgriff2.zip
[2011/09/29 23:14:53 | 149,942,237 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/29 23:13:37 | 000,120,024 | ---- | M] () -- C:\Users\Owner\Desktop\1268525691020.jpg
[2011/09/29 23:01:47 | 000,062,937 | ---- | M] () -- C:\Users\Owner\Desktop\1th17.jpg
[2011/09/29 22:49:13 | 000,141,408 | ---- | M] () -- C:\Users\Owner\Desktop\katies friend.jpg
[2011/09/29 22:36:49 | 000,058,711 | ---- | M] () -- C:\Users\Owner\Desktop\jmerrrzzz.jpg
[2011/09/29 14:41:01 | 000,053,760 | ---- | M] () -- C:\Users\Owner\Documents\Windows_NT6_BSOD_v3.03_jcgriff2_.exe
[2011/09/29 14:35:31 | 000,075,338 | ---- | M] () -- C:\Users\Owner\Desktop\kelsey.jpg
[2011/09/29 14:21:53 | 000,067,979 | ---- | M] () -- C:\Users\Owner\Desktop\selina.jpg
[2011/09/29 07:24:08 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/29 06:04:41 | 047,369,160 | ---- | M] () -- C:\Windows\System32\mrt.exe
[2011/09/28 11:41:13 | 000,055,808 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 11:30:34 | 178,910,931 | ---- | M] () -- C:\Users\Owner\Desktop\maDd3nWBdHD.wmv
[2011/09/27 23:44:37 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/09/27 23:44:37 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/09/25 05:27:05 | 000,032,289 | ---- | M] () -- C:\Users\Owner\Desktop\brittt.jpg
[2011/09/22 07:52:19 | 000,319,236 | ---- | M] () -- C:\Users\Owner\Desktop\keana.jpg
[2011/09/21 22:03:51 | 000,110,385 | ---- | M] () -- C:\Users\Owner\Desktop\randalltv-stackedjoelle_(11).jpg
[2011/09/21 00:19:51 | 000,183,401 | ---- | M] () -- C:\Users\Owner\Desktop\826409-f8110383f8110_l.JPEG
[2011/09/19 11:41:47 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/18 01:54:56 | 000,127,716 | ---- | M] () -- C:\Users\Owner\Desktop\tumblr_lqdcwf417T1qj0m1io1_500.jpg
[2011/09/16 14:43:22 | 000,055,167 | ---- | M] () -- C:\Users\Owner\Desktop\tanea.jpg
[2011/09/15 11:58:58 | 000,012,519 | ---- | M] () -- C:\Users\Owner\Desktop\[BackroomCastingCouch.com]_Paulina_.6331435.TPB.torrent
[2011/09/13 15:20:23 | 000,000,654 | ---- | M] () -- C:\Users\Owner\Desktop\wrestlemania 02 pt 2.avi - Shortcut.lnk
[2011/09/13 15:20:23 | 000,000,654 | ---- | M] () -- C:\Users\Owner\Desktop\wrestlemania 02 pt 1.avi - Shortcut.lnk
[2011/09/13 10:16:23 | 000,459,264 | ---- | M] () -- C:\Users\Owner\Desktop\CKScanner.exe
[2011/09/11 11:12:35 | 000,781,383 | ---- | M] () -- C:\Users\Owner\Desktop\RSIT.exe
[2011/09/10 23:41:07 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/09/10 23:00:37 | 000,023,108 | ---- | M] () -- C:\Users\Owner\Desktop\error.jpg
[2011/09/10 10:29:08 | 000,179,870 | ---- | M] () -- C:\Users\Owner\Desktop\Untitled.jpg
[2011/09/10 09:43:12 | 000,012,590 | ---- | M] () -- C:\Windows\System32\Support.xml
[2011/09/10 00:22:23 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/09/03 16:42:37 | 006,868,146 | ---- | M] () -- C:\Users\Owner\Desktop\I_Come_From_Money_.mp3
[2011/09/03 16:40:44 | 010,920,261 | ---- | M] () -- C:\Users\Owner\Desktop\CM_Punk_(Cult_Of_Personality_WWE_Edit).mp3
[2011/09/03 16:31:38 | 007,940,005 | ---- | M] () -- C:\Users\Owner\Desktop\Cody_Rhodes_New_Theme_CD_Quality_[MrEdge17HDv3].mp3
[2011/09/03 11:51:19 | 000,138,892 | ---- | M] () -- C:\Users\Owner\Desktop\5.jpg
[2011/09/03 11:51:03 | 000,302,390 | ---- | M] () -- C:\Users\Owner\Desktop\mms_picture.jpg
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/29 23:34:17 | 002,184,340 | ---- | C] () -- C:\Users\Owner\Documents\Windows_NT6_BSOD_jcgriff2.zip
[2011/09/29 23:13:23 | 000,120,024 | ---- | C] () -- C:\Users\Owner\Desktop\1268525691020.jpg
[2011/09/29 23:02:50 | 000,062,937 | ---- | C] () -- C:\Users\Owner\Desktop\1th17.jpg
[2011/09/29 22:50:17 | 000,141,408 | ---- | C] () -- C:\Users\Owner\Desktop\katies friend.jpg
[2011/09/29 22:36:43 | 000,058,711 | ---- | C] () -- C:\Users\Owner\Desktop\jmerrrzzz.jpg
[2011/09/29 14:41:01 | 000,053,760 | ---- | C] () -- C:\Users\Owner\Documents\Windows_NT6_BSOD_v3.03_jcgriff2_.exe
[2011/09/29 14:36:12 | 000,075,338 | ---- | C] () -- C:\Users\Owner\Desktop\kelsey.jpg
[2011/09/29 14:21:38 | 000,067,979 | ---- | C] () -- C:\Users\Owner\Desktop\selina.jpg
[2011/09/28 23:41:56 | 000,000,000 | ---- | C] () -- C:\Windows\725079080
[2011/09/28 11:30:29 | 178,910,931 | ---- | C] () -- C:\Users\Owner\Desktop\maDd3nWBdHD.wmv
[2011/09/25 05:26:55 | 000,032,289 | ---- | C] () -- C:\Users\Owner\Desktop\brittt.jpg
[2011/09/22 07:54:16 | 000,319,236 | ---- | C] () -- C:\Users\Owner\Desktop\keana.jpg
[2011/09/21 22:05:12 | 000,110,385 | ---- | C] () -- C:\Users\Owner\Desktop\randalltv-stackedjoelle_(11).jpg
[2011/09/21 00:19:27 | 000,183,401 | ---- | C] () -- C:\Users\Owner\Desktop\826409-f8110383f8110_l.JPEG
[2011/09/18 01:54:43 | 000,127,716 | ---- | C] () -- C:\Users\Owner\Desktop\tumblr_lqdcwf417T1qj0m1io1_500.jpg
[2011/09/16 14:43:31 | 000,055,167 | ---- | C] () -- C:\Users\Owner\Desktop\tanea.jpg
[2011/09/15 11:58:58 | 000,012,519 | ---- | C] () -- C:\Users\Owner\Desktop\[BackroomCastingCouch.com]_Paulina_.6331435.TPB.torrent
[2011/09/13 15:20:23 | 000,000,654 | ---- | C] () -- C:\Users\Owner\Desktop\wrestlemania 02 pt 2.avi - Shortcut.lnk
[2011/09/13 15:20:23 | 000,000,654 | ---- | C] () -- C:\Users\Owner\Desktop\wrestlemania 02 pt 1.avi - Shortcut.lnk
[2011/09/13 10:16:19 | 000,459,264 | ---- | C] () -- C:\Users\Owner\Desktop\CKScanner.exe
[2011/09/11 11:12:34 | 000,781,383 | ---- | C] () -- C:\Users\Owner\Desktop\RSIT.exe
[2011/09/10 23:41:07 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/09/10 23:00:37 | 000,023,108 | ---- | C] () -- C:\Users\Owner\Desktop\error.jpg
[2011/09/10 10:29:08 | 000,179,870 | ---- | C] () -- C:\Users\Owner\Desktop\Untitled.jpg
[2011/09/10 00:22:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/03 16:42:30 | 006,868,146 | ---- | C] () -- C:\Users\Owner\Desktop\I_Come_From_Money_.mp3
[2011/09/03 16:39:50 | 010,920,261 | ---- | C] () -- C:\Users\Owner\Desktop\CM_Punk_(Cult_Of_Personality_WWE_Edit).mp3
[2011/09/03 16:31:24 | 007,940,005 | ---- | C] () -- C:\Users\Owner\Desktop\Cody_Rhodes_New_Theme_CD_Quality_[MrEdge17HDv3].mp3
[2011/09/03 11:51:19 | 000,138,892 | ---- | C] () -- C:\Users\Owner\Desktop\5.jpg
[2011/09/03 11:51:02 | 000,302,390 | ---- | C] () -- C:\Users\Owner\Desktop\mms_picture.jpg
[2011/06/04 17:05:42 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\A12E.53C
[2011/05/17 21:10:52 | 000,001,354 | -HS- | C] () -- C:\Users\Owner\AppData\Local\8s7h0376ile
[2011/05/17 21:10:52 | 000,001,354 | -HS- | C] () -- C:\ProgramData\8s7h0376ile
[2011/05/17 21:10:35 | 000,000,208 | ---- | C] () -- C:\ProgramData\d1713FeGcMgJ6278
[2011/05/14 16:48:30 | 000,001,554 | -HS- | C] () -- C:\Users\Owner\AppData\Local\5lnfw71gfl5222x1d77ctwk735dv1vk6wbh2s67hy78q7
[2011/05/14 16:48:30 | 000,001,554 | -HS- | C] () -- C:\ProgramData\5lnfw71gfl5222x1d77ctwk735dv1vk6wbh2s67hy78q7
[2011/05/04 00:06:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/04 00:06:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/26 06:11:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/04 23:34:37 | 000,012,844 | -HS- | C] () -- C:\Users\Owner\AppData\Local\c1v7b2004pcko3q46sg5by81ek78o4q
[2011/04/04 23:34:37 | 000,012,844 | -HS- | C] () -- C:\ProgramData\c1v7b2004pcko3q46sg5by81ek78o4q
[2011/02/23 13:52:10 | 000,010,502 | -HS- | C] () -- C:\Users\Owner\AppData\Local\871386874
[2011/02/23 13:52:10 | 000,010,502 | -HS- | C] () -- C:\ProgramData\871386874
[2010/12/02 23:52:47 | 000,000,699 | ---- | C] () -- C:\ProgramData\1975716847.dat
[2010/11/26 04:32:52 | 000,000,006 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\start
[2010/11/26 04:32:13 | 000,000,006 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\completescan
[2010/11/26 04:17:22 | 000,000,010 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\install
[2010/09/08 12:10:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2010/06/12 13:25:04 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/02 10:40:57 | 000,010,524 | -HS- | C] () -- C:\Users\Owner\AppData\Local\LK2mfPE2j
[2010/04/02 10:40:57 | 000,010,524 | -HS- | C] () -- C:\ProgramData\LK2mfPE2j
[2010/02/19 11:11:41 | 000,000,024 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\cqfyto.dat
[2010/02/10 10:00:26 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Jpoho.dat
[2010/02/10 10:00:26 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Hjuheta.bin
[2009/10/19 01:07:34 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/09/30 00:45:31 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 13:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/26 13:00:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009/06/26 12:57:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/01/18 23:53:01 | 000,223,232 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2008/10/03 14:15:58 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/03 14:15:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/23 21:57:25 | 000,217,088 | ---- | C] () -- C:\Windows\System32\WerFault.exe
[2008/05/03 22:34:50 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/05/03 22:34:47 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/05/03 22:34:46 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/05/03 22:34:45 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/14 11:48:50 | 000,000,000 | ---- | C] () -- C:\Windows\musicmaker.INI
[2008/02/14 11:15:40 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll
[2008/02/14 00:30:32 | 000,006,308 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/01/09 04:18:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/12/11 12:43:44 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/11/01 08:57:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2007/11/01 08:21:32 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2007/10/31 20:11:26 | 000,141,084 | ---- | C] () -- C:\Windows\hpoins14.dat.temp
[2007/10/31 20:11:26 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp
[2007/10/31 19:55:02 | 000,141,281 | ---- | C] () -- C:\Windows\hpoins14.dat
[2007/10/31 19:55:02 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2007/10/31 14:29:10 | 000,055,808 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/15 17:44:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/02/15 17:44:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/02/15 17:44:35 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/02/15 17:19:02 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat
[2007/02/15 17:07:35 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2007/02/15 17:07:35 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/02/15 17:07:35 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2007/02/15 17:07:35 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 15:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 002,336,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,602,492 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,103,932 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:24:01 | 047,369,160 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2006/06/11 17:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2006/05/15 01:33:34 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini

========== LOP Check ==========

[2011/05/20 09:05:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\1891E13AFCD962D63A7F461F7DF02296
[2007/11/01 08:25:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2011/08/13 16:26:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Amazon
[2010/12/08 07:08:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
[2011/09/21 13:34:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2009/10/17 10:00:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Logs
[2009/06/26 13:01:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MAGIX
[2008/02/13 23:58:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Musicmatch
[2010/11/30 19:28:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NavNet Solutions
[2010/12/05 15:46:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SampleView
[2009/07/23 01:13:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Serif
[2011/03/30 10:04:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Skinux
[2010/04/28 11:05:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SmartDraw
[2010/12/05 15:42:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spyware Terminator
[2011/08/14 13:39:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tibo Software
[2008/12/24 21:26:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TomTom
[2010/02/17 23:06:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2007/12/19 19:03:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wal-Mart
[2007/12/19 19:02:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wal-Mart Digital Photo Manager
[2007/12/19 19:32:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wal-Mart Digital Photo Viewer
[2008/10/14 15:55:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\webex
[2011/09/30 09:47:31 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/30 09:34:51 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\Windows\725079080:3609970900.exe
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Wild things.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\videosz-it-could-happen-32.mpeg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\v1541_scene_5_448k_h264_bp.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\v1541_scene_2_698k_h264_mp.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Three Course Treat.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\shawtyisbangin.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Perved_Sarah_Peachez_-_Happy_Ending__Realpeachez.com.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Our secrets.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Natalie_-_16th_Febuary_10.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\My turn.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Lips experiment.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\keep.flv:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\JJ_-_062209_Chat_-_With_Sound_Part_2.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\JJ_-_062209_Chat_-_With_Sound_Part_1.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\HD-tubs.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\HD-MPs.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\Bridesmaids (2011) TS x264 Feel-Free.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\cat_wh.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\BrookeM_-_24th_June.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Brooke.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\briannalee5.flv:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Briana_03.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Backdoor_to_Chyna_v1541_scene_1_698k_h264_mp.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Back_Door_To_Chyna_-_Scene_04.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Ann_-_Pussy.mkv:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\81709.flv:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\397682_So_You_Wanna_Be_a_Pornstar.flv:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\319970_Hot_Blonde_chick_gets_a_surprise_cumshot.flv:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\305758_English_MILF_secretary_****s_her_boss.flv:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\20100114.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\134_Happy_birthday.flv:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\100491.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\100_3256.flv:TOC.WMV
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:EC2246A6
< End of report >

 

[tom982]

You're infected alright! That's not good at all, there's a heck of a lot wrong in that log I'm not trained to fix it yet though.

A few things I can say though:

P2P Warning

P2P File sharing programs (uTorrent, Bittorrent, Vuze, Limewire, Kazaa etc.) need to be avoided to reduce the risk of infection. When visiting file sharing sites you usually get more than you intend to, these downloads are commonly laced with infections with varying effects - allowing remote access to your computer and stealing passwords being the most common.

Many underground websites, that host cracks or keygens, can be equally bad. Not only can the downloads be infected, but innocent looking banners can contain malicious flash code that installs malware on your system. These files are also illegal.

Should you continue to use these websites/software after my assistance then there is a very high chance you will get infected again - putting your files and passwords at stake, just ask yourself is it really worth the risk?


There's a few folders which caught my eye in here:

[2011/09/30 10:28:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/09/29 21:32:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/12 17:10:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/11 11:11:06 | 000,000,000 | ---D | C] -- C:\rsit
[2011/09/13 10:16:19 | 000,459,264 | ---- | C] () -- C:\Users\Owner\Desktop\CKScanner.exe
[2011/09/11 11:12:34 | 000,781,383 | ---- | C] () -- C:\Users\Owner\Desktop\RSIT.exe

These are all malware removal tools - as you probably know. RSIT and CKScanner won't do any damage to your system however Combofix is an extremely powerful program and should not be used unless under the supervision of a trained professional. Are you receiving help from another forum? Or are you using these tools yourself? If you are using another forum, please send me a link

Tom

 

[echard77]

i was directed to use combo fix through this forum. i havent gotten around to getting rid of it due to a busy schedule. and if this gets fixed those p2p programs are going to be gone!

 

[tom982]

i was directed to use combo fix through this forum. i havent gotten around to getting rid of it due to a busy schedule. and if this gets fixed those p2p programs are going to be gone!

Okay, that's great. I've found the thread - I even commented on the thread and couldn't remember it!

http://www.vistax64.com/general-discussion/292510-vista-acting-weird-help-3.html

Have you seen Rich's (richc46) post above? About driver verifier? You need to do that

Tom

 

[echard77]

ya i saw that, but idk if thats something i want to do. it seems rather time consuming, and i just do not have the time...

 

[richc46]

Either you have the time or we cant help any further with the computer.
We are not there and are limited to what we can do.

 

[tom982]

ya i saw that, but idk if thats something i want to do. it seems rather time consuming, and i just do not have the time...

Rich is one of our very best - especially when it comes to BSODs, he wouldn't suggest anything unless he thought that it is completely necessary There's no need to doubt him

 

[echard77]

its not a matter of doubt, i trust u guys on here..i just dont have the time right now to go through this whole process..thats why im hoping there is any other way

 

[tom982]

its not a matter of doubt, i trust u guys on here..i just dont have the time right now to go through this whole process..thats why im hoping there is any other way

When you're working with BSODs, all of the information about the crash is stored in a minidump file. So far we have 1 minidump from you. It is very difficult to establish the cause of a problem from one report because you can't see any correlations. Running Driver Verifier will test all of your drivers and will cause a BSOD if it finds a problem with one of them - hence giving us more minidump files to work with.

If there was a quicker way then we would be doing it Short of reinstalling Windows, this is the only way.

 

[niemiro]

Hello!

Well, that .dmp file is certainly one of the most interesting I have seen for a little while.

DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce)

b1947b8c 81e97b54 00000008 a91af960 00000000 nt!MmAccessFault+0x10a
b1947b8c a91af960 00000008 a91af960 00000000 nt!KiTrap0E+0xdc
WARNING: Frame IP not in any known module. Following frames may be wrong.
b1947c14 85ae51d8 00000000 00001000 00000000 <Unloaded_win32k.sys:2>+0x1960
b1947c5c a91af93e b1947c98 b1947d20 00000038 0x85ae51d8
b1947d7c 82012b18 00000000 d22269fb 00000000 <Unloaded_win32k.sys:2>+0x193e
b1947dc0 81e6ba2e a91afaa8 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

Just look at the change of events:

PspSystemThreadStartup --> <Unloaded_win32k.sys:2> --> 0x85ae51d8

I am by no means an expert, but the only thing which I can think of is we are looking at a failed, or possibly successful, rootkit take over, possibly of win32k.sys.

It will probably turn out to be something far more mundane, but it looks interesting!

Richard

 

[echard77]

i will see if i can find the time to do it, i do want this fixed, and appreciate all your help

 

[tom982]

Hello!

Well, that .dmp file is certainly one of the most interesting I have seen for a little while.

DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce)

b1947b8c 81e97b54 00000008 a91af960 00000000 nt!MmAccessFault+0x10a
b1947b8c a91af960 00000008 a91af960 00000000 nt!KiTrap0E+0xdc
WARNING: Frame IP not in any known module. Following frames may be wrong.
b1947c14 85ae51d8 00000000 00001000 00000000 <Unloaded_win32k.sys:2>+0x1960
b1947c5c a91af93e b1947c98 b1947d20 00000038 0x85ae51d8
b1947d7c 82012b18 00000000 d22269fb 00000000 <Unloaded_win32k.sys:2>+0x193e
b1947dc0 81e6ba2e a91afaa8 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

Just look at the change of events:

PspSystemThreadStartup --> <Unloaded_win32k.sys:2> --> 0x85ae51d8

I am by no means an expert, but the only thing which I can think of is we are looking at a failed, or possibly successful, rootkit take over, possibly of win32k.sys.

It will probably turn out to be something far more mundane, but it looks interesting!

Richard

Pfft.

i will see if i can find the time to do it, i do want this fixed, and appreciate all your help

All you have to do is set it up and leave it running Then it's just down to time to work it's course. It's our pleasure, hopefully we'll (well when I say we, I mean both Richards - niemiro and richc46) be able to get you up and running in no time

 

[niemiro]

Hello again!

I got that minidump submitted for expert analysis, and the results have come back from VirGnarus that the minidump does not provide quite enough information for more exact analysis, a full memory dump would likely provide no more useful information, and that this being caused by a rootkit is extremely likely. We either need to submit this to a security forum such as G2G, or call over one of out own security experts if they still inhabit this forum = Clean Install.

This is not my thread, and Tom and Rich have more of an idea as to how much of a mess this computer is in (ref. other threads etc.) and what you think the best cause of action is (G2G (pointing out that close examination of win32k.sys is required) or a Clean Install)

I shall now slowly back out of the door

Richard