Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan horse Dropper.Generic.BHHB


  • Please log in to reply

#1
ChadGeorge

ChadGeorge

    New Member

  • Member
  • Pip
  • 1 posts
Infection causes search engine results to be redirected to rogue sites. Also preventing certain programs from running/installing such as PlayOn and Malwarebytes Anti-Malware locks up. Thanks in advance for all of your help!

OTL log:
OTL logfile created on: 12/5/2009 5:45:20 PM - Run 1
OTL by OldTimer - Version 3.1.11.7 Folder = C:\Users\Chad\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.42% Memory free
4.00 Gb Paging File | 2.92 Gb Available in Paging File | 72.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.99 Gb Total Space | 172.90 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
Drive D: | 9.36 Gb Total Space | 1.23 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 13.97 Gb Total Space | 1.58 Gb Free Space | 11.30% Space Free | Partition Type: NTFS
Drive G: | 92.81 Gb Total Space | 11.18 Gb Free Space | 12.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAD-PC
Current User Name: Chad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/05 17:43:14 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Downloads\OTL.exe
PRC - [2009/11/26 08:30:16 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/29 14:13:42 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/22 12:40:36 | 00,884,736 | ---- | M] () -- C:\Users\Chad\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2009/08/19 08:08:02 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/19 08:08:02 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/19 08:07:55 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/19 08:07:32 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/19 08:07:23 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/19 13:50:24 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe
PRC - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/17 13:17:04 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/01 13:41:30 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/04/01 13:41:26 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/04/01 13:41:10 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/03/14 22:12:50 | 02,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/03/14 22:12:48 | 02,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/01/19 01:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 01:33:27 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/19 01:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/15 10:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/14 02:42:38 | 00,054,672 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jureg.exe
PRC - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/05/31 09:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/04/18 09:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 05:59:00 | 00,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (SafeList) ==========

MOD - [2009/12/05 17:43:14 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Downloads\OTL.exe
MOD - [2008/01/19 01:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/22 12:40:36 | 00,884,736 | ---- | M] () -- C:\Users\Chad\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/08/19 08:07:32 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/19 08:07:23 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/29 16:29:14 | 00,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/29 11:09:58 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/19 01:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/19 19:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/05/31 09:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Old CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Old SearchAssistant = http://www.seekseek....p;version_id=18

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.6
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/03 09:47:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/28 17:06:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/17 17:26:43 | 00,000,000 | ---D | M]

[2008/09/07 16:24:30 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions
[2009/12/05 17:15:37 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\bgfnqy3f.default\extensions
[2008/10/22 12:09:50 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\bgfnqy3f.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/03/26 16:16:58 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\bgfnqy3f.default\extensions\[email protected]
[2008/12/08 00:52:41 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\bgfnqy3f.default\extensions\[email protected]
[2009/12/05 17:15:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/04 20:38:14 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\system32\rdolib.dll) - C:\Windows\System32\rdolib.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 22:26:04 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dc81a133-b962-11de-825e-001e8c36b12a}\Shell - "" = AutoRun
O33 - MountPoints2\{dc81a133-b962-11de-825e-001e8c36b12a}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f287b22a-f617-11dd-a8fe-001e8c36b12a}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\L\Shell\AutoRun\command - "" = wdsync.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/10/29 23:04:14 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/05 17:10:39 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/05 17:09:48 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/30 03:07:49 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/11/29 21:45:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/29 18:11:50 | 00,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Malwarebytes
[2009/11/29 18:11:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/29 18:11:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/29 18:11:40 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/29 18:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 11:00:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft PData
[2009/11/25 16:53:38 | 00,000,000 | ---D | C] -- C:\Program Files\Bodog Poker
[2009/11/25 02:12:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/11/25 02:12:08 | 00,000,000 | ---D | C] -- C:\Program Files\DivX

========== Files - Modified Within 14 Days ==========

[2009/12/05 17:44:55 | 03,407,872 | -HS- | M] () -- C:\Users\Chad\NTUSER.DAT
[2009/12/05 17:40:55 | 00,000,000 | ---- | M] () -- C:\Users\Chad\Desktop\settings.dat
[2009/12/05 17:09:52 | 00,000,772 | ---- | M] () -- C:\Users\Chad\Desktop\NTREGOPT.lnk
[2009/12/05 17:09:51 | 00,000,753 | ---- | M] () -- C:\Users\Chad\Desktop\ERUNT.lnk
[2009/12/05 17:08:28 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/05 17:08:28 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/05 17:08:28 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/05 17:05:32 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{68FF6BC4-3168-4BF4-8372-5D67FB6D0180}.job
[2009/12/05 17:03:39 | 00,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/12/05 17:03:24 | 00,000,498 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2009/12/05 17:03:04 | 00,002,455 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
[2009/12/05 17:02:51 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/05 17:02:51 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/05 17:02:50 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/05 17:02:33 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/05 17:02:29 | 21,384,31488 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/05 17:01:25 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/12/05 17:01:13 | 00,524,288 | -HS- | M] () -- C:\Users\Chad\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/05 17:01:13 | 00,065,536 | -HS- | M] () -- C:\Users\Chad\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/05 16:58:09 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-394915937-528073413-913584154-1000UA.job
[2009/12/05 16:29:26 | 46,243,751 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/05 15:56:12 | 00,064,512 | ---- | M] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/05 09:25:27 | 00,112,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/05 01:58:01 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-394915937-528073413-913584154-1000Core.job
[2009/11/30 03:21:18 | 02,173,869 | -H-- | M] () -- C:\Users\Chad\AppData\Local\IconCache.db
[2009/11/29 23:11:01 | 00,001,356 | ---- | M] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat
[2009/11/29 22:42:22 | 00,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/29 21:45:27 | 00,001,913 | ---- | M] () -- C:\Users\Chad\Desktop\HijackThis.lnk
[2009/11/29 18:11:45 | 00,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 11:01:07 | 00,000,691 | ---- | M] () -- C:\Personal Protector.lnk
[2009/11/28 17:05:35 | 00,000,104 | ---- | M] () -- C:\Users\Chad\Desktop\Internet - Shortcut.lnk
[2009/11/28 14:25:19 | 18,874,0157 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/25 02:12:08 | 00,001,432 | ---- | M] () -- C:\Users\Chad\Desktop\DivX Movies.lnk
[2009/11/23 13:53:33 | 00,129,672 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2009/12/05 17:40:55 | 00,000,000 | ---- | C] () -- C:\Users\Chad\Desktop\settings.dat
[2009/12/05 17:09:52 | 00,000,772 | ---- | C] () -- C:\Users\Chad\Desktop\NTREGOPT.lnk
[2009/12/05 17:09:51 | 00,000,753 | ---- | C] () -- C:\Users\Chad\Desktop\ERUNT.lnk
[2009/11/29 23:17:43 | 21,384,31488 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/29 21:45:27 | 00,001,913 | ---- | C] () -- C:\Users\Chad\Desktop\HijackThis.lnk
[2009/11/29 18:11:45 | 00,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 11:01:07 | 00,000,691 | ---- | C] () -- C:\Personal Protector.lnk
[2009/11/28 17:05:35 | 00,000,104 | ---- | C] () -- C:\Users\Chad\Desktop\Internet - Shortcut.lnk
[2009/11/25 02:12:08 | 00,001,432 | ---- | C] () -- C:\Users\Chad\Desktop\DivX Movies.lnk
[2009/11/23 13:53:33 | 00,129,672 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/04/21 10:34:32 | 00,006,464 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Replay Music 3 Setup Log.txt
[2008/04/03 00:36:18 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/03/25 08:56:08 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/02/11 18:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/05 19:34:31 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/05 19:34:31 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/02/01 22:32:12 | 00,000,926 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\wklnhst.dat
[2008/01/30 03:12:25 | 00,064,512 | ---- | C] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/23 02:48:12 | 00,001,356 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat
[2007/11/23 22:15:55 | 00,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/11/23 22:07:30 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1332.dll
[2007/11/23 21:56:46 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/23 21:56:46 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/04/04 13:42:00 | 00,361,472 | ---- | C] () -- C:\Windows\System32\MouseHook.dll
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2008/10/11 15:13:15 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\acccore
[2008/03/01 02:53:12 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Canon
[2008/12/13 11:41:31 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\cmw
[2009/03/03 16:34:41 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\DiskAid
[2008/07/08 10:37:26 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Flickr
[2009/11/09 14:03:03 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\GetRightToGo
[2008/10/21 13:48:26 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\LimeWire
[2008/04/01 15:53:21 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\NetMedia Providers
[2008/05/26 13:56:06 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Propellerhead Software
[2008/04/01 15:53:21 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Publish Providers
[2008/01/22 23:31:45 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Snapfish
[2008/02/01 22:33:06 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Template
[2009/02/11 13:45:34 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\webex
[2008/02/12 02:53:30 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WildTangent
[2008/01/24 03:13:13 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WinBatch
[2009/12/05 17:01:32 | 00,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/05 17:05:32 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{68FF6BC4-3168-4BF4-8372-5D67FB6D0180}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/18 23:06:48 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/18 23:06:48 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/18 22:33:23 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 00:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 01:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 01:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


OTL Extras Log:
OTL Extras logfile created on: 12/5/2009 5:45:20 PM - Run 1
OTL by OldTimer - Version 3.1.11.7 Folder = C:\Users\Chad\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.42% Memory free
4.00 Gb Paging File | 2.92 Gb Available in Paging File | 72.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.99 Gb Total Space | 172.90 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
Drive D: | 9.36 Gb Total Space | 1.23 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 13.97 Gb Total Space | 1.58 Gb Free Space | 11.30% Space Free | Partition Type: NTFS
Drive G: | 92.81 Gb Total Space | 11.18 Gb Free Space | 12.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAD-PC
Current User Name: Chad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\vlc\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\vlc\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\Chad\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E3CEF7-11F4-4D48-B231-37FC21485338}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{12BB7B16-7EF5-4672-B8FD-F14D7D6C05BE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{138DCFFF-C3E4-4BEB-87AC-34047F5D0FE0}" = lport=3689 | protocol=6 | dir=in | name=itunes remote |
"{1B77BADA-A815-4A16-B690-A980A69093A8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C9D703F-B675-4664-90D2-329D0E78FFA6}" = rport=10244 | protocol=6 | dir=out | app=system |
"{1EFFC573-002E-4A68-959C-71ACFE55DC1B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1F4B08B9-CB37-4522-A640-EF64D6576D46}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29CEFE13-6B15-41FC-874E-957164EE795E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{2B7B0643-1A65-4A4C-AEB7-C8290EB2D0DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{348045F9-9D83-4613-B0FC-C03BCDCC71F0}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3BC304A7-3007-4666-8FDC-67207FDBE12D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EFEF596-EF69-421C-9B14-85CD73D6D1DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41CBC302-5B12-43BF-A31B-1F917A5A70B5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{508BE8BF-4E4E-4514-B6CE-B4428C0D2F77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56838460-8D99-42E3-9F38-333BE74D9D73}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{590E1091-E25B-42BD-ABA6-8F7473D05123}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{59DB67B1-A756-4636-9660-09FFEC3945FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61466339-D035-442C-977C-395AE6245412}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{664CC48F-BD8A-4CBC-AABB-30D735FED87A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7344DC30-F4AB-4D9C-847D-6839B1953E6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80C7CE14-80EF-4BAE-9E92-2508CD542AD7}" = lport=15846 | protocol=6 | dir=in | name=bitcomet 15846 tcp |
"{839BDC3D-507C-4D66-B769-3A03293F9CA7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8638FA1E-3B3E-46E1-82C4-3A73CA8A6C47}" = lport=57016 | protocol=6 | dir=in | name=pandorest listening port |
"{8F353A04-B100-4D94-8160-A8DDA8D092AC}" = lport=5353 | protocol=17 | dir=in | name=itunes remote |
"{93E03E58-A814-4319-991A-C9C54E54D475}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{972CF975-01EF-45D6-9E8E-840DEB604AA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A02024D1-C01D-4244-974A-5344F4E17D68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD753FB4-3262-4C7C-B15D-7F433C141DFB}" = lport=15846 | protocol=6 | dir=in | name=bitcomet 15846 tcp |
"{B1535FBB-8F9C-4869-B324-A617D286D6AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB19CC7B-3AEA-46A0-840B-4E82129D2690}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C82BE212-F989-4441-8F89-606C858C16C5}" = rport=2869 | protocol=6 | dir=out | app=system |
"{CFF0BEBC-B480-490A-B5B9-24DB767B67C5}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D586F5D9-6D34-49E7-B121-6C4F5B116E06}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6C4CF2C-475B-4560-9906-CABB29130B06}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA3459EA-CF4D-4F63-87D1-A76D061648F2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC8BAB40-D515-48AB-818D-FB5F0E064E8B}" = lport=3390 | protocol=6 | dir=in | app=system |
"{DF63D1F3-BD5C-453E-BAF3-46A79838756C}" = lport=15846 | protocol=17 | dir=in | name=bitcomet 15846 udp |
"{E086ED4D-414C-42D5-A371-DC97341A3A61}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6E0015A-FCC0-4297-9349-9AB47B6D7D66}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E79CB07B-B313-46D8-B6DE-70A228F163EE}" = lport=3390 | protocol=6 | dir=in | app=system |
"{EDCC5CB1-DA0F-4CBE-9CC0-46F15AA00D11}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EF0FDEE0-712B-40D7-8667-44EA28BE5065}" = lport=15846 | protocol=17 | dir=in | name=bitcomet 15846 udp |
"{F1B381A8-BAC8-40B2-8D2C-9C65AFE543E2}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F34894B1-DEED-436E-84D8-E7AAB9998691}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5D51C6D-C245-43D3-864F-1BC11B235DC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8F3CB9D-81B6-4799-B4ED-CC5CF474A524}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0056469A-BE57-498A-89FA-272C24324623}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{02B5C58A-ACE2-46B0-AF46-E8521FF9AACC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09BC8C54-E16A-4FC8-8002-551CE3DEA6C1}" = protocol=58 | dir=in | [email protected],-148 |
"{0B068EE5-42F9-439D-9BCF-0248D1136246}" = protocol=17 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{0B103B02-BF0C-4728-8C64-D0B295D62645}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{166083D6-C09A-4991-8E5D-58CC211D29BD}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{173178E4-AF82-48AB-8BD7-40B268BAF69B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{19C8F985-E9BF-4360-9B6B-B18BCD77769A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1D036B2F-7CBD-4009-9EE8-CB5A4E335DAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D4F3A86-B1F0-4D6E-8C82-B956FF96328A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F80E781-8458-41DA-B118-D5AA270E9FA7}" = protocol=17 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{20830C31-8D77-4DCF-AB9C-5A4F08B0F008}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24A8B6DD-B36C-4A8A-8EEA-9406ECE904B1}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{25AEC76E-80D3-46C7-98D3-5282996D9705}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28612311-EF49-4F91-B016-B9DCDE2D0906}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{286D95B8-AF13-451A-A9FF-C659072141ED}" = protocol=6 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{30877E2F-9151-4023-A808-F6145D50632C}" = protocol=6 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{311201B3-9578-430D-AE10-87F3C08422D5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{328B8345-1AD2-4EC4-954C-F539E4F5453A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34F9A8A9-6FB5-437C-A8FB-C42F550C53DE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{35396C8C-05DA-4EDF-8FA4-642F8DD0B6E2}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{368DE845-29F2-4981-B90F-36F6769EDD4F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3B4D2EE0-14AA-4E52-9A34-441249D8B164}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CB5536B-7131-4B3A-87DD-A757D461F850}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3F84E66F-7375-49E6-AC33-F94428942539}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{40D62FDD-FA5D-460E-AA27-2211C66BC6A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{429A0A0C-AECF-4223-B6C7-A2C45B8354A2}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{453919E3-ED17-4F50-974D-2F926485C910}" = protocol=6 | dir=in | app=c:\users\chad\appdata\local\tversity\media server\mediaserver.exe |
"{4A534350-7460-4F6D-A7D9-85B6D547F20F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4C2BFFCD-CF92-4111-8608-4CC540C55A41}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4C4FA9D7-5684-4822-983A-64AD301C0598}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{50B40062-EFE8-4FEC-9E1A-614ED5432888}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{51A93094-2F6F-497D-9A3F-80D624AAE27C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53240C43-3271-4AD5-9B05-FF2E20E5DF88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55DF067A-774A-41C9-BBC2-523C6F69142B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{581F03E4-EF23-4C44-B6D4-FD90849E4300}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5844F4C3-84D4-4BB5-B9FD-9E9AB39B0BFB}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{59A87A4F-55A6-4DDE-A92D-308F5160283B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AC70D4D-3F1B-4E8D-AAD2-F2CB55333EEC}" = protocol=17 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{5AD190FD-CED6-41D8-B8C5-B09E51B0D209}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{5C5A2E29-DDE2-4AB2-AD6B-6EDBE2FBED33}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{62FC6FE9-644C-4E34-9D23-F5EFA3E7AEEB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{631250FD-6309-4A4F-A5E5-CF5C78D07A5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63AF5C2D-CFE4-46C9-AE21-54A7CC7E0C1E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{656C6EF3-F7FA-4979-8F37-1AE0E1D37A51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67871FCA-36C3-4B73-8A9C-8237E26FF41E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67A7C90F-C417-406F-839E-EBA2CA0506DB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{67DF68B3-621B-4893-9FDA-81E0B9594943}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{699DB67B-463E-448F-8481-E78C81D3B50D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6AF69B39-8538-475F-AB9B-2125BD5AE135}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{6E694703-629E-4270-A067-9949F31A0343}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72715F4E-7AFE-4ECE-B1AE-7504226F4B9A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{72C511A6-BBFE-4492-BE81-4D428E3050A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72C5AC15-2784-4027-B479-EAE9F0F3C1DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{739C036A-AA72-4806-B8EA-03A5AA8502B3}" = protocol=6 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{74957D82-D957-4B7C-84DB-94C8A86C1487}" = protocol=6 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{758CE82E-1E07-4EBC-AAC9-FF6047722F80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76C99AF3-1258-4BBB-87BD-C422D5851560}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{78824E47-CD58-4B68-B386-B834F6CC9614}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{78F6090B-0892-4862-9927-F847802ACEBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BCD1DEA-FCCB-4C96-A8FC-F072E3DECD33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7ECF2C03-3522-4141-9F6B-DBC7714FD605}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80C0B821-2EEC-4C74-B3D2-41926941AFB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81335750-AF1A-40CA-8C89-BB3B7E0EA541}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8175E15C-3A76-4487-9EEC-0FFF935A4380}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{845A20FC-E46E-4587-ADA0-63A610089A92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{849599C2-DFBA-467D-A134-8FDC59EA4631}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E548DCC-47FA-4485-BEB3-C75E082A1E58}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9469C13C-4E21-4E8A-B839-E56524E566C6}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{94E5DA72-B596-43EB-B036-40B67D729BBA}" = protocol=6 | dir=out | app=system |
"{96303944-6D3C-4686-BF0D-1C18721154A3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9A05AA5C-40A6-454A-9B37-BA933C494E01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A19D9DF-537E-40C8-9905-B1E7989BB83E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9AC6880D-CB9C-47D1-A790-D545DCAF57D0}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9C903CA8-31A7-4DB5-863F-A1BC862CBFC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CC9E304-46D4-4136-B4FC-0A619491F34B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9D08D5C4-05FF-46E2-9303-4BD86BBB8E5F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9DC3D583-6755-4FE4-8057-8926BE714C4B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{A4589985-A651-4B51-BCDE-A258BE787E16}" = protocol=17 | dir=in | app=c:\users\chad\appdata\local\tversity\media server\mediaserver.exe |
"{A6D13874-EB47-4494-9DFC-BE987FEEED32}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AEBA25E1-9B21-4482-9C07-24B4801C008C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B04DF8B3-CABF-4260-B78E-9E6D1042E902}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1075E4D-3282-4756-B5E6-52D20EB3EF31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B10A775A-72AD-4644-8A17-1652650ED8B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B29D18C2-058A-4988-9C12-CA20E6A6F1A6}" = protocol=17 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{B2ED47DF-CD97-41CC-8AE6-0673BD943481}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B33A66E5-FFB4-4375-A64A-7969F7D0230D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B67B6B52-7659-4295-920B-3C9CE66D2B2B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B6E2D633-5F4D-4034-ADF0-EEEF96708070}" = protocol=6 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{B70CBFD8-6BD2-442B-B5B2-AB86C8A4E457}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BA6A65D1-C01E-4F89-9D19-2362A2B93825}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA925560-8B58-4C6A-9698-023B6CD0BFAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C06D02F0-DCE9-4639-BF92-BC3113D7EDF0}" = protocol=6 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{C3189EE1-65E3-40E4-97D7-871C975D58A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C377DFBF-57C6-4252-BDF9-791D5B445BB9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C7A9180F-6FBE-46D9-82AA-CF9A72984ACE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8A99889-5F15-41B5-A4C9-04EE29166A25}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C8B042E4-D028-450A-9F06-3517DE5C6AAB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CA82CA82-3418-41E1-A4E3-DED97C325C78}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{CAA15642-F684-4E30-BC41-93E83404408F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CBAA4900-F2E6-404A-BA6B-FC6BF80EA76E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CC0794B4-5FA3-43E4-ADD9-F18F4F63251C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CC514EB3-1264-4595-B73A-D5D1A8D15617}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0BCE245-8F7D-4BD9-AA2F-15AD8F5B0834}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D129C26A-83EC-4117-9462-41AE1C218C70}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D12BCC15-C614-4DB5-8507-404FD19B14CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D219A472-1E74-44A2-9773-5DDDCD104B2E}" = protocol=17 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D76DF4FB-6384-414F-BC22-8235BF53A493}" = protocol=17 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{D9433783-CD6E-45FF-B96B-BBBBCD44CA95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9AD5817-3868-472B-B668-B3DFE7C408CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBC0E664-8F59-44F8-AAAA-9B34487E7194}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E00E0BD5-D0D9-4E0E-9C8A-6EC2DBB7EA98}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E1355801-6FCF-4307-9C5F-6B97911676B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3127235-0070-436F-A062-5BA12247A84F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6F16048-83AA-4376-A162-ADACED9AD859}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7BF71A8-2062-429E-9554-DE56EA3B3A8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7C92608-3BFE-4D43-8BE1-348C4BA59302}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EAEA4026-2E75-43FB-AB59-845204830AE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB42AC2F-2353-45A1-B4AA-15992BDA3F9B}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{F034951F-77E9-4D06-9D27-60BAE224D9A2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F2B9CDF0-EC27-4811-8767-14A5679D4486}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{F3F073A7-F254-4BDD-8F0E-A89085FD1ACB}" = protocol=17 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{F48E29EC-CE8E-45D6-A5A0-70F53D3FD01B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8AA839A-DCA1-43C0-AF3C-C443F97D16DD}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F8FB4107-E264-439E-BC39-F3BD3EDC2434}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB7391BD-7577-4900-A803-A94A646C2397}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF25E7D9-B6E8-4EB2-B99A-1AF5601CED15}" = protocol=6 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{0026DA7E-D863-4353-AD9D-68CD91BBC27D}C:\program files\microsoft broadband networking\msbnupdate.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbnupdate.exe |
"TCP Query User{056D6174-AAC7-457D-8499-28017F54D36D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1808B353-FE16-44A5-8CCF-5BD58FC06809}C:\program files\microsoft broadband networking\msbnutil.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbnutil.exe |
"TCP Query User{37E15C7E-8CB0-4B56-8BD2-CEE81B70A40F}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{38CDEF8B-5FC5-4A51-89BA-5B7336A833FC}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{4CB85AFB-E0D9-463D-94C3-43C26E51D0E2}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{51EA4E1E-10D9-4254-8BD2-670874841914}C:\program files\microsoft broadband networking\msbnupdate.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbnupdate.exe |
"TCP Query User{60F26974-FF8E-4E04-8A8E-AD3580139C5E}C:\program files\simplify media\simplifymedia.exe" = protocol=6 | dir=in | app=c:\program files\simplify media\simplifymedia.exe |
"TCP Query User{62E80AB6-8423-442E-9165-1D70857D4374}C:\program files\microsoft broadband networking\msbncfg.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbncfg.exe |
"TCP Query User{965F0A46-C3F0-48F4-B8E2-EFEF40C7F67D}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{9CD07DA1-D0BA-416F-87F6-637AD2360719}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{BE31A25B-E882-4706-87CF-233AA3472606}C:\program files\microsoft broadband networking\msbncfg.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbncfg.exe |
"TCP Query User{C49AE4D8-5344-4DE3-B633-1256B8DE5302}C:\program files\microsoft broadband networking\msbnutil.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbnutil.exe |
"TCP Query User{CCE63763-C27E-4640-B5EB-D5C5EC9B46EF}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{EDE59C10-F8E1-4333-9BC7-5BAC2EA6634D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F9C8947A-5FC8-42F9-ABBF-B6E9FBA3E7D2}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{30563EC8-8EAB-40E9-B975-4AE3099D5989}C:\program files\simplify media\simplifymedia.exe" = protocol=17 | dir=in | app=c:\program files\simplify media\simplifymedia.exe |
"UDP Query User{31889C9F-7847-4247-9F75-485BDB1F5B78}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{42F03A01-3DBB-4AA2-8964-51D12E7DD5C8}C:\program files\microsoft broadband networking\msbnutil.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbnutil.exe |
"UDP Query User{5A4A1FCA-4BDF-43C5-8F19-3009E476C867}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{6686E8D6-93FB-418F-A2E2-47BFEB3E8D26}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{6740F048-782E-4918-8605-D74F0EFC62C2}C:\program files\microsoft broadband networking\msbnupdate.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbnupdate.exe |
"UDP Query User{79E8839B-0092-4E77-907A-10804BC990BC}C:\program files\microsoft broadband networking\msbnutil.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbnutil.exe |
"UDP Query User{80F58BBE-2B06-4F33-90BD-84356F408C1C}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{843F2944-88E3-40B5-8DEA-41BF069715CA}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{84B3990E-1A90-418E-98D5-95F1C7F44B15}C:\program files\microsoft broadband networking\msbncfg.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbncfg.exe |
"UDP Query User{9169E349-76DA-407D-92E9-656970AACEB3}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{927D00D2-82C8-4A2B-A02E-52887CFB6A81}C:\program files\microsoft broadband networking\msbncfg.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbncfg.exe |
"UDP Query User{A431EAF5-8B3D-4FE9-A8F2-EAA4D759C096}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{C19BB74C-6F43-406B-831A-49248E89EE9A}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{E01710F6-AF25-4C2C-9224-3C295971FF07}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EBA66B54-17F5-4D6C-9F8D-B5066E83EA39}C:\program files\microsoft broadband networking\msbnupdate.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbnupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2C84BB95-1DB9-4AC4-8750-F979BBCDD859}" = Microsoft Broadband Networking
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3C3DB57C-522F-47A0-B56F-EF745BCFB0CF}" = Sonic Foundry ACID 4.0b
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43274993-56DB-472B-95FD-73C7B5B4B598}" = Simplify Media
"{495B6040-801F-474C-ADB8-309F132CF5F9}" = iPhoneBrowser
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74C67658-A0B4-45D3-A4A0-9321D8E9CF09}" = Sonic Foundry 5.1 Surround Plug-In Pack 1.0
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB9FC2F9-7FC7-11D7-9D82-00065BABCB42}" = Reason
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{EC59BF9E-39D5-3108-A34B-12FB60ECAF8B}" = Google Talk Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avant DVD/DivX Player_is1" = Avant DVD/DivX Player
"AVG8Uninstall" = AVG Free 8.5
"BitComet" = BitComet 0.98
"Bodog Poker_is1" = Bodog Poker
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Cucusoft iPhone Ringtone Maker_is1" = Cucusoft iPhone Ringtone Maker 2.4.4
"DiskAid_is1" = DiskAid 2.12
"DraftDominator_is1" = DraftDominator Version 10.0m Full
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KeyStation1x1" = USB Keyboard Device 1.0.1.0
"LastFM_is1" = Last.fm 1.5.4.24567
"LimeWire" = LimeWire 4.16.2
"LogonStudio Vista" = LogonStudio Vista
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Native Instruments Beatport Sync" = Native Instruments Beatport Sync
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Replay_Music_3" = Replay Music 3.35
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server " = TVersity Media Server 1.0.0.8 RC5
"TVersity Media Server Pro" = TVersity Media Server Pro 1.7.2.1 Beta
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.6
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.86
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Rootrepeal Log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/05 17:44
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 000012BC
Image Path: 000012BC
Address: 0xAB1C1000 Size: 78720 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x82FCD000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8CBF4000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB2AA9000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1244 Status: Locked to the Windows API!

SSDT
-------------------
ServiceTable Hooked [0x872653f0]!

Hidden Services
-------------------
Service Name: uuzxhon
Image Path: C:\Windows\system32\drivers\ljrfpn.sys

==EOF==
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP