Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirection, Windows UI Issues (Round 2)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 14th, 2011, 10:27 am

Absolutely.

Your AV should have been re-enabled as soon as you'd finished running Combofix, sorry I didn't remember to point that out to you.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 16th, 2011, 2:03 am

Sorry about the delay on these... got home late last night.

OTL
OTL logfile created on: 4/15/2011 6:28:56 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alex\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 55.39 Gb Free Space | 37.17% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 276.66 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 487.72 Gb Free Space | 52.36% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 265.64 Gb Free Space | 57.03% Space Free | Partition Type: NTFS
Drive I: | 1863.01 Gb Total Space | 861.58 Gb Free Space | 46.25% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/15 18:25:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2011/02/23 08:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 08:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/12/28 20:22:02 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Program Files\Steam\Steam.exe
PRC - [2010/10/19 00:14:18 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/13 17:29:40 | 004,917,384 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
PRC - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2010/01/22 20:36:00 | 000,621,320 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/07/14 12:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/12 22:17:01 | 000,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2008/02/26 16:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2011/04/15 18:25:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2011/02/23 08:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2009/04/11 00:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2007/10/19 14:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/09 15:10:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/23 08:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2009/08/25 12:00:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/14 12:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/01/20 20:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - [2011/02/27 20:42:55 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/02/23 07:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 07:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 07:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 07:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 07:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 07:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/07/12 02:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/12/16 17:27:00 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 17:26:58 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 17:26:56 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 12:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/18 18:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 20:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 19:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/08/06 18:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/05/09 22:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/11/18 13:29:48 | 000,312,832 | ---- | M] (Belkin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BLKWGDv8.sys -- (BLKWGDv8)
DRV - [2006/09/24 07:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-770543726-423754612-1244475062-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-770543726-423754612-1244475062-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-770543726-423754612-1244475062-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-770543726-423754612-1244475062-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: multilinks@plugin:3.0.0.16
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.3.3.2
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/20 00:34:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011/03/26 01:26:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/03/26 01:26:49 | 000,000,000 | ---D | M]

[2009/08/22 09:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2011/04/12 07:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions
[2010/05/30 14:53:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/22 20:18:23 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/03/22 20:18:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/22 20:18:25 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/03/22 20:18:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\engine@conduit.com
[2011/03/22 20:18:23 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\multilinks@plugin
[2009/11/13 03:25:04 | 000,000,917 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\searchplugins\conduit.xml
[2011/03/20 00:34:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/09/27 19:17:36 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/12/26 22:42:54 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011/02/05 15:46:42 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/04/13 18:52:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKU\S-1-5-21-770543726-423754612-1244475062-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-770543726-423754612-1244475062-1000\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKU\S-1-5-21-770543726-423754612-1244475062-1000..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O4 - HKU\S-1-5-21-770543726-423754612-1244475062-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-770543726-423754612-1244475062-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-770543726-423754612-1244475062-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote - E:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - E:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - E:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/ ... tion32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab (CDownloadCtrl Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cbeyond.webex.com/client/T27LC/ ... atgpc1.cab (GpcContainer Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Dont Panic.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Dont Panic.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/15 18:25:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/04/13 23:50:23 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\VirtualDub-1.9.11
[2011/04/13 18:55:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/13 18:55:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/13 18:42:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/13 18:42:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/13 18:42:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/13 18:42:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/13 18:42:11 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/13 18:41:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/13 07:35:44 | 000,123,904 | ---- | C] (Systemintegrasjon AS) -- C:\MbrFix.exe
[2011/04/13 07:35:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\mbrfix
[2011/04/12 18:17:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\tdsskiller
[2011/04/12 18:16:34 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2011/04/11 21:03:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\BitTorrent
[2011/04/10 22:11:15 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\surf
[2011/04/09 14:28:02 | 000,022,504 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2011/04/07 23:21:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Upcoming Ask
[2011/04/05 21:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Futuremark Shared
[2011/04/05 21:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2011/04/05 21:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2011/04/01 23:21:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\CrashRpt
[2011/04/01 23:21:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Procaster
[2011/04/01 23:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestream Procaster
[2011/04/01 23:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Livestream Procaster
[2011/03/20 20:06:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/03/20 20:06:15 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/03/20 20:06:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/03/20 20:06:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/03/20 20:06:15 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/03/20 20:06:15 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/03/20 20:06:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/03/20 20:06:15 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/03/20 20:06:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/03/20 20:06:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/03/20 20:06:14 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/03/20 20:06:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/03/20 20:06:14 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/03/20 20:06:14 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/03/20 20:06:14 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/03/20 20:06:14 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/03/20 20:06:14 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/03/20 20:06:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/03/20 20:06:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/03/20 20:06:14 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/03/20 20:06:14 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/03/20 20:06:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/03/20 20:06:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/03/20 20:06:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/03/20 20:06:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/03/20 20:06:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/03/20 20:06:13 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/03/20 20:06:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/03/20 20:06:13 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/03/20 20:06:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/03/20 20:06:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/03/20 20:06:13 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/03/20 20:06:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/03/20 20:06:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/03/20 20:06:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/03/20 20:06:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/03/20 20:06:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/03/20 20:06:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/03/20 20:06:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/03/20 20:05:35 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/03/20 20:05:35 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/03/20 20:05:35 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/03/20 20:05:35 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/03/20 20:05:35 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/03/20 20:05:35 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/03/20 20:05:35 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/03/20 20:05:33 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/20 20:05:33 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/03/20 20:05:32 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/03/20 20:05:32 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/03/20 20:05:32 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/20 20:05:32 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/03/20 20:05:32 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/20 20:05:32 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/03/20 20:05:32 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/20 20:05:32 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/03/20 20:05:32 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/03/20 20:05:32 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/03/20 20:05:32 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/03/20 20:05:32 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/03/20 20:05:32 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/03/20 20:05:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/03/20 20:05:32 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/03/20 20:04:54 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/03/20 20:04:54 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/03/20 20:04:53 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/03/20 20:04:53 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/03/20 20:04:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/03/20 20:04:53 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/03/20 00:36:27 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/03/20 00:36:27 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/03/20 00:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/03/20 00:36:26 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/03/20 00:36:26 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/03/20 00:36:25 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/03/20 00:35:59 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/03/20 00:34:57 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/03/20 00:34:57 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/03/20 00:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/03/20 00:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/16 19:05:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\Calibre Library
[2011/03/16 19:05:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\calibre
[2011/03/16 19:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011/03/16 19:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2009/09/06 09:35:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Alex\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/04/15 18:25:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/04/15 18:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/15 16:59:34 | 000,005,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/15 16:59:34 | 000,005,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/15 14:39:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/04/15 00:19:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/14 22:55:30 | 000,072,192 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 23:50:04 | 001,707,366 | ---- | M] () -- C:\Users\Alex\Desktop\VirtualDub-1.9.11.zip
[2011/04/13 22:32:38 | 000,271,006 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/13 22:32:37 | 000,271,006 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/13 20:51:56 | 000,120,473 | ---- | M] () -- C:\Users\Alex\Desktop\Steam.jpg
[2011/04/13 18:59:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/13 18:59:01 | 3219,591,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/13 18:52:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/13 18:42:03 | 004,320,558 | R--- | M] () -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/04/13 17:41:16 | 000,039,664 | ---- | M] () -- C:\Users\Alex\Desktop\cure.jpg
[2011/04/13 07:50:39 | 182,153,718 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/13 07:37:33 | 000,000,512 | ---- | M] () -- C:\Backup_MBR_0.bin
[2011/04/13 07:33:39 | 000,138,820 | ---- | M] () -- C:\Users\Alex\Desktop\mbrfix.zip
[2011/04/12 18:22:35 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat
[2011/04/12 18:16:34 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2011/04/12 18:16:09 | 001,263,721 | ---- | M] () -- C:\Users\Alex\Desktop\tdsskiller.zip
[2011/04/12 12:39:16 | 000,625,664 | ---- | M] () -- C:\Users\Alex\Desktop\dds.scr
[2011/04/09 14:28:02 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011/04/09 01:03:59 | 000,049,397 | ---- | M] () -- C:\Users\Alex\Desktop\Untitled.jpg
[2011/04/08 21:22:57 | 000,026,521 | ---- | M] () -- C:\Users\Alex\Desktop\other.html
[2011/04/08 21:22:51 | 000,102,607 | ---- | M] () -- C:\Users\Alex\Desktop\listen.html
[2011/04/07 23:23:47 | 000,636,754 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/07 23:23:47 | 000,117,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/07 07:51:48 | 001,719,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/05 21:38:19 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\3DMark06.lnk
[2011/04/05 21:37:30 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/04/05 21:37:30 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/04/03 23:01:56 | 000,493,089 | ---- | M] () -- C:\Users\Alex\Desktop\showrotation24.jpg
[2011/04/03 22:28:12 | 007,596,011 | ---- | M] () -- C:\Users\Alex\Desktop\powerless.mp3
[2011/04/03 17:13:59 | 000,139,312 | ---- | M] () -- C:\Users\Alex\Desktop\history_of_desire.pages
[2011/04/01 23:21:32 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2011/03/30 20:41:45 | 000,002,305 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/03/20 20:23:43 | 000,000,943 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/20 20:06:23 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/03/20 20:06:23 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/03/20 20:06:16 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/03/20 20:06:15 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/03/20 20:06:15 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/03/20 20:06:15 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/03/20 20:06:15 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/03/20 20:06:15 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/03/20 20:06:15 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/03/20 20:06:15 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/03/20 20:06:15 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/03/20 20:06:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/03/20 20:06:14 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/03/20 20:06:14 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/03/20 20:06:14 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/03/20 20:06:14 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/03/20 20:06:14 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/03/20 20:06:14 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/03/20 20:06:14 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/03/20 20:06:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/03/20 20:06:14 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/03/20 20:06:14 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/03/20 20:06:14 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/03/20 20:06:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/03/20 20:06:14 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/03/20 20:06:14 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/03/20 20:06:14 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/03/20 20:06:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/03/20 20:06:13 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/03/20 20:06:13 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/03/20 20:06:13 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/03/20 20:06:13 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/03/20 20:06:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/03/20 20:06:13 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/03/20 20:06:13 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/03/20 20:06:13 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/03/20 20:06:13 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/03/20 20:06:13 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/03/20 20:06:13 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/03/20 20:06:13 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/03/20 20:06:13 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/03/20 20:06:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/03/20 20:05:35 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/03/20 20:05:35 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/03/20 20:05:35 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/03/20 20:05:35 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/03/20 20:05:35 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/03/20 20:05:35 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/03/20 20:05:35 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/03/20 20:05:33 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/20 20:05:33 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/03/20 20:05:32 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/03/20 20:05:32 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/03/20 20:05:32 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/20 20:05:32 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/03/20 20:05:32 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/20 20:05:32 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/03/20 20:05:32 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/20 20:05:32 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/03/20 20:05:32 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/03/20 20:05:32 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/03/20 20:05:32 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/03/20 20:05:32 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/03/20 20:05:32 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/03/20 20:05:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/03/20 20:05:32 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/03/20 20:04:54 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/03/20 20:04:54 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/03/20 20:04:54 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
[2011/03/20 20:04:53 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/03/20 20:04:53 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/03/20 20:04:53 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/03/20 20:04:53 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/03/20 19:47:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/03/16 23:20:08 | 000,070,754 | ---- | M] () -- C:\Users\Alex\Desktop\Doctor_who_The_definite_edition-((Demonoid.me)).torrent

========== Files Created - No Company Name ==========

[2011/04/13 23:50:04 | 001,707,366 | ---- | C] () -- C:\Users\Alex\Desktop\VirtualDub-1.9.11.zip
[2011/04/13 20:51:56 | 000,120,473 | ---- | C] () -- C:\Users\Alex\Desktop\Steam.jpg
[2011/04/13 18:42:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/13 18:42:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/13 18:42:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/13 18:42:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/13 18:42:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/13 17:41:16 | 000,039,664 | ---- | C] () -- C:\Users\Alex\Desktop\cure.jpg
[2011/04/13 07:38:27 | 004,320,558 | R--- | C] () -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/04/13 07:37:33 | 000,000,512 | ---- | C] () -- C:\Backup_MBR_0.bin
[2011/04/13 07:33:39 | 000,138,820 | ---- | C] () -- C:\Users\Alex\Desktop\mbrfix.zip
[2011/04/12 18:22:35 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat
[2011/04/12 18:16:09 | 001,263,721 | ---- | C] () -- C:\Users\Alex\Desktop\tdsskiller.zip
[2011/04/12 12:39:16 | 000,625,664 | ---- | C] () -- C:\Users\Alex\Desktop\dds.scr
[2011/04/09 14:28:02 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011/04/09 01:03:59 | 000,049,397 | ---- | C] () -- C:\Users\Alex\Desktop\Untitled.jpg
[2011/04/08 21:22:57 | 000,026,521 | ---- | C] () -- C:\Users\Alex\Desktop\other.html
[2011/04/08 21:22:51 | 000,102,607 | ---- | C] () -- C:\Users\Alex\Desktop\listen.html
[2011/04/05 21:38:19 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\3DMark06.lnk
[2011/04/03 23:01:50 | 000,493,089 | ---- | C] () -- C:\Users\Alex\Desktop\showrotation24.jpg
[2011/04/03 22:27:39 | 007,596,011 | ---- | C] () -- C:\Users\Alex\Desktop\powerless.mp3
[2011/04/03 17:13:59 | 000,139,312 | ---- | C] () -- C:\Users\Alex\Desktop\history_of_desire.pages
[2011/04/01 23:21:32 | 000,000,895 | ---- | C] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2011/03/20 20:06:14 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/20 18:25:12 | 3219,591,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/16 23:20:08 | 000,070,754 | ---- | C] () -- C:\Users\Alex\Desktop\Doctor_who_The_definite_edition-((Demonoid.me)).torrent
[2011/02/28 21:02:57 | 000,000,396 | ---- | C] () -- C:\Windows\COOK'N5.INI
[2011/02/27 20:53:04 | 000,000,085 | ---- | C] () -- C:\Windows\Cook'n99.ini
[2011/02/05 02:36:10 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/05 02:36:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/05 02:35:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/07/09 21:36:14 | 000,234,536 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/05/27 18:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/05/09 21:38:26 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat
[2010/04/21 20:34:55 | 000,000,024 | ---- | C] () -- C:\Windows\SW_Win3112X32.DLL
[2010/04/21 20:34:48 | 001,720,320 | ---- | C] () -- C:\Windows\System32\beconvlib.dll
[2010/04/21 20:34:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\bprgcomm.dll
[2010/04/21 20:34:48 | 000,131,072 | ---- | C] () -- C:\Windows\System32\CSVSpecialProcessing.dll
[2010/04/21 20:34:48 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx151ic.ini
[2010/04/21 20:34:47 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SII_PDF.dll
[2010/04/21 20:34:47 | 000,102,400 | ---- | C] () -- C:\Windows\System32\SARzilla.dll
[2010/04/21 20:34:47 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll
[2010/04/21 20:34:47 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe
[2010/04/13 20:17:26 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/04/13 20:17:26 | 000,036,104 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2010/04/06 21:53:05 | 000,000,165 | ---- | C] () -- C:\Users\Alex\AppData\Local\RAExpertHistory.xml
[2010/03/02 20:49:01 | 000,230,306 | ---- | C] () -- C:\Windows\System32\uninstall Tardis_S.exe
[2010/02/18 08:21:01 | 000,000,564 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\AutoGK.ini
[2010/02/13 13:25:56 | 000,000,760 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\setup_ldm.iss
[2010/01/28 21:19:33 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/09/27 16:49:24 | 000,171,376 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/09/15 21:43:44 | 000,004,252 | ---- | C] () -- C:\Windows\warp1px.drv
[2009/09/14 10:41:18 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009/09/09 20:15:59 | 000,000,725 | ---- | C] () -- C:\Windows\EF2.INI
[2009/09/09 10:44:30 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/09/06 09:36:19 | 000,001,178 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\vso_ts_preview.xml
[2009/09/06 09:35:28 | 000,007,887 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.cat
[2009/09/06 09:35:27 | 000,001,144 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.inf
[2009/08/25 22:08:10 | 000,000,250 | ---- | C] () -- C:\Windows\PowerReg.dat
[2009/08/25 12:05:52 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/08/24 21:31:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/08/22 09:26:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/17 14:25:45 | 000,139,152 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\PnkBstrK.sys
[2009/08/17 14:25:45 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/17 14:25:25 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/08/17 14:19:49 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2009/08/16 18:07:39 | 000,072,192 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/16 15:54:08 | 000,271,006 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/16 15:54:07 | 000,271,006 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/16 08:06:02 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/08/16 00:08:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/15 22:54:18 | 000,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2009/01/25 15:10:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/08 17:01:22 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/01/20 20:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/10/11 19:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/05/09 21:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 06:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:46:27 | 001,719,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,636,754 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,117,882 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/07/05 10:33:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\acccore
[2010/04/10 11:36:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Barnes & Noble
[2011/02/09 08:45:13 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BC3FC61EBD2390BE003660698B68EBA6
[2010/08/14 12:18:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bioshock
[2010/09/19 14:15:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bioshock2
[2011/04/12 07:44:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BitTorrent
[2011/03/16 19:06:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\calibre
[2009/08/26 10:10:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2010/06/12 08:17:13 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com.peterelst.twitlivedesktop.9D94051F60D28C644C841A09CCF1BAF0E2819EED.1
[2010/12/19 23:30:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Doctor Who
[2011/04/08 21:30:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FileZilla
[2009/09/03 23:18:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Hoyle Casino
[2009/09/03 22:38:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Hoyle FaceCreator
[2009/09/06 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ImgBurn
[2010/08/25 20:13:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++
[2010/10/28 22:55:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PACE Anti-Piracy
[2010/01/28 20:35:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Pamela
[2009/09/03 11:30:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Petroglyph
[2011/02/05 09:33:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Publish Providers
[2009/11/13 23:24:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Quake3
[2009/09/28 07:56:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Runiter
[2010/08/14 23:27:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SecondLife
[2011/02/05 09:33:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sony
[2010/03/21 21:11:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Subversion
[2010/09/03 20:43:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TightVNC
[2011/03/14 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Trillian
[2010/09/04 11:13:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/01/01 22:32:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Vso
[2011/02/22 12:57:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\webex
[2010/05/31 09:32:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WebStripper
[2010/06/13 08:03:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WinPatrol
[2009/09/28 07:54:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WordWeb
[2011/04/13 18:57:43 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 16th, 2011, 2:06 am

Extras
OTL Extras logfile created on: 4/15/2011 6:28:56 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alex\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 55.39 Gb Free Space | 37.17% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 276.66 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 487.72 Gb Free Space | 52.36% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 265.64 Gb Free Space | 57.03% Space Free | Partition Type: NTFS
Drive I: | 1863.01 Gb Total Space | 861.58 Gb Free Space | 46.25% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0986E5C0-A30D-46A4-9677-D50709A29B3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E0A7B19-30FA-495B-AD64-A3EED3CC57B4}" = lport=139 | protocol=6 | dir=in | app=system |
"{1BD225BE-A2D0-49F1-BBBA-0874AD31C2C6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1E35400F-AF1A-4406-8E98-6AD394058DEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1FA97061-8905-4446-B997-837289C8A8B5}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{2E15A108-F834-4AA2-9E8A-B75134778304}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{40D593B8-54F8-412F-8612-D4EAA12A655C}" = rport=138 | protocol=17 | dir=out | app=system |
"{470B9C28-45E7-46DA-832F-AD3BABCD328B}" = lport=138 | protocol=17 | dir=in | app=system |
"{48F2186E-9C31-475E-92E4-BF7D529746A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4E28D1D6-F86D-41B4-80F9-867B72861396}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F7FB5D3-9B69-4E80-990D-A3CBFB454F45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{551F3B8B-D485-49C7-BD90-E47EEDF96E5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59066E38-AA3D-4C49-91A1-983ECB6EEC86}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{5EC066DA-B75D-48B2-A52C-F6328E81A1C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6205E06C-A326-4E14-AAE1-17C107C3F30B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64918511-BF4F-439B-89A9-858C72CD40D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{65D271B1-DCD2-47F6-8AA5-2F42E0775935}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66E6C4B6-287B-4008-A9A5-0722248524A5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A61C780-98C4-4EB3-871D-3A9D4B3DFA8E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7193B6F3-0620-4193-B65B-044626A2DF96}" = lport=445 | protocol=6 | dir=in | app=system |
"{771BDF34-DFC6-41FA-94EA-6325BBB9B8BE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7795918B-0A8A-4501-BF12-6EA2BF7A17EA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D9055BC-3C18-4A7B-A19C-C5788FAC528A}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{85475178-EF16-45FB-B932-A3EE6961C61A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FDA3744-6B78-47A0-9BE0-5D1734903BD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1CAE8B1-F32E-4D95-A7A7-071F91584201}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A98B3603-C06F-43D8-8CF7-51350A5F1AAE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B45F69D6-22C8-4129-B62A-4055A207FADC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7A9972E-844B-4627-89EA-695FF64513E2}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{BD1A99AF-9B97-40F5-8367-B11F61BB767F}" = rport=445 | protocol=6 | dir=out | app=system |
"{CDD14980-9C8F-48A8-A0E2-A1BA12DC6217}" = rport=139 | protocol=6 | dir=out | app=system |
"{D206AE6E-6C5A-4502-BA54-7D23409F3F2C}" = lport=3389 | protocol=6 | dir=in | app=system |
"{DC761D9E-673A-4AEA-A3DD-F0E5DA8C30FD}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD6E2206-1FB1-4127-A05D-FBF69044B75D}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{E5379864-4801-4146-ADA4-0B43D96CC918}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0008B3C1-3E23-48DB-AA73-11F3AF512B2E}" = protocol=17 | dir=in | app=e:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{001BB5FE-74D4-4EDD-91D8-F2D0EE1066D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{01185C1E-717E-4DD8-99D4-2CAFCC6514A4}" = protocol=6 | dir=in | app=e:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe |
"{01C957A5-5B9E-4414-BBE7-73B9375FDBAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{036C8BB0-902C-413F-9A48-F7D3D8DE7422}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{042FC1D4-7127-4424-B07B-9059B84B28AB}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{04D01A71-23D1-4975-9E2C-24249448D34A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{087139D5-758C-40AB-A017-3D4ADBCD12EE}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{08D1F244-76B2-4204-88B4-C8F326AC6BBC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0C54B0DC-E236-45B8-BCC2-D3BA4AAFE5A0}" = protocol=17 | dir=in | app=e:\program files\id software\enemy territory - quake wars\etqw.exe |
"{0D172052-E902-4448-B7CE-E47F1E6A9E81}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0F3EEB86-EFDA-49E2-8FA5-FCECAB6D2199}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{170384AC-6298-4002-9413-4B1A45618243}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{19DCF694-0754-4AB1-9A82-8AAADBA3D4F6}" = protocol=6 | dir=in | app=e:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"{1A1394FE-A0EB-4EA3-97F5-889F23AF13F3}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1E0F4C94-41D3-43A6-977A-A9F8B1EB04C8}" = protocol=17 | dir=in | app=e:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{1EA06F37-3441-472E-8F81-F749189F9CBE}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{1F5C3BA0-ACC2-46B1-BD29-583B5836C7BA}" = protocol=17 | dir=in | app=e:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe |
"{216F8D68-700C-4A7E-87DF-0581BB134784}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{252F3B47-E8CE-4B33-9330-3007FE7EA072}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F0FD184-7DCE-486A-836C-D2D21CC2C202}" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{30C795DC-C964-4E00-8C1F-A4D81F0466A3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{35EB123B-3076-45D6-B5B2-51756247DD01}" = protocol=6 | dir=in | app=e:\program files\ea games\battlefield 2\bf2.exe |
"{3697F300-564C-474F-91DF-2AFD1BD50AC4}" = protocol=6 | dir=in | app=e:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"{3C629CC8-12D8-4FBF-8085-0D438E464824}" = protocol=6 | dir=in | app=e:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{3F7E1CE9-410C-482A-98D7-74FE3ADBA0E9}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{401926B5-64EF-4B44-B836-9264D77F881B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4043C9FC-5A46-4C4D-B86A-AFE35B49AC5F}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{422CE033-7530-4B22-B825-74999F57416C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{472340B7-3DAC-4569-B151-73CB47AFDBA9}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{4772205E-0A82-4B5F-B352-14346AA0B3AD}" = protocol=6 | dir=in | app=e:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{477753A3-FAA6-4D83-BC7B-A26D7B8C5410}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47B1CA49-F6D9-40E5-9CFF-4F53081F7563}" = protocol=17 | dir=in | app=e:\program files\id software\enemy territory - quake wars\etqwded.exe |
"{49488513-4F49-440A-AB60-3DE19A03C908}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{501F1E06-4EC0-4656-B0D8-5B9394F8E1AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{50DD9DBF-7871-4AF8-8B07-490FA405323B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5461F70F-C3E0-4A7C-9A7E-B45214902A50}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{57408EF1-29C6-43BB-943B-F989BBA324EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C7DD78C-693D-40FF-B39B-203561A3A547}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6448C434-5DE5-42A3-B767-574BDDAB6F22}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{6ABDE204-5AA8-413C-9F31-4E7CDBA1A4B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73A7D338-E8EA-4159-9A02-900E5805A43F}" = protocol=6 | dir=out | app=c:\program files\airvideoserver\airvideoserver.exe |
"{7403E879-9EAD-4A70-BC26-2C224894A764}" = protocol=17 | dir=in | app=e:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{79828BF7-0E01-4CE3-A10D-CA5F679960A7}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{7D63FA37-29A8-428D-AFD4-02D2C85311D0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7E923C7E-CAF1-4F3E-8378-9B20A9DA1DF6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8025A057-0348-4CF7-8AB6-235327206EA8}" = protocol=6 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{84FE9BCF-FC81-4351-8C0A-37FB85CDF2EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{851E5C33-1175-4737-B736-75BDB6ED4E3F}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{86C7CF7B-1593-4138-B7FD-4B6F9747F5C5}" = protocol=17 | dir=in | app=e:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"{870AC926-46FA-4455-BA54-892E0F15F17D}" = protocol=17 | dir=in | app=e:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"{87BA5E7B-E362-4295-BE82-3EC6D2A541AC}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{89BB3BC0-EAD5-4F46-96D9-8E898DE1FD48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8AA74538-E04F-48EB-881C-1C3984B68573}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9248107E-C936-4699-8F9C-AF49237B1FBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94801A57-DEE3-416A-9BA1-183451908A02}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{9829DAA4-60DC-4D32-B857-F8710D45CFAF}" = protocol=17 | dir=in | app=c:\program files\tightvnc\vncviewer.exe |
"{99BDF910-E26B-4215-99E4-19476FCA5199}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4B3C692-44A3-48E1-9B70-5A4BCE15A51E}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{ADC0725F-528B-49F7-94BA-B3B376EC4CA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFB81F65-21AB-402D-A9E9-AFC4CE954161}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1A2BECE-79B0-4703-96F0-E101A265E43D}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\alexg2490\garrysmod\hl2.exe |
"{B1D2E713-CD4D-46B0-B58F-080FA90F4B8D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B312BF45-46BE-40CC-8E6A-7AAB0CE65493}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\alexg2490\half-life\hl.exe |
"{B33DF0B8-CF79-41C2-9B4C-D88927321ADE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B36BC063-806D-4741-9E8E-FBE0CB850069}" = protocol=6 | dir=in | app=e:\program files\id software\enemy territory - quake wars\etqwded.exe |
"{BC588D3D-19A1-45D8-93DD-62877988803A}" = protocol=6 | dir=in | app=e:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{C02DB95B-2E22-45F2-80F7-B7CA9B2A6B3F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C3617B3B-481E-43ED-A951-764A43FD6806}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\alexg2490\garrysmod\hl2.exe |
"{C64CABC9-135D-4999-975A-680FAA8E8B06}" = protocol=17 | dir=in | app=e:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{C666FEF1-5E1D-4A2B-ADA0-7914D04E8A03}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{C9C7BF72-D097-4EF1-9E3A-53C285C01FC4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA42114C-8A30-4701-9CC5-A387283EB331}" = protocol=6 | dir=in | app=e:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{CAA99263-D51F-4594-8F2E-6E4F03FE18A4}" = protocol=6 | dir=in | app=e:\program files\id software\enemy territory - quake wars\etqw.exe |
"{CAF1164C-A84D-48C3-9F30-E7FAF60650EB}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\alexg2490\half-life\hl.exe |
"{CD70206E-A8B4-4368-A448-8F8E0FF2DDE4}" = protocol=6 | dir=out | app=c:\program files\airvideoserver\airvideoserver.exe |
"{D222F10D-6062-4921-A915-95915B7364E8}" = protocol=6 | dir=out | app=system |
"{D389098E-0D83-47E2-ADE7-883304B65872}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{D51C2CC9-75EF-4A3D-9833-D05B6C00543C}" = protocol=17 | dir=in | app=e:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{D6A127CA-BD69-4F3F-9E2A-842394D936CB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D88BC05E-B084-4066-8920-6F992B29FD97}" = protocol=6 | dir=in | app=e:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{D8AE77DD-70A4-47CF-BDE2-D565E93C1AE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA3A86AA-5C25-420B-A99D-DDA1BD00A70A}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{DB2CA366-6290-4970-AC98-A98338E57B1A}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{DF15C66F-1FD8-4F91-832D-062846A07933}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{E415C4DE-5D2B-404A-A39F-777D83BBB03A}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{E90A8B8E-24A9-46B9-8EBF-138A764C82B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E91142C6-5E34-4819-B30E-8383AE034C48}" = protocol=6 | dir=in | app=e:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{EE50441F-4854-4C1F-AE09-ED583018353A}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{EF9CB30D-FE72-44FE-AA1F-58000A49C357}" = protocol=6 | dir=in | app=c:\program files\tightvnc\vncviewer.exe |
"{F1523249-AC56-4C3A-AEA8-B6D3F8A0E687}" = protocol=17 | dir=in | app=e:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{F2232718-42CD-4F9A-9D41-1561D97B9428}" = protocol=17 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{F55707EF-5ABD-43FA-9CA5-1149CB7A859B}" = protocol=17 | dir=in | app=e:\program files\ea games\battlefield 2\bf2.exe |
"{FB745020-E98F-47A7-8C75-575750FC233D}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{FCFEF71A-C963-4C46-91B8-5AB9EF7CF379}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{FEC4538C-BD17-4787-913C-9D81B17FDD05}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{01F1FB80-6B4C-40C9-BEC3-6476278AE49E}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{06370C90-1CFA-49CA-AD2F-912CBF586A9A}C:\games\btrl\demo\fs2_open_3_6_9.exe" = protocol=6 | dir=in | app=c:\games\btrl\demo\fs2_open_3_6_9.exe |
"TCP Query User{09ED9C80-2EFE-426E-A892-42095941712E}C:\warpath 21st century\warpath21stcentury.exe" = protocol=6 | dir=in | app=c:\warpath 21st century\warpath21stcentury.exe |
"TCP Query User{09EE8907-FD5E-4364-ACA0-D79114E74B9D}E:\program files\raven\star trek voyager elite force\stvoyhm.exe" = protocol=6 | dir=in | app=e:\program files\raven\star trek voyager elite force\stvoyhm.exe |
"TCP Query User{2DB75105-A39C-4FA1-BA74-EBDC6FD2C985}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{2E22689C-666E-47C7-9A34-9B12726304BF}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{37728FB9-2DD3-4BE1-A81D-F41E8EC3D912}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{4CC4F338-AE8E-4BB1-9952-B654D2524CEC}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{4E1BDE19-1940-4D1F-94E0-F07BCAC83E22}C:\program files\adobe\adobe contribute cs3\contribute.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe contribute cs3\contribute.exe |
"TCP Query User{590B4CDE-8391-4558-861D-0B946376FAA5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{6342A4FA-0575-4B8D-9CE0-421A8F37468A}E:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=e:\program files\electronic arts\eadm\core.exe |
"TCP Query User{63E119A5-9F9C-4BCA-98F5-F3A05BB4370F}E:\games\freespace2\fs2_open_3_6_10.exe" = protocol=6 | dir=in | app=e:\games\freespace2\fs2_open_3_6_10.exe |
"TCP Query User{8582388F-6383-4FB6-AAF0-9055DBAD590D}E:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=e:\program files\secondlife\slvoice.exe |
"TCP Query User{8703C1E7-19FE-4348-B4AF-1140D7A38F68}E:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=e:\program files\secondlife\slvoice.exe |
"TCP Query User{8F40EDDF-9CC5-4476-9288-992D94C375DE}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{90C4C82F-7C26-4E6B-9CE3-4F59BBAAF51B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{97DDAEBA-5341-421A-9707-6F2B2C46BD48}E:\program files\secondlife\secondlife.exe" = protocol=6 | dir=in | app=e:\program files\secondlife\secondlife.exe |
"TCP Query User{A0F7475B-F217-45E9-AD12-4A942F3ACD8D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B2DDD234-87A8-4A1B-800E-14F62C3E0614}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{B858DB10-6059-459C-80D4-39B1A5C2F606}E:\program files\ioquake3\ioquake3.x86.exe" = protocol=6 | dir=in | app=e:\program files\ioquake3\ioquake3.x86.exe |
"TCP Query User{BAFDCFFD-1E76-4792-AA9D-DCCAC1D18437}E:\program files\steam\steamapps\alexg2490\garrysmod\hl2.exe" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\alexg2490\garrysmod\hl2.exe |
"TCP Query User{CDF110DB-D42B-469E-901A-CA438C3B7A4D}C:\warpath 21st century\mix\mix.exe" = protocol=6 | dir=in | app=c:\warpath 21st century\mix\mix.exe |
"TCP Query User{CF481168-7AE7-4ACF-AA78-4A527DDC9E9C}E:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=e:\program files\starcraft\starcraft.exe |
"TCP Query User{E92D7B2B-AB67-4DAE-8255-767161109D2F}E:\program files\electronic arts\battlefield 2142\bf2142pace.exe" = protocol=6 | dir=in | app=e:\program files\electronic arts\battlefield 2142\bf2142pace.exe |
"TCP Query User{F8822BB9-D2CF-4720-B1AE-04A94A28FA0B}C:\program files\talkshoe\pjsua_win.exe" = protocol=6 | dir=in | app=c:\program files\talkshoe\pjsua_win.exe |
"TCP Query User{FB4F60C0-DA0A-4C44-88EF-543B0F1FF958}E:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=e:\program files\electronic arts\eadm\core.exe |
"UDP Query User{3D8238A1-3374-4688-99F3-7CFA89CADFAA}E:\games\freespace2\fs2_open_3_6_10.exe" = protocol=17 | dir=in | app=e:\games\freespace2\fs2_open_3_6_10.exe |
"UDP Query User{451DBD19-2BF1-443B-93B7-0F81C266AE05}E:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=e:\program files\electronic arts\eadm\core.exe |
"UDP Query User{4724A973-50B4-48CB-8B9A-BD2809C42357}E:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=e:\program files\secondlife\slvoice.exe |
"UDP Query User{498600A8-FEE3-4BFE-9EFE-AF046F4E661D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{564C729C-E7DD-49B3-851D-D258ED3B22B6}C:\warpath 21st century\warpath21stcentury.exe" = protocol=17 | dir=in | app=c:\warpath 21st century\warpath21stcentury.exe |
"UDP Query User{5F8A9C2C-BFF5-44B3-9130-F35D17614B6B}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{64073F06-8B94-4FC7-8323-CB2B9200EE5B}E:\program files\electronic arts\battlefield 2142\bf2142pace.exe" = protocol=17 | dir=in | app=e:\program files\electronic arts\battlefield 2142\bf2142pace.exe |
"UDP Query User{68A78BCD-3044-4F11-934D-3E2F6EAEA1BE}C:\program files\talkshoe\pjsua_win.exe" = protocol=17 | dir=in | app=c:\program files\talkshoe\pjsua_win.exe |
"UDP Query User{71DD6D83-30BD-4F89-B46B-CD03AD4D08CB}E:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=e:\program files\electronic arts\eadm\core.exe |
"UDP Query User{7737D17B-8DF9-4333-A0AB-8722147C9A49}E:\program files\secondlife\secondlife.exe" = protocol=17 | dir=in | app=e:\program files\secondlife\secondlife.exe |
"UDP Query User{8297DE40-A741-4834-B8A2-3991845AA95E}E:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=e:\program files\secondlife\slvoice.exe |
"UDP Query User{84515103-33C0-4562-9EDE-17ED4AEED24C}C:\program files\adobe\adobe contribute cs3\contribute.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe contribute cs3\contribute.exe |
"UDP Query User{92BCB4F1-E4C4-4B75-BF5F-0FB939FDD1CA}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{9E9BCD27-0AAA-4964-9232-42D00F57A858}E:\program files\raven\star trek voyager elite force\stvoyhm.exe" = protocol=17 | dir=in | app=e:\program files\raven\star trek voyager elite force\stvoyhm.exe |
"UDP Query User{A58DD528-3E77-482C-B68D-EEE7E7174F32}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{A60DE08E-E49E-4BC3-A198-74C5023401A5}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{B3544FAB-F73C-48D7-8C40-7F73E00A5888}C:\games\btrl\demo\fs2_open_3_6_9.exe" = protocol=17 | dir=in | app=c:\games\btrl\demo\fs2_open_3_6_9.exe |
"UDP Query User{CB31A1DA-6851-488A-9E2C-BA4BC05D34DC}E:\program files\ioquake3\ioquake3.x86.exe" = protocol=17 | dir=in | app=e:\program files\ioquake3\ioquake3.x86.exe |
"UDP Query User{CD323C67-BAAD-4EEF-8FE0-1CE2326E2E1F}E:\program files\steam\steamapps\alexg2490\garrysmod\hl2.exe" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\alexg2490\garrysmod\hl2.exe |
"UDP Query User{CF834112-656B-411B-B613-6EC6B19DFC01}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{D5133E4E-5B2D-4449-BDBA-4DAA7C0A67AC}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{D5D6D3DA-C47E-43BF-A9F5-25A3EEA3C6D6}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{DD147613-004F-4160-9A84-D0AA368C826B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DD8584FE-C8B4-403D-8B06-CBFE566400EC}C:\warpath 21st century\mix\mix.exe" = protocol=17 | dir=in | app=c:\warpath 21st century\mix\mix.exe |
"UDP Query User{EAB29115-6D33-48AE-AC8A-7232A8C746C8}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{FD9E9B09-B75D-4C8A-82A4-7D7AEB4605AA}E:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=e:\program files\starcraft\starcraft.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Christmas" template for ConvertXToDVD 3_is1" = "Christmas" template for ConvertXToDVD 3
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{012048E1-BFFF-682E-8FA2-8325B2B16784}" = TweetDeck
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C321D1F-2262-42C2-94C5-5E5765507C72}" = Star Wars Starfighter
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter Wolves of the Pacific
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{1446A30C-6DAF-461E-96B1-31C554870082}_is1" = Tag - IGF Professional 2008
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{287A4E96-AC57-4A19-9B51-C5EED2EAB382}" = Star Trek Legacy
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars Knights of the Old Republic
"{2AAD0AD0-99DB-4C13-9796-D4205949B447}" = Scrabble 2
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader
"{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}" = Hoyle Casino
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{491CE650-2867-4AF3-8B66-E2A8847AA4EB}" = Pradis 6: Understanding the Bible Library 6.0
"{49DB3527-121C-4E11-83FA-1016BECFA2DA}_is1" = "Film" template for ConvertXToDVD 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5DC6B387-DCD5-4B66-B866-434020FF2ECC}" = TortoiseSVN 1.6.7.18415 (32 bit)
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{66333C41-085E-4DA1-8273-E2BCA382D766}" = NET Installation Assistance for VB6 App (Runtime Only)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7546C4F7-5E12-4E46-BF59-323924C2456B}_is1" = "Champetre" template for ConvertXToDVD 3
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193f
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C0759C8-4C6C-4AD7-89B8-0842C4C44F23}" = Jeopardy! 2003
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}" = Prey
"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2 Complete Collection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - Quake Wars(TM)
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D9354DD0-C69A-469A-8A48-B9AA15A74174}" = Space Quest Collection(TM)
"{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
"{DA9E9010-058B-4159-8CC5-28298D90AE7B}" = calibre
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D9C08A-10B4-29A5-3EF4-C54F14BD4282}" = TWiT Live Desktop
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"ActiveTouchMeetingClient" = WebEx
"Activision_StarTrekArmadaUninstallKey" = Star Trek: Armada
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"AIM_7" = AIM 7
"Aimersoft Video Studio Express_is1" = Aimersoft Video Studio Express(Build 1.2.0.25)
"Air Video Server" = Air Video Server 2.4.1
"AJCompressCopy" = AJScreensaver
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"AudioShell_is1" = AudioShell 1.3.5
"AutoGK" = Auto Gordian Knot 2.55
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Beyond the Red Line 1.0" = Beyond the Red Line
"BIMPLite" = BIMP Lite 1.62
"BlockCAD3.19_is1" = BlockCAD 3.19
"BN_DesktopReader" = Barnes & Noble Desktop Reader
"CamStudio" = CamStudio
"Celestia_is1" = Celestia 1.6.0
"com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader
"com.peterelst.twitlivedesktop.9D94051F60D28C644C841A09CCF1BAF0E2819EED.1" = TWiT Live Desktop
"Comparator" = Comparator
"Cook'n & Grill'n" = Cook'n & Grill'n
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Descent and Descent 2_is1" = Descent and Descent 2
"Descent Manager Tools" = Descent Manager Tools
"Doctor Who - The Adventure Games" = Doctor Who - The Adventure Games 3.0
"Download Manager" = Download Manager 2.3.9
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FeedForAll v2.0" = FeedForAll v2.0
"FileZilla Client" = FileZilla Client 3.3.4.1
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 5.00
"Fraps" = Fraps (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"FreeSpace2" = FreeSpace 2
"GameSpy Arcade" = GameSpy Arcade
"GoldWave v5.22" = GoldWave v5.22
"GoldWave v5.52" = GoldWave v5.52
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Graphing Calculator 3D_is1" = Graphing Calculator 3D 3.1
"HandBrake" = HandBrake 0.9.3
"ImgBurn" = ImgBurn
"InstallShield_{491CE650-2867-4AF3-8B66-E2A8847AA4EB}" = Pradis 6: Understanding the Bible Library 6.0
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LucasArts' Jedi Knight" = LucasArts' Jedi Knight
"LucasArts' X-Wing Alliance" = LucasArts' X-Wing Alliance
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MechWarrior 3" = MechWarrior 3
"MechWarrior 3 Pirate's Moon" = MechWarrior 3 Pirate's Moon
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PageNest_is1" = PageNest
"Pamela" = Pamela Pro 4.7
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Scrivener for Windows Beta 1" = Scrivener for Windows Beta
"SecondLife" = SecondLife (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpaceBattle ScreenSaver" = SpaceBattle ScreenSaver 3.1
"SpeedFan" = SpeedFan (remove only)
"Star Trek Elite Force II" = Star Trek Elite Force II
"Starcraft" = Starcraft
"Steam App 12900" = Audiosurf
"Steam App 130" = Half-Life: Blue Shift
"Steam App 31280" = Poker Night at the Inventory
"Steam App 32390" = Star Wars Jedi Knight: Mysteries of the Sith
"Steam App 3830" = Psychonauts
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 50" = Opposing Force
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 70" = Half-Life
"Steam App 7940" = Call of Duty 4: Modern Warfare
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"TalkShoe Live! 2.0" = TalkShoe Live! 2.0
"Tardis Screensaver- Widescreen" = Tardis Screensaver- Widescreen
"TightVNC" = TightVNC 2.0.2
"Trillian" = Trillian
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"TWiT TV" = TWiT TV
"Uber Jedi Suite" = Über Jedi Mod Manager
"UltraLott Powerball and Mega Millions_is1" = UltraLott Powerball and Mega Millions 1.2.6
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Winamp" = Winamp
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-770543726-423754612-1244475062-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Knight" = Knight
"Winamp Detect" = Winamp Detector Plug-in
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2011 9:53:14 AM | Computer Name = Alex-PC | Source = Perflib | ID = 1010
Description =

Error - 4/13/2011 9:56:46 AM | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.2.4, time stamp 0x4bed9a1b,
faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception
code 0xc0000005, fault offset 0x00015703, process id 0xcb4, application start time
0x01cbf9e1ed953c40.

Error - 4/13/2011 10:07:28 AM | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000071b, fault offset 0x000888f5, process id 0x4dc, application
start time 0x01cbf9e1d1f163a7.

Error - 4/13/2011 7:44:46 PM | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/13/2011 7:45:20 PM | Computer Name = Alex-PC | Source = Perflib | ID = 1008
Description =

Error - 4/13/2011 7:49:10 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.2.4, time stamp 0x4bed9a1b,
faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception
code 0xc0000005, fault offset 0x00015703, process id 0xf78, application start time
0x01cbfa34af976469.

Error - 4/13/2011 9:00:30 PM | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/13/2011 9:05:07 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.2.4, time stamp 0x4bed9a1b,
faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception
code 0xc0000005, fault offset 0x00015703, process id 0xe20, application start time
0x01cbfa3f4b93fcd5.

Error - 4/14/2011 9:57:31 AM | Computer Name = Alex-PC | Source = Perflib | ID = 1010
Description =

Error - 4/15/2011 10:05:24 AM | Computer Name = Alex-PC | Source = Perflib | ID = 1010
Description =

[ Media Center Events ]
Error - 10/15/2009 2:27:09 AM | Computer Name = Alex-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 4/13/2011 7:44:47 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/13/2011 8:41:13 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/13/2011 8:44:11 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 4/13/2011 8:48:49 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 4/13/2011 8:52:41 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 4/13/2011 9:00:30 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/13/2011 10:42:12 PM | Computer Name = Alex-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.


< End of report >


MBAM
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6341

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

4/15/2011 6:37:33 PM
mbam-log-2011-04-15 (18-37-33).txt

Scan type: Quick scan
Objects scanned: 194192
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 16th, 2011, 5:50 pm

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

Java(TM) 6 Update 23


Now reboot your computer.

Now download and install JDK 6 Update 24 (JDK or JRE).

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-770543726-423754612-1244475062-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.3.3.2
[2011/03/22 20:18:23 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/03/22 20:18:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\engine@conduit.com
[2009/11/13 03:25:04 | 000,000,917 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\searchplugins\conduit.xml
[2009/09/27 19:17:36 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/12/26 22:42:54 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011/02/05 15:46:42 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-770543726-423754612-1244475062-1000\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)

:Files
C:\Users\Alex\AppData\Roaming\BitTorrent
C:\program files\bittorrent

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{2E22689C-666E-47C7-9A34-9B12726304BF}C:\program files\bittorrent\bittorrent.exe"=-
"UDP Query User{EAB29115-6D33-48AE-AC8A-7232A8C746C8}C:\program files\bittorrent\bittorrent.exe"=-
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableLUA"=dword:00000001

:Commands
[emptytemp]
[emptyflash]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

How is your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 16th, 2011, 5:50 pm

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

Java(TM) 6 Update 23


Now reboot your computer.

Now download and install JDK 6 Update 24 (JDK or JRE).

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-770543726-423754612-1244475062-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.3.3.2
[2011/03/22 20:18:23 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/03/22 20:18:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\engine@conduit.com
[2009/11/13 03:25:04 | 000,000,917 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\searchplugins\conduit.xml
[2009/09/27 19:17:36 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/12/26 22:42:54 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011/02/05 15:46:42 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-770543726-423754612-1244475062-1000\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)

:Files
C:\Users\Alex\AppData\Roaming\BitTorrent
C:\program files\bittorrent

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{2E22689C-666E-47C7-9A34-9B12726304BF}C:\program files\bittorrent\bittorrent.exe"=-
"UDP Query User{EAB29115-6D33-48AE-AC8A-7232A8C746C8}C:\program files\bittorrent\bittorrent.exe"=-
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableLUA"=dword:00000001

:Commands
[emptytemp]
[emptyflash]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

How is your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 17th, 2011, 10:21 am

OTL's Log:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
C:\Program Files\XfireXO\tbXfir.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-770543726-423754612-1244475062-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files\XfireXO\tbXfir.dll not found.
Prefs.js: "XfireXO Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.3.3.2 removed from extensions.enabledItems
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\lib folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\searchplugins\conduit.xml moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\content folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome folder moved successfully.
E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} folder moved successfully.
Folder E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files\XfireXO\tbXfir.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files\XfireXO\tbXfir.dll not found.
Registry value HKEY_USERS\S-1-5-21-770543726-423754612-1244475062-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}\ not found.
File C:\Program Files\XfireXO\tbXfir.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
C:\Users\Alex\AppData\Roaming\BitTorrent\dlimagecache folder moved successfully.
C:\Users\Alex\AppData\Roaming\BitTorrent\apps folder moved successfully.
C:\Users\Alex\AppData\Roaming\BitTorrent folder moved successfully.
File\Folder C:\program files\bittorrent not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2E22689C-666E-47C7-9A34-9B12726304BF}C:\program files\bittorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EAB29115-6D33-48AE-AC8A-7232A8C746C8}C:\program files\bittorrent\bittorrent.exe deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\"EnableLUA"|dword:00000001 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 78599 bytes
->Temporary Internet Files folder emptied: 267337969 bytes
->Java cache emptied: 8882 bytes
->FireFox cache emptied: 71196876 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 8098 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3851 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 323.00 mb


[EMPTYFLASH]

User: Alex
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 04172011_080335

Files\Folders moved on Reboot...
C:\Users\Alex\AppData\Local\Temp\VGXBAA9.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Everything seems fine on the machine but I have had less than an hour to use it within the past few days. As I mentioned earlier, I will be leaving town tomorrow evening and will not be back until Thursday evening, so I'll have to give you a more detailed report that evening or Friday morning. I know you close threads after 3 days of no replies so should I come in and just make a quick reply early next week to keep things open?

Thanks for all your help so far!
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 17th, 2011, 12:35 pm

Considering that this is the 2nd time we've worked on this machine, I'd prefer it if you used your machine a little before we declare it clean.

So I'll keep this topic open till Friday (no need for an early post), let me know on Thursday or Friday morning whether you're still without problems.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 17th, 2011, 6:05 pm

OK then! One thing I did notice this afternoon... I had windows displaying file extensions by default earlier this week. Now it is not doing so. Also, User Account Control was disabled but is now prompting me about installing files, etc. Would any of the fixes we did cause this, or is this unwanted/unexpected behavior that could indicate further problems?
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 18th, 2011, 2:41 am

OTL re-sets display of extensions to the default setting (no extensions) when it is run (I've no idea why :roll: ), and I scripted UAC to be switched on since it is a valuable addition to your computer's defences, and is often switched off by many infections.

If you need instructions on how to set both back to how you had them I'll be happy to supply them, though I would advise you to keep UAC enabled.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 18th, 2011, 10:05 am

I actually turned UAC off myself. In Vista all I see is a check box for "on" or "off". Is there any way, like in Windows 7, to lower the UAC nag level? I'm OK with it asking me to install programs, but it also makes me give permission to move files to/from an external hard drive, which gets a bit old considering the number of times I do that a day. :)

I'm leaving in a few hours, so this will be my last post until the end of the week. Thanks for all you have done so far!
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 18th, 2011, 1:50 pm

Sadly there's no way I know of to tone down UAC in Vista, it's either on or off, so if you really can't work with it in place then switching it off is the only real option.

With it switched off it just means you have to be a little more careful when you're browsing or installing things.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 22nd, 2011, 11:31 am

I have just now got home after driving all night (we stayed longer than I anticipated), so I'll let you know how the machine is doing tonight or tomorrow. Looks OK so far but we shall see.
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 22nd, 2011, 3:29 pm

No problem, talk to you tomorrow.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 23rd, 2011, 4:55 pm

Alright, I've used the machine a bit now, and everything seems to be OK. No popups, no redirects. Anything else you want me to do before we call it good?
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 23rd, 2011, 5:24 pm

OK time to do a little tidying up.

First

Let's clear out Combofix and the files/folders it created
  • Click Start > Run
  • Copy/Paste ComboFix /Uninstall into the Run box.
  • Click OK
  • Combofix will now delete its files and folders and also perform the following function.
    • Clears System Restore cache and creates a new Restore point. This will remove any "malicious" System Restore files, which may have been created whilst your computer was infected.
IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Next

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next

Delete the following.

aswMBR.exe
Any logs aswMBR made.
MBRFix
C:\MBRFix.exe
C:\Backup_MBR_0.bin


As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 334 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware