OTL.txt OTL logfile created on: 6/11/2009 12:15:55 AM - Run 1 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Chad\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18762) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 673.74 Gb Total Space | 215.59 Gb Free Space | 32.00% Space Free | Partition Type: NTFS Drive D: | 11.31 Gb Total Space | 1.52 Gb Free Space | 13.40% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 687.44 Gb Total Space | 406.05 Gb Free Space | 59.07% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive N: | 11.20 Gb Total Space | 1.50 Gb Free Space | 13.39% Space Free | Partition Type: NTFS Computer Name: CHADSMAINFRAME Current User Name: Chad Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Minimal File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe () PRC - c:\hp\HPEZBTN\HPBtnSrv.exe () PRC - C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) PRC - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) PRC - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe () PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe () PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\chatsupport.palm.com\bin\tgsrvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.) PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Users\Chad\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\sysWow64\SearchProtocolHost.exe (Microsoft Corporation) [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - (ACDaemon [Auto | Running]) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (Adobe Version Cue CS3 [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated) SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand | Stopped]) -- File not found SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (Autodesk Licensing Service [Auto | Running]) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (AvidSDMService [Auto | Stopped]) -- File not found SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Diskeeper [Auto | Running]) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (DTSRVC [Auto | Running]) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe () SRV - (ehRecvr [On_Demand | Running]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [On_Demand | Running]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (FLEXnet Licensing Service 64 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (HP Health Check Service [Auto | Running]) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) SRV - (HPBtnSrv [Auto | Running]) -- c:\hp\HPEZBTN\HPBtnSrv.exe () SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (HPSLPSVC [Auto | Running]) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (IAANTMON [Auto | Running]) -- C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.) SRV - (LightScribeService [Auto | Running]) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (mi-raysat_3dsMax2009_64 [Auto | Running]) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe () SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ [Auto | Running]) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS [Auto | Running]) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper100 [Disabled | Stopped]) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (msvsmon90 [Disabled | Stopped]) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (MySQLNoguskaNolaPro [Auto | Running]) -- C:\Program Files (x86)\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe () SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (nmservice [Auto | Running]) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.) SRV - (nTuneService [Auto | Running]) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (PerfHost [On_Demand | Stopped]) -- C:\Windows\SysWow64\perfhost.exe (Microsoft Corporation) SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) SRV - (QBFCService [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.) SRV - (SeaPort [Auto | Running]) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS [Disabled | Stopped]) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SupportSoft RemoteAssist [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.) SRV - (tgsrvc_chatsupport.palm.com [Auto | Running]) -- C:\Program Files (x86)\chatsupport.palm.com\bin\tgsrvc.exe (SupportSoft, Inc.) SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- File not found SRV - (XAudioService [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\xaudio64.exe () [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - (adfs [Auto | Running]) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (Afc [On_Demand | Stopped]) -- C:\Windows\SysWOW64\drivers\Afc.sys (Arcsoft, Inc.) DRV - (ASPI [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ASPI32.sys (Adaptec) DRV - (Aspi32 [System | Stopped]) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\aswFsBlk.sys () DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\aswMonFlt.sys () DRV - (aswRdr [System | Running]) -- C:\Windows\sysnative\drivers\aswRdr.sys () DRV - (aswSP [System | Running]) -- C:\Windows\sysnative\drivers\aswSP.sys () DRV - (aswTdi [System | Running]) -- C:\Windows\sysnative\drivers\aswTdi.sys () DRV - (BthEnum [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\BthEnum.sys () DRV - (BthPan [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\bthpan.sys () DRV - (BTHPORT [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\BTHport.sys () DRV - (BTHUSB [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\BTHUSB.sys () DRV - (btwaudio [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\btwaudio.sys () DRV - (btwavdt [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\btwavdt.sys () DRV - (btwrchid [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\btwrchid.sys () DRV - (CAXHWBS2 [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\CAXHWBS2.sys () DRV - (E100B [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\efe5b32e.sys () DRV - (extramond [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\extramond.sys () DRV - (fssfltr [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\fssfltr.sys () DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\GEARAspiWDM.sys () DRV - (HCW85BDA [On_Demand | Running]) -- C:\Windows\sysnative\drivers\HCW85BDA.sys () DRV - (HSF_DP [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\CAX_DP.sys () DRV - (iaStor [Boot | Running]) -- C:\Windows\sysnative\drivers\iastor.sys () DRV - (LxrSII1d [Auto | Stopped]) -- C:\Windows\system32\Drivers\LxrSII1d.sys () DRV - (maxidemo [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\maxidemo.sys () DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\mcdbus.sys (MagicISO, Inc.) DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\mdmxsdk.sys () DRV - (netr28x [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\netr28x.sys () DRV - (nv [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\nv4_mini.sys () DRV - (NVR0Dev [On_Demand | Running]) -- C:\Windows\nvoclk64.sys (NVidia Corp.) DRV - (PdiPorts [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\PdiPorts.sys () DRV - (pnarp [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\pnarp.sys () DRV - (Point64 [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\point64k.sys () DRV - (purendis [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\purendis.sys () DRV - (PxHlpa64 [Boot | Running]) -- C:\Windows\sysnative\Drivers\PxHlpa64.sys () DRV - (RFCOMM [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\rfcomm.sys () DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys () DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SCDEmu [System | Running]) -- C:\Windows\sysnative\drivers\scdemu.sys () DRV - (sptd [Boot | Running]) -- C:\Windows\sysnative\Drivers\sptd.sys () DRV - (StillCam [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\serscan.sys () DRV - (TotRec7 [On_Demand | Running]) -- C:\Windows\sysnative\drivers\TotRec7.sys () DRV - (USBAAPL64 [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\usbaapl64.sys () DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\usbaudio.sys () DRV - (usbvideo [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\usbvideo.sys () DRV - (vmm [System | Running]) -- C:\Windows\sysnative\Drivers\vmm.sys () DRV - (VPCNetS2 [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\VMNetSrv.sys () DRV - (VRVD302 [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\VRVD302.sys () DRV - (winachsf [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\CAX_CNXT.sys () DRV - (WSDPrintDevice [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\WSDPrint.sys () DRV - (XAudio [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\xaudio64.sys () DRV - (xnacc [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\xnacc.sys () DRV - (xusb21 [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\xusb21.sys () DRV - (zonescreen [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\zsport.sys () [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt IE - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\S-1-5-21-2125359530-1166900147-2970906946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\S-1-5-21-2125359530-1166900147-2970906946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "http://bixbytalk.com/" FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:1.5.41.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2009/05/20 01:45:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2009/05/23 12:08:54 | 00,000,000 | ---D | M] [2009/02/24 03:56:04 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\mozilla\Extensions [2008/12/14 21:54:58 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/12/22 01:31:24 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\mozilla\Extensions\[email protected] [2009/02/24 03:56:04 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\mozilla\Extensions\[email protected] [2008/10/13 12:37:17 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\mozilla\Extensions\[email protected] [2008/12/21 15:50:38 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\mozilla\Extensions\[email protected] [2009/06/10 14:40:39 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\mozilla\Firefox\Profiles\2mshmshq.default\extensions [2009/02/28 12:24:43 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\mozilla\Firefox\Profiles\2mshmshq.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2009/03/30 12:25:44 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\mozilla\Firefox\Profiles\2mshmshq.default\extensions\[email protected] [2009/04/16 16:25:51 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009/05/20 01:45:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/16 19:50:33 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/05/20 01:45:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll [2009/05/20 01:45:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll [2009/03/09 11:57:36 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml [2009/03/09 11:57:36 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml [2008/06/19 18:53:24 | 00,000,912 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\conduit.xml [2009/03/09 11:57:36 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml [2009/03/09 11:57:36 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml [2009/03/09 11:57:36 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2009/03/09 11:57:36 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml [2009/03/09 11:57:36 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (794 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - Reg Error: Key error. File not found O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found O3 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found O3 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key error. File not found O3 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found O4 - HKLM..\Run: [] File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found O4 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000..\Run: [Aim6] File not found O4 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated) O8 - Extra context menu item: Download all by Net Transport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddList.html File not found O8 - Extra context menu item: Download by Net Transport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddLink.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Five9 Toolbar - {41C2F42D-73F5-425e-AE57-37295D565C30} - C:\Program Files (x86)\Five9\Five9 Toolbars\TRVerticalBar_.dll () O9 - Extra 'Tools' menuitem : Five9 Toolbar - {41C2F42D-73F5-425e-AE57-37295D565C30} - Reg Error: Value error. File not found O9 - Extra Button: Five9 Infobar - {77798FEF-E125-501B-E8C0-FA5E520A3FF8} - C:\Windows\SysWow64\shdocvw.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Five9 Infobar - {77798FEF-E125-501B-E8C0-FA5E520A3FF8} - Reg Error: Value error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Expression\Web 2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\..Trusted Domains: blackboard.com ([msbcollege] http in Trusted sites) O15 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\..Trusted Domains: skillport.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-2125359530-1166900147-2970906946-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.com/books/_Players/AccountingPlayer.cab (Pearson Accounting Player) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (Reg Error: Key error.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.6.cab (DLM Control) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class) O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2) O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class) O16 - DPF: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_18-windows-i586.cab (Java Plug-in 1.3.1_18) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: Web-Based Email Tools http://email02.secureserver.net/Download.CAB (Reg Error: Key error.) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/03/09 02:19:39 | 00,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4fb114a0-7862-11dd-9215-002215250daa}\Shell - "" = AutoRun O33 - MountPoints2\{4fb114a0-7862-11dd-9215-002215250daa}\Shell\AutoRun\command - "" = J:\Setup.exe -- File not found O33 - MountPoints2\{f7217d35-41e6-11de-894c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f7217d35-41e6-11de-894c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup.EXE -- File not found O33 - MountPoints2\K\Shell\dxsetup\command - "" = K:\directx\dxsetup.exe -- File not found O33 - MountPoints2\K\Shell\Register\command - "" = K:\extras\runshell.exe -- File not found O33 - MountPoints2\K\Shell\setup\command - "" = K:\setup.exe -- File not found O33 - MountPoints2\K\Shell\Web\command - "" = K:\extras\runshell.exe -- File not found O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found O33 - MountPoints2\L\Shell\directx\command - "" = L:\DirectX9\dxsetup.exe -- File not found O33 - MountPoints2\L\Shell\setup\command - "" = L:\setup.exe -- File not found O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\dvdcheck.exe -- File not found O33 - MountPoints2\M\Shell\directx\command - "" = DirectX9\dxsetup.exe O33 - MountPoints2\M\Shell\setup\command - "" = M:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (/p) - File not found O34 - HKLM BootExecute: (\??\M:) - File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009/06/11 00:15:22 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [1 C:\Users\Chad\Desktop\*.tmp files] [2009/06/11 00:15:22 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe [2009/06/10 21:43:06 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/06/10 21:41:22 | 00,000,765 | ---- | C] () -- C:\Users\Chad\Desktop\NTREGOPT.lnk [2009/06/10 21:41:22 | 00,000,746 | ---- | C] () -- C:\Users\Chad\Desktop\ERUNT.lnk [2009/06/10 21:41:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2009/06/10 21:40:13 | 00,267,612 | ---- | C] () -- C:\Users\Chad\Desktop\Rooter.exe [2009/06/10 21:37:15 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Chad\Desktop\erunt_setup.exe [2009/06/10 21:36:47 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Chad\Desktop\SysRestorePoint.exe [2009/06/10 21:26:09 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\Users\Chad\Desktop\TFC.exe [2009/06/10 14:44:21 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml [2009/06/10 14:44:21 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml [2009/06/08 02:00:11 | 23,457,46576 | ---- | C] () -- C:\Users\Chad\Desktop\introgood_1.avi [2009/06/08 01:52:31 | 12,377,037 | ---- | C] () -- C:\Users\Chad\Desktop\usobaconference.flv [2009/06/08 01:37:33 | 71,902,2934 | ---- | C] () -- C:\Users\Chad\Desktop\CdCollection_1.avi [2009/06/08 01:36:53 | 71,894,4038 | ---- | C] () -- C:\Users\Chad\Desktop\CdCollection.avi [2009/06/08 01:20:39 | 27,997,6974 | ---- | C] () -- C:\Users\Chad\Desktop\webinar.avi [2009/06/08 01:07:54 | 00,037,360 | ---- | C] () -- C:\Users\Chad\Desktop\webinar2.jpg [2009/06/07 23:59:27 | 20,527,616 | ---- | C] () -- C:\Users\Chad\Desktop\conferenceroom.avi [2009/06/07 23:32:07 | 15,572,9238 | ---- | C] () -- C:\Users\Chad\Desktop\AudioPLayer.avi [2009/06/07 23:26:15 | 00,648,182 | ---- | C] () -- C:\Users\Chad\Desktop\micro.eps [2009/06/07 22:52:49 | 34,220,6604 | ---- | C] () -- C:\Users\Chad\Desktop\Excel Script.avi [2009/06/07 21:07:37 | 00,347,806 | ---- | C] () -- C:\Users\Chad\Desktop\usobaconferencepromocds.aep [2009/06/07 20:54:49 | 15,554,3508 | ---- | C] () -- C:\Users\Chad\Desktop\mstarslogoblack.avi [2009/06/06 20:13:35 | 77,790,2542 | ---- | C] () -- C:\Users\Chad\Desktop\introgood.avi [2009/06/06 19:47:48 | 33,128,204 | ---- | C] () -- C:\Users\Chad\Desktop\BSR-2009.06.06-19.48.05.avi [2009/06/06 19:38:51 | 22,143,648 | ---- | C] () -- C:\Users\Chad\Desktop\BSR-2009.06.06-19.39.20.avi [2009/06/06 19:27:51 | 31,500,6614 | ---- | C] () -- C:\Users\Chad\Desktop\getreadytextwipe.avi [2009/06/06 14:17:27 | 00,021,639 | ---- | C] () -- C:\Users\Chad\Desktop\pete.docx [2009/06/04 22:37:06 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\planet [2009/06/04 22:34:43 | 56,003,0300 | ---- | C] () -- C:\Users\Chad\Desktop\intro.avi [2009/06/04 22:29:30 | 95,777,236 | ---- | C] () -- C:\Users\Chad\Desktop\including.avi [2009/06/04 22:23:36 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\energywipe [2009/06/04 22:00:33 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\ancienttitle [2009/06/04 19:33:07 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\ZIPS [2009/06/04 19:32:45 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\Video [2009/06/04 19:32:01 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\Images [2009/06/04 18:14:34 | 00,048,301 | ---- | C] () -- C:\Users\Chad\Desktop\mstarsblacklg.jpg [2009/05/28 18:13:34 | 00,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Expression Media 2 [2009/05/27 23:38:06 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\MSTARS_LEADS [2009/05/27 23:37:53 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\Software [2009/05/27 20:58:25 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\glass [2009/05/27 18:22:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2009/05/27 12:19:43 | 00,000,000 | ---D | C] -- C:\Users\Chad\Documents\ImTOO Software Studio [2009/05/27 12:19:42 | 00,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\ImTOO Software Studio [2009/05/27 12:19:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ImTOO [2009/05/27 11:58:45 | 00,000,000 | ---D | C] -- C:\Users\Chad\Documents\Camtasia Studio [2009/05/27 11:58:28 | 00,107,864 | ---- | C] (TechSmith Corporation) -- C:\Windows\System32\tsccvid.dll [2009/05/27 11:58:27 | 00,000,000 | ---D | C] -- C:\Windows\System32\QuickTime [2009/05/27 11:58:12 | 00,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2009/05/27 11:57:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared [2009/05/27 11:57:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith [2009/05/26 16:17:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio [2009/05/26 16:17:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Riva [2009/05/26 16:06:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D [2009/05/26 09:49:14 | 00,585,728 | ---- | C] () -- C:\Windows\System32\bsratswf.dll [2009/05/26 09:49:14 | 00,147,456 | ---- | C] () -- C:\Windows\System32\bsratwmv.dll [2009/05/25 18:08:37 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\2.aep Logs [2009/05/25 15:07:41 | 00,000,000 | ---D | C] -- C:\Windows\System32\EWS [2009/05/25 15:07:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Easy CD & DVD Cover Creator [2009/05/25 14:27:07 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\stuff [2009/05/24 14:58:40 | 01,080,320 | ---- | C] () -- C:\Users\Chad\Desktop\Sun May 24 14;58;40 2009.mp3 [2009/05/24 14:57:06 | 00,000,000 | ---D | C] -- C:\Users\Chad\Documents\Ask and Record Toolbar [2009/05/24 14:57:02 | 00,000,000 | ---D | C] -- C:\Windows\Ask & Record Toolbar [2009/05/24 14:57:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ask & Record Toolbar [2009/05/23 08:51:31 | 12,313,35941 | ---- | C] () -- C:\Windows\MEMORY.DMP [2009/05/22 00:45:22 | 64,144,590 | ---- | C] () -- C:\Users\Chad\Desktop\Bentley_BMW_5-Series_Service_Manual.pdf [2009/05/17 01:38:25 | 00,000,000 | --SD | C] -- C:\Users\Chad\Documents\My Web Sites [2009/05/17 01:33:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon [2009/05/17 01:32:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression [2009/05/16 23:26:54 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\Emulators [2009/05/16 02:38:52 | 00,000,000 | ---D | C] -- C:\Users\Chad\Desktop\WMV [2009/04/14 07:53:31 | 00,073,728 | ---- | C] () -- C:\Windows\System32\np_plugin.dll [2009/04/12 06:11:31 | 00,000,172 | ---- | C] () -- C:\Windows\ODBC.INI [2009/04/10 06:43:46 | 00,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2009/04/10 06:43:46 | 00,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2009/04/10 06:43:46 | 00,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2009/04/10 06:43:46 | 00,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2009/04/10 06:43:46 | 00,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2009/04/10 06:43:46 | 00,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2009/02/28 12:18:24 | 00,221,184 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009/02/28 10:59:27 | 00,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll [2009/02/03 16:02:29 | 00,072,672 | ---- | C] () -- C:\Windows\System32\drivers\LxrSII1d.sys [2009/01/26 15:17:44 | 00,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI [2009/01/17 09:45:24 | 00,000,094 | ---- | C] () -- C:\Windows\family.ini [2009/01/09 19:58:25 | 00,000,052 | ---- | C] () -- C:\Windows\Stp57DF_TMP.INI [2009/01/09 19:47:33 | 00,000,052 | ---- | C] () -- C:\Windows\Stp89B8_TMP.INI [2008/11/12 15:54:00 | 01,486,848 | ---- | C] () -- C:\Windows\System32\nview.dll [2008/11/12 15:54:00 | 01,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll [2008/10/23 05:02:25 | 00,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys [2008/10/17 08:23:33 | 01,728,606 | ---- | C] () -- C:\Windows\System32\libmmdd.dll [2008/10/11 21:16:01 | 00,151,552 | ---- | C] () -- C:\Windows\System32\securenet.dll [2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008/09/21 04:04:36 | 00,036,972 | ---- | C] () -- C:\Windows\System32\ActPanel.dll [2008/09/04 15:53:50 | 00,274,507 | ---- | C] () -- C:\Windows\System32\FXMathLib.dll [2008/09/01 15:39:33 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2008/05/16 22:12:21 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2008/05/16 22:12:21 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2008/02/08 17:03:43 | 00,516,096 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll [2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL [2008/01/14 16:47:06 | 00,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll [2007/11/28 21:15:32 | 00,122,880 | ---- | C] () -- C:\Windows\System32\PtSSE2.dll [2007/11/28 21:15:28 | 00,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2007/03/12 13:01:30 | 00,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2007/01/10 07:44:26 | 01,457,024 | R--- | C] () -- C:\Windows\System32\SSCProt.dll [2006/11/02 07:34:27 | 00,000,433 | ---- | C] () -- C:\Windows\win.ini [2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2002/03/16 19:00:00 | 00,007,420 | ---- | C] () -- C:\Windows\UA000106.DLL [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\Users\Chad\Desktop\*.tmp files] [2009/06/11 00:15:23 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe [2009/06/11 00:15:17 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5E025F1B-32AB-407E-9717-9A41D0036772}.job [2009/06/11 00:14:59 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A804AF62-4419-4D11-A3B4-45D9B840DC6E}.job [2009/06/11 00:02:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/06/11 00:02:33 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/06/10 23:50:41 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2009/06/10 21:41:22 | 00,000,765 | ---- | M] () -- C:\Users\Chad\Desktop\NTREGOPT.lnk [2009/06/10 21:41:22 | 00,000,746 | ---- | M] () -- C:\Users\Chad\Desktop\ERUNT.lnk [2009/06/10 21:40:14 | 00,267,612 | ---- | M] () -- C:\Users\Chad\Desktop\Rooter.exe [2009/06/10 21:37:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Chad\Desktop\erunt_setup.exe [2009/06/10 21:36:48 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Chad\Desktop\SysRestorePoint.exe [2009/06/10 21:26:12 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\TFC.exe [2009/06/10 14:48:58 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml [2009/06/10 14:48:58 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml [2009/06/09 07:06:02 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2125359530-1166900147-2970906946-1000.job [2009/06/08 20:00:00 | 00,000,556 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Chad.job [2009/06/08 02:06:17 | 23,457,46576 | ---- | M] () -- C:\Users\Chad\Desktop\introgood_1.avi [2009/06/08 02:03:45 | 00,347,806 | ---- | M] () -- C:\Users\Chad\Desktop\usobaconferencepromocds.aep [2009/06/08 01:54:53 | 12,377,037 | ---- | M] () -- C:\Users\Chad\Desktop\usobaconference.flv [2009/06/08 01:52:33 | 71,902,2934 | ---- | M] () -- C:\Users\Chad\Desktop\CdCollection_1.avi [2009/06/08 01:52:33 | 34,220,6604 | ---- | M] () -- C:\Users\Chad\Desktop\Excel Script.avi [2009/06/08 01:52:33 | 27,997,6974 | ---- | M] () -- C:\Users\Chad\Desktop\webinar.avi [2009/06/08 01:52:33 | 15,572,9238 | ---- | M] () -- C:\Users\Chad\Desktop\AudioPLayer.avi [2009/06/08 01:37:14 | 71,894,4038 | ---- | M] () -- C:\Users\Chad\Desktop\CdCollection.avi [2009/06/08 01:07:54 | 00,037,360 | ---- | M] () -- C:\Users\Chad\Desktop\webinar2.jpg [2009/06/07 23:59:57 | 20,527,616 | ---- | M] () -- C:\Users\Chad\Desktop\conferenceroom.avi [2009/06/07 23:26:18 | 00,648,182 | ---- | M] () -- C:\Users\Chad\Desktop\micro.eps [2009/06/07 20:57:06 | 15,554,3508 | ---- | M] () -- C:\Users\Chad\Desktop\mstarslogoblack.avi [2009/06/06 20:29:12 | 77,790,2542 | ---- | M] () -- C:\Users\Chad\Desktop\introgood.avi [2009/06/06 19:50:16 | 33,128,204 | ---- | M] () -- C:\Users\Chad\Desktop\BSR-2009.06.06-19.48.05.avi [2009/06/06 19:40:39 | 22,143,648 | ---- | M] () -- C:\Users\Chad\Desktop\BSR-2009.06.06-19.39.20.avi [2009/06/06 19:29:56 | 31,500,6614 | ---- | M] () -- C:\Users\Chad\Desktop\getreadytextwipe.avi [2009/06/06 19:00:34 | 00,021,639 | ---- | M] () -- C:\Users\Chad\Desktop\pete.docx [2009/06/04 22:39:50 | 56,003,0300 | ---- | M] () -- C:\Users\Chad\Desktop\intro.avi [2009/06/04 22:35:11 | 01,080,320 | ---- | M] () -- C:\Users\Chad\Desktop\Sun May 24 14;58;40 2009.mp3 [2009/06/04 22:30:34 | 95,777,236 | ---- | M] () -- C:\Users\Chad\Desktop\including.avi [2009/06/04 18:14:35 | 00,048,301 | ---- | M] () -- C:\Users\Chad\Desktop\mstarsblacklg.jpg [2009/05/26 17:06:53 | 12,313,35941 | ---- | M] () -- C:\Windows\MEMORY.DMP [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/05/26 09:49:14 | 00,585,728 | ---- | M] () -- C:\Windows\System32\bsratswf.dll [2009/05/26 09:49:14 | 00,147,456 | ---- | M] () -- C:\Windows\System32\bsratwmv.dll [2009/05/22 00:45:26 | 64,144,590 | ---- | M] () -- C:\Users\Chad\Desktop\Bentley_BMW_5-Series_Service_Manual.pdf [color=orange]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\Chad\Desktop\introgood_1.avi:TOC.WMV < End of report >
EXTRAS
OTL Extras logfile created on: 6/11/2009 12:15:55 AM - Run 1 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Chad\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18762) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 673.74 Gb Total Space | 215.59 Gb Free Space | 32.00% Space Free | Partition Type: NTFS Drive D: | 11.31 Gb Total Space | 1.52 Gb Free Space | 13.40% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 687.44 Gb Total Space | 406.05 Gb Free Space | 59.07% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive N: | 11.20 Gb Total Space | 1.50 Gb Free Space | 13.39% Space Free | Partition Type: NTFS Computer Name: CHADSMAINFRAME Current User Name: Chad Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Minimal File Age = 30 Days Company Name Whitelist: On [color=orange]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\SysWOW64\ieframe.DLL (Microsoft Corporation) .js [@ = jsfile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation) .reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-2125359530-1166900147-2970906946-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=orange]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile "EnableFirewall" = 1 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 1 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 "DoNotAllowExceptions" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile "EnableFirewall" = 1 "DisableNotifications" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List [color=orange]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.) C:\Program Files (x86)\Conference\Conference.dll:*:Enabled:Audio/Video Conference (©2002-2007 Audio/Video Conference Software) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List] [color=orange]========== Vista Active Open Ports Exception List ==========[/color] {034E314C-09BB-4AD2-B807-B79A050B5804} = LPORT=2177 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE | {051D1E66-E8E3-4AE5-B474-D9E40E30CD8B} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV | {0E16BD69-414D-4CDC-9BBA-9AF172FBE991} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=SVCHOST.EXE | SVC=SSDPSRV | {1154E1D8-2D4D-446E-912C-547A8FD433E9} = LPORT=RPC-EPMAP | PROTOCOL=6 | DIR=IN | NAME=FILE AND PRINTER SHARING (SPOOLER SERVICE - RPC-EPMAP) | SVC=RPCSS | {22B48F98-3D45-4CC3-835A-D095C5EAF666} = LPORT=10243 | PROTOCOL=6 | DIR=IN | APP=SYSTEM | {2AC7F6F6-8460-4710-9452-5064AA22EA63} = LPORT=139 | PROTOCOL=6 | DIR=IN | APP=SYSTEM | {2FFD4A39-49CE-4A0A-94A3-80308305DAD8} = LPORT=138 | PROTOCOL=17 | DIR=IN | APP=SYSTEM | {32F5000F-1128-4E68-B92A-5180D3111BFA} = LPORT=50900 | PROTOCOL=6 | DIR=IN | NAME=ADOBE VERSION CUE CS3 SERVER | {3552F089-0E07-427D-B216-616D83A97CCA} = RPORT=2177 | PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE | {3CFAE392-A6BF-495D-B377-F872DC10060E} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV | {3E91E140-4C69-4B3B-A072-7C51206E2768} = LPORT=RPC | PROTOCOL=6 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER | {434745E8-D727-4327-986B-7B1612A637E0} = LPORT=6004 | PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE | {43DCFC41-3AC0-48ED-9449-734719343B68} = LPORT=137 | PROTOCOL=17 | DIR=IN | APP=SYSTEM | {59FBCEF5-DD33-411B-BA5A-336669D1C3A4} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM | {71E6F83C-1346-4623-9AD5-730E0F894542} = LPORT=50901 | PROTOCOL=6 | DIR=IN | NAME=ADOBE VERSION CUE CS3 SERVER | {735097FD-38ED-41B1-9CA3-D4A34B4C7D7F} = LPORT=445 | PROTOCOL=6 | DIR=IN | APP=SYSTEM | {73E1B948-E546-4063-8FE7-3A43273C8A3A} = LPORT=5353 | PROTOCOL=6 | DIR=IN | NAME=ADOBE CSI CS4 | {7BAF5703-E069-4F8E-BB27-863FBAD5FF00} = LPORT=2177 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE | {7F4CB046-9614-43DA-A659-12546071BFEB} = RPORT=139 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM | {AA836DEB-63EB-4FA8-8189-6A3FD12D829F} = LPORT=80 | PROTOCOL=6 | DIR=IN | NAME=SPICEWORKS | {CBF6368B-CDA7-4F0C-984E-33DFCB02B578} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM | {D5106853-A500-41E4-8356-7D67584518CC} = RPORT=137 | PROTOCOL=17 | DIR=OUT | APP=SYSTEM | {D8B2F49F-AFB0-485B-92C4-A29134CA4AE0} = RPORT=10243 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM | {DEF8B146-9C3C-4B5F-86F2-510A3A98912F} = RPORT=138 | PROTOCOL=17 | DIR=OUT | APP=SYSTEM | {E6CA2643-8ACD-478A-A493-7032F4BAFDA1} = RPORT=2177 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE | {F185565A-D7E1-464D-B571-A8D1011C36E9} = LPORT=3704 | PROTOCOL=6 | DIR=IN | NAME=ADOBE VERSION CUE CS3 SERVER | {FBEBAA9C-3683-4D6F-9FF0-46D58D635583} = LPORT=3703 | PROTOCOL=6 | DIR=IN | NAME=ADOBE VERSION CUE CS3 SERVER | {FF4E6A18-0114-417E-9022-B6AFA1624DDD} = RPORT=445 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM | [color=orange]========== Vista Active Application Exception List ==========[/color] {0978CC0C-4698-424F-8657-98EAF1D5FEB7} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {0A2BD149-DAF5-4B66-BFF6-85A1CB79F72E} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE | {0AD98B7E-E869-480D-86B0-E9A888FD9779} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT GAMES\AGE OF EMPIRES III\AGE3X.EXE | {0BEE7991-17FD-4345-9FA4-0F7B804BF6A5} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE | {10B1DC2B-1E41-48E9-870F-848FBB36B99D} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\DNA\BTDNA.EXE | {10CFC5D1-C8F2-4C14-AD52-DCF710CACB63} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {119FE585-B92C-4D49-BADE-63A8948AE9F8} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT GAMES\AGE OF EMPIRES III\AGE3X.EXE | {14641918-E765-4998-8EBD-A4D708025C8E} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {16C9E3E3-412A-4F9F-A088-069905C1F76F} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE | {18D6AA9A-8DE1-410D-91D4-9F1857A06304} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {1A6087AB-8362-4D49-BB31-11D53853C9BC} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\CS4SERVICEMANAGER\CS4SERVICEMANAGER.EXE | {1A6F84A3-6365-40CF-A3E4-4BFF98F8C946} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {1F5F2B27-3246-4A1C-BAED-C569692CFDB4} = PROTOCOL=17 | DIR=IN | APP=C:\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\AGE2_X1.EXE | {2550EA10-E863-44B4-91A0-AC03E5F23A61} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE | {27F53473-2580-4D4E-A77F-926DF54641F4} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {286C8B41-AC85-471A-BEC1-80E00F82BE97} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\AUTODESK\3DS MAX 2009\3DSMAX.EXE | {29B9F9B5-ED68-4DF8-A676-6F740E56F113} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE VERSION CUE CS3\SERVER\BIN\VERSIONCUECS3.EXE | {29EDA92F-15DE-4EC7-BB78-BAA042CF73E5} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {2A26EA98-5517-499D-86AA-9C146E958B3D} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BITTORRENT\BITTORRENT.EXE | {2C15877E-A9A8-4B57-AB64-5124CF223516} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {302D14A6-3DBD-4B6D-8BB1-8B1E81BCC2BF} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\PROXY SWITCHER STANDARD\PROXYSWITCHER.EXE | {37293CCC-AA68-4ECC-98E1-F6A7AA00C7C8} = DIR=IN | APP=C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE | {3821197E-A215-409B-AB79-458975315223} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\AUTODESK\3DS MAX 2009\3DSMAX.EXE | {3A9253C5-A0F2-4B68-813C-DA71593E7C0B} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {3C168E93-C561-4E28-96C1-E657F8098E67} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORBTRAY.EXE | {3D6FA54F-6405-42BF-98F5-56F0864F6A2C} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\FIRAXIS GAMES\SID MEIER'S CIVILIZATION 4\CIVILIZATION4.EXE | {3F0BAFDD-1CB7-434C-8C74-C73791296CC5} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\FIRAXIS GAMES\SID MEIER'S CIVILIZATION 4\WARLORDS\CIV4WARLORDS_PITBOSS.EXE | {40F9A896-75EB-4CA5-A03C-41B2E317A4B3} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {44EC48A1-8332-43AD-80AC-2F8AC77D6B42} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORBTRAY.EXE | {45F6F62F-927D-43C8-8E69-2DCAE7F8A02A} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE | {461EFF5C-875F-4311-8A5D-F69F9ECA2E3C} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORBSTREAMERCLIENT.EXE | {485F9887-3E14-4E9D-A069-CC87B2B82855} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE | {4A2BBD94-09AC-45DD-91AE-7957F0207A71} = PROTOCOL=58 | DIR=OUT | NAME=FILE AND PRINTER SHARING (ECHO REQUEST - ICMPV6-OUT) | {4E6A5CB1-B834-4CEE-94B1-0FF8267AFDE8} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\FIRAXIS GAMES\SID MEIER'S CIVILIZATION 4\WARLORDS\CIV4WARLORDS.EXE | {507D4637-8896-4A42-B735-1FE7964958E4} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORBIR.EXE | {52DC4388-8707-48B2-A4BC-350B5196EC78} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {52F3D3A9-20DF-4BF2-9CA7-C10C62585C2A} = DIR=IN | APP=C:\USERS\CHAD\APPDATA\LOCAL\TEMP\HOST.EXE | {542B9E86-197F-4F8B-817B-89BCE1EF5525} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AUTODESK\BACKBURNER\MANAGER.EXE | {56F8741C-B0BA-4DF4-8BBE-1F25F67A90CA} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORBIR.EXE | {6288AD17-BA9A-4A0A-ABD8-7957B8BD850C} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE | {64BF5379-E4BB-4B8B-9B9C-899357770F48} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {6DB59FAF-4AC7-4A35-B6A7-8DF165A0F684} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AUTODESK\BACKBURNER\MONITOR.EXE | {71A06A9D-516F-494E-8BEB-2E508A9E382B} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {73C38850-DEC6-4756-B770-C5A1C256191F} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST | {763BE7EA-8403-4595-8132-28B0B095AF76} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AUTODESK\BACKBURNER\SERVER.EXE | {76972B97-975B-4EFA-928E-24D9DF68BE07} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\CS4SERVICEMANAGER\CS4SERVICEMANAGER.EXE | {76E91DF6-2BE6-48F8-8EC5-4D5A2AF2C436} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BITTORRENT\BITTORRENT.EXE | {794B3D52-1BC8-42BC-81A4-E8188D388421} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {7D65ED68-66C5-4614-82B2-A91A100A6E16} = PROTOCOL=6 | DIR=OUT | APP=SYSTEM | {7E79C0C0-7361-4927-ADFB-4961410DAE28} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE | {7F2AD6F4-203B-4778-8AB2-0B04BB0FD79E} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\XMLTV.EXE | {80024681-B1E1-4464-B6F7-84BB5434F54C} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\AUTODESK\3DS MAX 2009\3DSMAX.EXE | {815F889B-F815-4CFA-84DC-29C708005F4F} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {820B1D1D-8A77-45E4-9B73-58DF41CABDF0} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AUTODESK\BACKBURNER\MANAGER.EXE | {83198F70-7BF5-40F6-ADFD-D3C40CF0C4B2} = PROTOCOL=58 | DIR=IN | NAME=FILE AND PRINTER SHARING (ECHO REQUEST - ICMPV6-IN) | {86E39D5C-8A72-4046-84BB-90590E12C8CB} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\DNA\BTDNA.EXE | {88737983-17DC-4CF3-AFBF-FC7633BE7021} = DIR=IN | APP=C:\PROGRAM FILES (X86)\WINDOWS LIVE\SYNC\WINDOWSLIVESYNC.EXE | {88F12585-CB6E-413D-A5CE-62A56B2194EA} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AUTODESK\BACKBURNER\SERVER.EXE | {8CDDD499-0F48-4FA4-861E-6805A64AFE92} = PROTOCOL=1 | DIR=IN | NAME=FILE AND PRINTER SHARING (ECHO REQUEST - ICMPV4-IN) | {8E1E276E-12D2-4B37-932F-275E77ECB0DD} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\XMLTV.EXE | {91384762-EAD4-4B8A-83B9-ABD5AB9528EB} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORBSTREAMERCLIENT.EXE | {95AC1931-3466-4FDD-BCE4-3596C3212B85} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\AUTODESK\3DS MAX 2009\3DSMAX.EXE | {9821F034-A0D0-490C-AED7-906D682C4B7B} = PROTOCOL=6 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE | {9B217EEE-FD45-41B1-B8AC-E23BA3953DBE} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\DNA\BTDNA.EXE | {9B426C7D-357A-4D9A-8585-02E88F42FE33} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE | {9B9152BC-CB76-479A-8269-FCCF332E099C} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {9BA04839-2569-41EC-8760-05251929463D} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE | {9CF3A6B6-31CE-400A-AC62-34DE3485849E} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE | {9EADD60B-1826-427C-A768-578D274BBD67} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BEANYWHERE PERSONAL EDITION\SERVER\BA2SERV.EXE | {9EAEAAD9-518A-452E-884B-7B752CBB2993} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AUTODESK\BACKBURNER\MONITOR.EXE | {9FC65AAB-5559-4005-BEFE-FC9DFB8D4ABF} = DIR=IN | APP=C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\WLCSDK.EXE | {A5A18E17-DCC1-4B0C-9FE5-3B1B90F4B58B} = PROTOCOL=6 | DIR=IN | APP=C:\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\AGE2_X1.EXE | {A6BC00CD-D328-444B-A10C-5F125EED5708} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE | {AD32A5B5-112B-441F-9694-FBACEFD05C9E} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\DNA\BTDNA.EXE | {AF3A2B99-1019-4F75-BDC6-8640CA0A0C50} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {B2449F32-0A2D-4FA5-813B-0BBE718C97D4} = PROTOCOL=1 | DIR=OUT | NAME=FILE AND PRINTER SHARING (ECHO REQUEST - ICMPV4-OUT) | {B58ACB9A-5DB8-4070-9A99-9A35A50CE13A} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE | {B7122694-A29A-4C10-A0BE-1402D6B9FCBF} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {B7E0A755-94FE-4923-BD9F-5BEAF566412D} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {B8BCA145-D69C-43A0-96EE-F25412925195} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE | {BC26F518-F37D-4550-B09D-F0A455FFA0FB} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE VERSION CUE CS3\SERVER\BIN\VERSIONCUECS3.EXE | {BC4ACCAB-29E3-4E29-9C15-DCB1DC424730} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {BC9BE5DF-347C-487C-A610-4897AC350FFC} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {BF7EFA08-4756-43E6-94D4-91B2771BA429} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\PROXY SWITCHER STANDARD\PROXYSWITCHER.EXE | {C860B324-EF3E-4C42-BEEC-AF59B02ED8E7} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {CC91AE7F-411C-4C76-AB0D-292FF98890A5} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORB.EXE | {CD96C341-6D04-4945-B8E6-42939AF764C1} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {CE4B56B6-A38D-4AEB-BD76-CE1148379911} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {D39349FC-95E4-40B6-AC2D-DEAEDDD0FF81} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORB.EXE | {D6C0524F-7539-486D-84D1-BA97E55958E1} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\FIRAXIS GAMES\SID MEIER'S CIVILIZATION 4\CIVILIZATION4.EXE | {D9A3A636-E11C-44A8-A789-EC3FC5B30C01} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\FIRAXIS GAMES\SID MEIER'S CIVILIZATION 4\WARLORDS\CIV4WARLORDS.EXE | {DBAE3AB7-3261-47D1-AF58-4BE6B07E8EC8} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE | {E3A1F718-CB3E-4E22-964C-C5321A212CA5} = DIR=IN | APP=C:\PROGRAM FILES (X86)\CYBERLINK\POWERDIRECTOR\PDR.EXE | {E3D00F0D-C149-4591-878C-F96E976FCE7A} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | {EBC8DC41-12C2-45B7-8124-312F10BE723F} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\FIRAXIS GAMES\SID MEIER'S CIVILIZATION 4\WARLORDS\CIV4WARLORDS_PITBOSS.EXE | {EECCE1DA-A852-4C00-ADBA-1ADA6A773201} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {F11E545D-3B6F-4381-827A-6DD1551C5C34} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {F24CEDEE-08CE-4285-9081-44E90835AD71} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {FC23CFF3-370D-412A-A338-BD9670EDE4AF} = DIR=IN | APP=C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE | {FFB2B093-4235-4006-95EE-FFD4D2866FBA} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BEANYWHERE PERSONAL EDITION\SERVER\BA2SERV.EXE | TCP Query User{00037CD3-D02F-4D65-B79F-2C3E4215C26A}C:\program files (x86)\mirc\mirc.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MIRC\MIRC.EXE | TCP Query User{030FDF10-4DE8-49A3-8F24-66C7138EB950}C:\program files (x86)\dna\btdna.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\DNA\BTDNA.EXE | TCP Query User{0AA57DA1-7864-4EF6-8AA5-A89C9BA27799}C:\program files (x86)\limewire\limewire.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE | TCP Query User{0F8DAA04-7AD3-4E42-91A1-F0298DD30E11}C:\program files (x86)\proxyway\proxyway.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\PROXYWAY\PROXYWAY.EXE | TCP Query User{10ADBF61-AA47-4FB1-AEDF-018FBAC44C4A}C:\program files (x86)\java\jre6\bin\javaw.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE | TCP Query User{1113A2A0-07A5-421F-B88D-E276594C142A}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ASPYR\GUITAR HERO III\GH3.EXE | TCP Query User{11DDBFDC-EA6B-407B-9C61-A327E4E8DC92}C:\users\chad\appdata\local\google\chrome\application\chrome.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\CHAD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE | TCP Query User{140434BC-B738-4D8D-A368-CC27C105F22A}C:\program files (x86)\orb networks\orb\bin\orb.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORB.EXE | TCP Query User{14BCCD77-F507-43D2-A239-44008F73E31A}C:\program files (x86)\call graph\callgraph.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\CALL GRAPH\CALLGRAPH.EXE | TCP Query User{16980D0D-57AC-475C-8275-3B496461A7AF}C:\users\chad\desktop\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\CHAD\DESKTOP\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\AGE2_X1.EXE | TCP Query User{1F9640D0-B57D-4EAB-8B3E-81338A10AB04}C:\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe = PROTOCOL=6 | DIR=IN | APP=C:\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\AGE2_X1.EXE | TCP Query User{1FE45C84-864A-4810-B96F-9F0265EC8629}C:\program files (x86)\next limit\realflow4\realflow.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\NEXT LIMIT\REALFLOW4\REALFLOW.EXE | TCP Query User{204709BE-9CB2-41B6-9620-0C31936A59AB}C:\users\chad\program files (x86)\dna\btdna.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\CHAD\PROGRAM FILES (X86)\DNA\BTDNA.EXE | TCP Query User{20583B25-E954-4B4F-8116-6B80B498235E}C:\program files\e-on software\vue 7 xstream\application\vue 7 xstream.eon = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\E-ON SOFTWARE\VUE 7 XSTREAM\APPLICATION\VUE 7 XSTREAM.EON | TCP Query User{21DD3573-1679-4EF0-9449-83AC667A3B32}C:\program files (x86)\badblue\pe\badblue.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BADBLUE\PE\BADBLUE.EXE | TCP Query User{23BBD236-56F9-4C8F-A3AD-3A8C6B835C38}C:\windows\syswow64\dplaysvr.exe = PROTOCOL=6 | DIR=IN | APP=C:\WINDOWS\SYSWOW64\DPLAYSVR.EXE | TCP Query User{2894E7CD-95FB-4545-A6FF-5DF5A7F3FEEF}C:\program files (x86)\java\jre6\bin\javaw.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE | TCP Query User{2A058C4E-1419-4530-A9E9-6E18238FF610}C:\program files (x86)\bittorrent\bittorrent.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BITTORRENT\BITTORRENT.EXE | TCP Query User{2BF91EDB-3DC9-4059-8DE5-58B526EB424F}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\CS4SERVICEMANAGER\CS4SERVICEMANAGER.EXE | TCP Query User{30C3F9E2-C5DF-4B35-A7B1-CF6AC999543F}C:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT GAMES\MICROSOFT FLIGHT SIMULATOR X\FSX.EXE | TCP Query User{4245A4EF-70D2-4D95-B962-EF01AF6CBB5C}C:\program files (x86)\palm\hotsync.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\PALM\HOTSYNC.EXE | TCP Query User{433AF2C9-DD41-4BD7-981E-408A7906A625}C:\program files\e-on software\vue 7 infinite rendercow\vue 7 rendercow.eon = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\E-ON SOFTWARE\VUE 7 INFINITE RENDERCOW\VUE 7 RENDERCOW.EON | TCP Query User{451A8EEF-4585-40BC-A078-624D11C21E3B}C:\program files (x86)\aim6\aim6.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE | TCP Query User{458E633F-7429-4C3B-AC14-C744E2D6FDB5}C:\program files\zoneos\zonescreen 1.0.9.0\zsserver.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ZONEOS\ZONESCREEN 1.0.9.0\ZSSERVER.EXE | TCP Query User{484D366B-57CE-44E9-A33B-7816BAEC4BFF}C:\users\chad\desktop\fre_wnet_amd64_en\binfre_wnet_amd64_en\zsserver.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\CHAD\DESKTOP\FRE_WNET_AMD64_EN\BINFRE_WNET_AMD64_EN\ZSSERVER.EXE | TCP Query User{4E12F3D1-81AF-4384-BD3E-8921842FADE9}C:\program files (x86)\call graph\callgraph.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\CALL GRAPH\CALLGRAPH.EXE | TCP Query User{4E18F5CB-209B-42E3-B035-185AC5362E9D}C:\program files (x86)\orb networks\orb\bin\orbtray.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORBTRAY.EXE | TCP Query User{56572F45-D28E-4230-9099-554A7CE59138}C:\program files\e-on software\vue 7 infinite rendercow\vue 7 rendercow.eon = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\E-ON SOFTWARE\VUE 7 INFINITE RENDERCOW\VUE 7 RENDERCOW.EON | TCP Query User{57990C55-24BA-499D-9AB2-1A55090BDCDF}C:\windows\syswow64\dplaysvr.exe = PROTOCOL=6 | DIR=IN | APP=C:\WINDOWS\SYSWOW64\DPLAYSVR.EXE | TCP Query User{59BABC14-C359-49B3-BCC5-BFBC20AA8C83}C:\program files (x86)\noguska\nolapro\apache\bin\apache.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\NOGUSKA\NOLAPRO\APACHE\BIN\APACHE.EXE | TCP Query User{5C7A6CB0-4C7F-414D-91CE-AD3F89F49AD2}C:\program files\e-on software\vue 7 xstream\application\vue 7 xstream.eon = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\E-ON SOFTWARE\VUE 7 XSTREAM\APPLICATION\VUE 7 XSTREAM.EON | TCP Query User{67E54EA5-2362-465C-A045-A452EE7A7DD9}C:\program files (x86)\next limit\realflow4\realflow.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\NEXT LIMIT\REALFLOW4\REALFLOW.EXE | TCP Query User{6F07FC42-DA46-43E7-8E6C-9DAB1D311B6E}C:\program files (x86)\proxyway\proxyway.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\PROXYWAY\PROXYWAY.EXE | TCP Query User{7A56298F-8BDC-4D8C-8F28-0788A86254AC}C:\program files (x86)\maxivista demo server\maxivistademo_64.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MAXIVISTA DEMO SERVER\MAXIVISTADEMO_64.EXE | TCP Query User{7B587DE4-853B-4CDB-A069-3AC1B50E926F}C:\program files (x86)\mirc\mirc.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MIRC\MIRC.EXE | TCP Query User{7C5455BC-64C3-4AE0-BC8A-8405927C4B27}C:\users\chad\program files (x86)\dna\btdna.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\CHAD\PROGRAM FILES (X86)\DNA\BTDNA.EXE | TCP Query User{892055BC-0D88-4A7B-8050-B15C92BFA6B0}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ADOBE\ADOBE DREAMWEAVER CS3\DREAMWEAVER.EXE | TCP Query User{8FBFD914-2C0F-40DA-A848-ADC94D994F9A}C:\program files (x86)\flightgear\bin\win32\fgfs.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\FLIGHTGEAR\BIN\WIN32\FGFS.EXE | TCP Query User{A7E3F8BE-0284-492D-A5B7-2F6CA83A4481}C:\users\chad\desktop\fre_wlh_amd64_en\binfre_wlh_amd64_en\zsserver.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\CHAD\DESKTOP\FRE_WLH_AMD64_EN\BINFRE_WLH_AMD64_EN\ZSSERVER.EXE | TCP Query User{A9F7E525-12DB-417A-947D-31DFE22D2D1C}C:\program files\smartftp client\smartftp.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SMARTFTP CLIENT\SMARTFTP.EXE | TCP Query User{BA639C07-BC79-451B-A221-E3DE55F83C50}C:\program files (x86)\palm\hotsync.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\PALM\HOTSYNC.EXE | TCP Query User{BAD8973B-52BB-47B3-AF97-C99CAA0134A3}C:\program files (x86)\secondlife\slvoice.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\SECONDLIFE\SLVOICE.EXE | TCP Query User{BB8558E7-38C0-47ED-8DC9-9ABAD933F2BF}C:\program files\appdev\freetraining\alen.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\APPDEV\FREETRAINING\ALEN.EXE | TCP Query User{BD777442-AAA9-4DA9-8202-1BB6EFA58BEB}C:\program files (x86)\internet explorer\iexplore.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE | TCP Query User{C85600E8-F9AE-4DF7-9EFB-B18AEC9C1B1B}C:\program files (x86)\maxivista demo viewer\maxivistademoviewer_64.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MAXIVISTA DEMO VIEWER\MAXIVISTADEMOVIEWER_64.EXE | TCP Query User{DC6CD155-735C-4027-9D4E-6A7C8DE199B8}C:\users\chad\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\CHAD\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\AGE2_X1.EXE | TCP Query User{E06BF743-B411-4521-810F-B5748C60640A}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ASPYR\GUITAR HERO III\GH3.EXE | TCP Query User{E3EF4C59-FD3F-4A44-8DB9-7D27617E60B7}C:\program files (x86)\bittorrent\bittorrent.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BITTORRENT\BITTORRENT.EXE | TCP Query User{EE1AF565-26A4-403A-9F9F-C799E9BAD6E8}C:\program files (x86)\java\jre6\bin\java.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVA.EXE | TCP Query User{F4B1EBE4-3420-476B-9886-ACA38CE739A3}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\JAVA\JRE1.6.0_07\BIN\JAVAW.EXE | TCP Query User{F6BBBB9B-B8C7-4CAE-B202-8A60CDAA944D}C:\program files (x86)\mozilla firefox\firefox.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE | TCP Query User{FAF55C2F-AD87-4A0A-8C98-378070DF810F}C:\users\chad\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\CHAD\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\EMPIRES2.EXE | TCP Query User{FFB4880E-A472-4022-9E9C-A869E9223A66}C:\users\chad\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\CHAD\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\AGE2_X1.EXE | UDP Query User{02736C78-E247-46D3-98FC-CD4A1BE630BD}C:\program files (x86)\mozilla firefox\firefox.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE | UDP Query User{03BFFDF3-4E87-41F7-A234-6D550A18172A}C:\program files (x86)\bittorrent\bittorrent.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BITTORRENT\BITTORRENT.EXE | UDP Query User{0C193250-C3C8-46D9-AA3B-F77B65A37FC0}C:\program files (x86)\next limit\realflow4\realflow.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\NEXT LIMIT\REALFLOW4\REALFLOW.EXE | UDP Query User{148EF630-2626-4872-BDB3-D716C9740582}C:\program files (x86)\palm\hotsync.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\PALM\HOTSYNC.EXE | UDP Query User{1C7D2EA3-B7E4-48CB-AB32-0047F6B99976}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ASPYR\GUITAR HERO III\GH3.EXE | UDP Query User{1EE283CD-7BBF-4F51-99A4-B9BFC174A922}C:\users\chad\program files (x86)\dna\btdna.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\CHAD\PROGRAM FILES (X86)\DNA\BTDNA.EXE | UDP Query User{2414279B-B7B7-4CBD-AF41-957F897E7855}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ASPYR\GUITAR HERO III\GH3.EXE | UDP Query User{2B146FF7-5E72-4599-AD23-099287B1920E}C:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT GAMES\MICROSOFT FLIGHT SIMULATOR X\FSX.EXE | UDP Query User{336C1086-E1E1-476B-B380-1F1D99F2A75E}C:\program files\zoneos\zonescreen 1.0.9.0\zsserver.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ZONEOS\ZONESCREEN 1.0.9.0\ZSSERVER.EXE | UDP Query User{368ED950-A53D-4A2B-9C80-9D5F710790B7}C:\users\chad\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\CHAD\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\AGE2_X1.EXE | UDP Query User{3FCCAF06-3BE6-4E1A-8F45-97EC85B02AC7}C:\windows\syswow64\dplaysvr.exe = PROTOCOL=17 | DIR=IN | APP=C:\WINDOWS\SYSWOW64\DPLAYSVR.EXE | UDP Query User{44F1F92D-5F7C-4103-9851-1C24BABEE0A0}C:\program files (x86)\flightgear\bin\win32\fgfs.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\FLIGHTGEAR\BIN\WIN32\FGFS.EXE | UDP Query User{4A843608-3FC4-4CCA-B58D-D9151B8CAE36}C:\program files (x86)\limewire\limewire.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE | UDP Query User{4C8981C5-FE67-4FC8-8495-59EBC7092601}C:\program files\e-on software\vue 7 infinite rendercow\vue 7 rendercow.eon = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\E-ON SOFTWARE\VUE 7 INFINITE RENDERCOW\VUE 7 RENDERCOW.EON | UDP Query User{4FE037A4-9FD6-4A44-A612-F8D8E49C7AA4}C:\program files (x86)\mirc\mirc.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MIRC\MIRC.EXE | UDP Query User{52825816-F5F6-4645-86F3-34D6F3E78620}C:\users\chad\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\CHAD\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\AGE2_X1.EXE | UDP Query User{548CA1B6-E376-442A-BB12-D2B73EDEDDE4}C:\program files\e-on software\vue 7 infinite rendercow\vue 7 rendercow.eon = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\E-ON SOFTWARE\VUE 7 INFINITE RENDERCOW\VUE 7 RENDERCOW.EON | UDP Query User{58393C7D-F875-4F4E-B03C-07607BEF6F0C}C:\program files (x86)\call graph\callgraph.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\CALL GRAPH\CALLGRAPH.EXE | UDP Query User{5F09A244-DB4A-4271-9797-5006D924DC46}C:\users\chad\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\CHAD\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\EMPIRES2.EXE | UDP Query User{625AB0F7-C218-467E-8715-CA7D0D0D4CFB}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\JAVA\JRE1.6.0_07\BIN\JAVAW.EXE | UDP Query User{66BC8B32-3BA5-4D43-A5DB-434A959CEA5C}C:\program files (x86)\noguska\nolapro\apache\bin\apache.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\NOGUSKA\NOLAPRO\APACHE\BIN\APACHE.EXE | UDP Query User{735E8B5B-F530-4F05-8B07-91B931BAD1AA}C:\program files (x86)\java\jre6\bin\javaw.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE | UDP Query User{74A6BA8E-0334-429D-BB81-78F605B6FC4F}C:\program files (x86)\maxivista demo viewer\maxivistademoviewer_64.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MAXIVISTA DEMO VIEWER\MAXIVISTADEMOVIEWER_64.EXE | UDP Query User{753CBBD2-5BD9-4F1A-87C5-FF8180453B42}C:\users\chad\program files (x86)\dna\btdna.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\CHAD\PROGRAM FILES (X86)\DNA\BTDNA.EXE | UDP Query User{7830EF88-1162-482D-8396-A48CD47ECA03}C:\program files (x86)\mirc\mirc.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MIRC\MIRC.EXE | UDP Query User{7D5BBB10-9FF2-49A6-AF4E-97F483842AAD}C:\program files (x86)\bittorrent\bittorrent.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BITTORRENT\BITTORRENT.EXE | UDP Query User{80DCAA76-830E-451B-9ECD-6E8E93CC64BC}C:\program files\e-on software\vue 7 xstream\application\vue 7 xstream.eon = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\E-ON SOFTWARE\VUE 7 XSTREAM\APPLICATION\VUE 7 XSTREAM.EON | UDP Query User{82D9E923-9147-43DD-9B61-F9AC453C52DA}C:\users\chad\appdata\local\google\chrome\application\chrome.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\CHAD\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE | UDP Query User{863D1671-5457-4B69-8462-92BAD44E81CB}C:\program files (x86)\internet explorer\iexplore.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE | UDP Query User{86CDDBE3-29F5-4E9B-950B-73B3EE264A1A}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\CS4SERVICEMANAGER\CS4SERVICEMANAGER.EXE | UDP Query User{91C75CE3-1E57-44BA-ACCB-1BF42B5C2687}C:\program files (x86)\java\jre6\bin\java.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVA.EXE | UDP Query User{947D3128-2664-46E6-89C3-B512E40B1F23}C:\program files (x86)\java\jre6\bin\javaw.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE | UDP Query User{9A0C7C46-63A5-4D33-8ABE-7E58D45DC834}C:\program files\appdev\freetraining\alen.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\APPDEV\FREETRAINING\ALEN.EXE | UDP Query User{A1A68EFB-A5C6-4846-9EE9-81D132DFE286}C:\program files (x86)\orb networks\orb\bin\orb.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORB.EXE | UDP Query User{A27283EC-E0E7-4ADD-8768-F83F7D361A32}C:\users\chad\desktop\fre_wlh_amd64_en\binfre_wlh_amd64_en\zsserver.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\CHAD\DESKTOP\FRE_WLH_AMD64_EN\BINFRE_WLH_AMD64_EN\ZSSERVER.EXE | UDP Query User{A57EBD39-CA46-42DF-BC42-C2411BE49A9B}C:\program files (x86)\call graph\callgraph.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\CALL GRAPH\CALLGRAPH.EXE | UDP Query User{A70C19FA-0714-4598-9525-51950EE1C124}C:\program files (x86)\orb networks\orb\bin\orbtray.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ORB NETWORKS\ORB\BIN\ORBTRAY.EXE | UDP Query User{A834D917-C255-4A1D-81E2-7DB2D166070D}C:\windows\syswow64\dplaysvr.exe = PROTOCOL=17 | DIR=IN | APP=C:\WINDOWS\SYSWOW64\DPLAYSVR.EXE | UDP Query User{B3DC37F0-7650-4B1E-8B24-C12A4BB14C5A}C:\program files (x86)\aim6\aim6.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE | UDP Query User{B9EDC10E-4F38-4F95-99EE-A9565EEA51B2}C:\program files (x86)\badblue\pe\badblue.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BADBLUE\PE\BADBLUE.EXE | UDP Query User{BB2113BA-C01E-43F8-B3C5-637A5F4263B4}C:\program files (x86)\next limit\realflow4\realflow.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\NEXT LIMIT\REALFLOW4\REALFLOW.EXE | UDP Query User{C94D1BB6-4CC8-4E67-81D9-5B076B53BF4B}C:\program files\e-on software\vue 7 xstream\application\vue 7 xstream.eon = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\E-ON SOFTWARE\VUE 7 XSTREAM\APPLICATION\VUE 7 XSTREAM.EON | UDP Query User{CB130AD9-E430-49C9-A5F5-3456803CF6D5}C:\program files (x86)\proxyway\proxyway.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\PROXYWAY\PROXYWAY.EXE | UDP Query User{CECAD319-120E-41C2-AD9D-F5A36F4378DF}C:\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe = PROTOCOL=17 | DIR=IN | APP=C:\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\AGE2_X1.EXE | UDP Query User{D839F19D-2C4E-4999-B823-00DAB02711BA}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ADOBE\ADOBE DREAMWEAVER CS3\DREAMWEAVER.EXE | UDP Query User{DC8E2DF9-0384-4F2C-9E86-E47308779B2B}C:\program files\smartftp client\smartftp.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SMARTFTP CLIENT\SMARTFTP.EXE | UDP Query User{E0CE8E8D-7080-480C-AC6F-9CE0D964D8BC}C:\program files (x86)\dna\btdna.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\DNA\BTDNA.EXE | UDP Query User{E36F5BAF-A48E-466B-99D1-45439C924D21}C:\program files (x86)\maxivista demo server\maxivistademo_64.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MAXIVISTA DEMO SERVER\MAXIVISTADEMO_64.EXE | UDP Query User{E7AA7FF9-4764-4AE3-ACE5-A34CAE976A7A}C:\users\chad\desktop\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\CHAD\DESKTOP\DOWNLOADS\AGE OF EMPIRES 2 & THE CONQUERORS EXPANSION - FULL GAME - [HUSSEY]\AGE2_X1.EXE | UDP Query User{EC621AAC-AD5E-404A-BC97-2452CFB0CA42}C:\program files (x86)\proxyway\proxyway.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\PROXYWAY\PROXYWAY.EXE | UDP Query User{EFD0E04C-6507-4458-B7D5-548CE2C9D3FB}C:\program files (x86)\palm\hotsync.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\PALM\HOTSYNC.EXE | UDP Query User{F88EA39A-0C9E-4CD6-BCC3-D787E0C683D0}C:\users\chad\desktop\fre_wnet_amd64_en\binfre_wnet_amd64_en\zsserver.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\CHAD\DESKTOP\FRE_WNET_AMD64_EN\BINFRE_WNET_AMD64_EN\ZSSERVER.EXE | UDP Query User{FCEC9082-8600-41D1-BBA5-9E41A83C0CF5}C:\program files (x86)\secondlife\slvoice.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\SECONDLIFE\SLVOICE.EXE | [color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1 "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software "{04020000-CCCC-EEEE-89F6-8A4B07479E6D}" = KDCalc Designer "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English "{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{13086F8B-2AA9-4488-BC9C-BB6B912A5524}" = muvee autoProducer 6.1 "{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{1FD9425D-BD1E-4486-9DD3-7B73B45E4C60}" = Pagos SpreadsheetWEB 2.1.0 "{20585CDC-114E-4372-986A-0686B1A37A30}" = Business Plan Pro 2007 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU "{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2 "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12 "{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5 "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3891E1C9-8E9E-43E2-B009-6D008BCD7669}" = Microsoft Expression Blend 2 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords "{3F7C20E7-37DA-4DBF-B1C1-0F207633C178}" = Marketing Plan Pro 9.0 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup "{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6 "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4BC14A37-586A-4AB3-A458-874AAE29337C}" = Adobe Setup "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4DB6326B-E2CA-427F-B1E5-4C4237EBF2FE}" = Avid Xpress Pro "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{528A39B3-32A5-4B79-A7A7-D55104D6DCC8}" = Avid EDL Manager "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup "{579CB8A1-9966-4223-943F-05B3CF84C841}" = Microsoft Visual C++ 2008 Samples "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan "{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400 "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin "{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{640EAE56-81A2-49D4-9B8C-00DA3C0031AF}_is1" = Juicer 3.51 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{68249B78-B714-11D7-88E8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition v1.3.1_18 "{6833995C-2FFD-4084-981A-001FF469146A}" = Microsoft Expression Encoder 2 "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3 "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC "{6DC0CBB2-F919-4bdd-A608-E8FE35E03237}" = MX Skype Recorder v3.8.1 "{6F2A416E-6C64-4056-A436-B34AA178648A}" = PalmAdvancedChatTools_v6_setup "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{7635D07D-B727-496F-94CA-8AC60E0C40CE}" = Microsoft Report Viewer Redistributable 2005 "{783FBDAA-3842-05E8-F1E4-4D44F8CA64D9}" = FX AccuCharts "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3 "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}" = Microsoft Expression Media 2 SP2 "{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup "{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008 "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2 "{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007 "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone "{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0 "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English) "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{9F8FDE1A-FA91-43F2-887B-CF080156D57E}" = Adobe Setup "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan "{A1BBC33D-F769-426E-9F83-0F63AD07BB58}" = RealFlow "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A6392127-1223-4C7F-BBC8-87CCB449F96C}" = ArcSoft WebCam Companion 2 "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A9BEEB55-3E49-43BD-87E6-F1632C0E2BA6}" = Microsoft Expression Studio 2 "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008 "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13 "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3 "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services "{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo "{BAD00139-E284-4F6C-AA94-FB637462DEEB}" = Palo Alto Software's Application Manager 8.2 "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C3498122-091E-4999-9EBE-7513FE904F6A}" = Microsoft Expression Design 2 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3 "{CC4976E1-9CDB-4B5F-BF3F-FF71A56BC16A}" = Avid FilmScribe "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D082AB81-5910-4BCE-848C-F86D2922D319}" = Avid Log Exchange "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr "{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}" = Microsoft Easy Assist v2 "{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU "{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4 "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EC68232E-C74E-4F1A-B296-DFD2E1944E10}" = Adobe Setup "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2 "{EDFE2142-CFB3-44AB-A961-DE85F6408A28}" = Sentinel Protection Installer 7.3.2 "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "4Musics WMA to MP3 Converter 5.0_is1" = 4Musics WMA to MP3 Converter 5.0 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_0b36ff97a89684768f1da4defc9f237" = Adobe Encore CS4 Codecs "Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4 "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4 "Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content "Adobe_5eba9bbdf1514a06b1a4c79a2920188" = Adobe Media Encoder CS4 Exporter "Adobe_6e02d32c7e5a9d9fc86bc91618cafda" = Adobe Premiere Pro CS4 Third Party Content "Adobe_7774cb1e022c49962995a9014500066" = Adobe Media Encoder CS4 Importer "Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Advanced PDF to HTML converter_is1" = Advanced PDF to HTML converter 1.9.9.16 "AIM_6" = AIM 6 "Any Recorder" = Any Recorder "Any Video Converter_is1" = Any Video Converter 2.6.5 "AppDevALEX" = Free Training via AppDev OnDemand 2.2.0.0 "ASIO4ALL" = ASIO4ALL "Ask & Record Toolbar4.00" = Ask & Record Toolbar 4.00 "Audacity_is1" = Audacity 1.2.6 "avast!" = avast! Antivirus "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "BadBlue Personal Edition" = BadBlue Personal Edition 2.72 "Blend_2.0.1523.0" = Microsoft Expression Blend 2 "BulentsScreenRecorder4" = BSR Screen Recorder 4 "Call Graph" = Call Graph "CINEMA 4D Release 11" = CINEMA 4D Release 11 "Collab" = Collab "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "ComcastHSI" = Comcast High-Speed Internet Install Wizard "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Design_5.0.1379.0" = Microsoft Expression Design 2 "Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.0 "Easy Icon Maker" = Easy Icon Maker "Encoder_2.0.1406.0" = Microsoft Expression Encoder 2 "ERUNT_is1" = ERUNT 1.1j "ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2 "FileZilla Client" = FileZilla Client 3.2.4.1 "FL Studio 7" = FL Studio 7 "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight "Freecorder Toolbar" = Freecorder Toolbar "Google Earth Pro 4.2" = Google Earth Pro 4.2 "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial "IL Download Manager" = IL Download Manager "ImTOO FLV Converter" = ImTOO FLV Converter "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "JustStyle CSS Editor_is1" = JustStyle CSS Editor 1.3.3 "Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272) "MagicDisc 2.7.105" = MagicDisc 2.7.105 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007 "Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin "Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin "Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU "mIRC" = mIRC "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer "Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10) "MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU "MSTARS Debt Settlement Suite" = MSTARS Debt Settlement Suite "NET Render Release 11" = NET Render Release 11 "particleIllusion 3.0" = particleIllusion 3.0 "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "PowerISO" = PowerISO "Pronto" = Pronto 2.1.0-D "Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0 "SMPlayer_is1" = SMPlayer 0.6.6 "SONARProducer_x64_is1" = SONAR 7 Producer Edition "SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1 "sp41119" = sp41119 "SpreadsheetConverter" = SpreadsheetConverter "SystemRequirementsLab" = System Requirements Lab "Transcribe!_is1" = Transcribe! 7.51 "Trapcode 3DStroke" = Trapcode 3DStroke "Trapcode Form" = Trapcode Form "Trapcode Horizon" = Trapcode Horizon "Trapcode Particular" = Trapcode Particular "ULTIMATER" = Microsoft Office Ultimate 2007 "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VideoLAN VLC media player 0.8.6d "Vue 7 Infinite RenderCow" = Vue 7 Infinite RenderCow "Vue 7 xStream 64bit" = Vue 7 xStream 64bit "WildTangent hp Master Uninstall" = My HP Games "WinAce Archiver" = WinAce Archiver "WinLiveSuite_Wave3" = Windows Live Essentials "XWeb" = Microsoft Expression Web 2 [color=orange]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "- zBrush with activation serial incl -" = - zBrush with activation serial incl - "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA "CodeBlocks" = CodeBlocks "Five9 Administrator" = Five9 Administrator "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 4.0.0.320 [color=orange]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2125359530-1166900147-2970906946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "- zBrush with activation serial incl -" = - zBrush with activation serial incl - "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA "CodeBlocks" = CodeBlocks "Five9 Administrator" = Five9 Administrator "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 4.0.0.320 [color=orange]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 5/30/2009 2:36:48 AM | Computer Name = CHADSMAINFRAME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Chad\AppData\Roaming\Skype\chad.oneal\chatsync\43\435967741388ae0f.dat failed, 00000005. Error - 5/30/2009 2:17:25 PM | Computer Name = CHADSMAINFRAME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Chad\AppData\Roaming\Skype\chad.oneal\main.db failed, 00000005. Error - 6/1/2009 12:56:07 AM | Computer Name = CHADSMAINFRAME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4AFFAY7G\conference[1].swf failed, 00000005. Error - 6/1/2009 1:32:05 AM | Computer Name = CHADSMAINFRAME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Chad\AppData\Roaming\Skype\chad.oneal\main.db failed, 00000005. Error - 6/6/2009 11:58:14 PM | Computer Name = CHADSMAINFRAME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Chad\AppData\Roaming\Skype\chad.oneal\main.db failed, 00000005. Error - 6/7/2009 11:41:10 PM | Computer Name = CHADSMAINFRAME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Chad\AppData\Roaming\Skype\chad.oneal\main.db failed, 00000005. Error - 6/10/2009 5:13:10 PM | Computer Name = CHADSMAINFRAME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Chad\AppData\Roaming\Skype\chad.oneal\main.db failed, 00000005. Error - 6/10/2009 5:34:26 PM | Computer Name = CHADSMAINFRAME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Chad\AppData\Roaming\Skype\chad.oneal\chatsync\64\644a6d4f4565a856.dat failed, 00000005. Error - 6/10/2009 6:07:59 PM | Computer Name = CHADSMAINFRAME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Chad\AppData\Roaming\Skype\chad.oneal\main.db failed, 00000005. Error - 6/10/2009 9:01:11 PM | Computer Name = CHADSMAINFRAME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Chad\AppData\Roaming\Skype\chad.oneal\chatsync\6e\6efdfd5938b1fe88.dat failed, 00000005. [color=orange]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
MBAM
Malwarebytes' Anti-Malware 1.37 Database version: 2260 Windows 6.0.6001 Service Pack 1 6/10/2009 11:50:30 PM mbam-log-2009-06-10 (23-50-30).txt Scan type: Full Scan (C:\|) Objects scanned: 820094 Time elapsed: 2 hour(s), 5 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 7 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files (x86)\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files (x86)\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: c:\program files\alwil software\Avast4\DATA\moved\ACS4MC-Keygen (X-FORCE).exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. c:\program files (x86)\windows live\messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files (x86)\windows live\messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\Users\Chad\downloads\avast 4.8.1296 professional [h33t] - xplosion\Keygen.exe (Malware.Tool) -> Quarantined and deleted successfully. c:\Users\Chad\downloads\camtasia studio 6.0.0 build 689 [ iron doom ]\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully. c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1 A:\ [Fixed] - NTFS - (Total:13909 Mo/Free:1532 Mo) C:\ [Fixed] - NTFS - (Total:689905 Mo/Free:3682 Mo) D:\ [Fixed] - NTFS - (Total:11585 Mo/Free:1552 Mo) E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) F:\ [Fixed] - NTFS - (Total:703934 Mo/Free:2100 Mo) G:\ [Removable] (Total:0 Mo/Free:0 Mo) H:\ [Removable] (Total:0 Mo/Free:0 Mo) I:\ [Removable] (Total:0 Mo/Free:0 Mo) J:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) K:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) L:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) M:\ [Removable] (Total:0 Mo/Free:0 Mo) N:\ [Fixed] - NTFS - (Total:11468 Mo/Free:1535 Mo) Thu 06/11/2009| 0:12 ----------------------\\ Processes.. --Locked-- [System Process] --Locked-- System ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? --Locked-- audiodg.exe ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe ---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe ---------- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---------- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe ---------- C:\Program Files (x86)\Bonjour\mDNSResponder.exe ---------- ???=?????? ---------- ???=?????? ---------- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ---------- c:\hp\HPEZBTN\HPBtnSrv.exe ---------- C:\Windows\SysWOW64\svchost.exe ---------- C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe ---------- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe ---------- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe ---------- c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe ---------- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe ---------- C:\Program Files (x86)\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---------- c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe ---------- ???=?????? ---------- ???=?????? ---------- C:\Program Files (x86)\chatsupport.palm.com\bin\tgsrvc.exe ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe ---------- ???=?????? ---------- ???=?????? ---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe ---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- C:\Program Files (x86)\Internet Explorer\iexplore.exe ---------- C:\Program Files (x86)\Internet Explorer\iexplore.exe ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- ???=?????? ---------- C:\Users\Chad\Desktop\Rooter.exe ---------- C:\Windows\SysWOW64\cmd.exe ---------- C:\Rooter$\RK.exe ----------------------\\ Search..