OTL log:
OTL logfile created on: 12/5/2009 5:45:20 PM - Run 1
OTL by OldTimer - Version 3.1.11.7 Folder = C:\Users\Chad\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.42% Memory free
4.00 Gb Paging File | 2.92 Gb Available in Paging File | 72.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.99 Gb Total Space | 172.90 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
Drive D: | 9.36 Gb Total Space | 1.23 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 13.97 Gb Total Space | 1.58 Gb Free Space | 11.30% Space Free | Partition Type: NTFS
Drive G: | 92.81 Gb Total Space | 11.18 Gb Free Space | 12.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHAD-PC
Current User Name: Chad
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/12/05 17:43:14 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Downloads\OTL.exe
PRC - [2009/11/26 08:30:16 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/29 14:13:42 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/22 12:40:36 | 00,884,736 | ---- | M] () -- C:\Users\Chad\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2009/08/19 08:08:02 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/19 08:08:02 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/19 08:07:55 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/19 08:07:32 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/19 08:07:23 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/19 13:50:24 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe
PRC - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/17 13:17:04 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/01 13:41:30 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/04/01 13:41:26 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/04/01 13:41:10 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/03/14 22:12:50 | 02,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/03/14 22:12:48 | 02,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/01/19 01:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 01:33:27 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/19 01:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/15 10:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/14 02:42:38 | 00,054,672 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jureg.exe
PRC - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/05/31 09:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/04/18 09:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 05:59:00 | 00,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
========== Modules (SafeList) ==========
MOD - [2009/12/05 17:43:14 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Downloads\OTL.exe
MOD - [2008/01/19 01:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/22 12:40:36 | 00,884,736 | ---- | M] () -- C:\Users\Chad\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/08/19 08:07:32 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/19 08:07:23 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/29 16:29:14 | 00,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/29 11:09:58 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/19 01:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/19 19:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/05/31 09:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Old CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Old SearchAssistant = http://www.seekseek....p;version_id=18
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.6
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/03 09:47:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/28 17:06:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/17 17:26:43 | 00,000,000 | ---D | M]
[2008/09/07 16:24:30 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions
[2009/12/05 17:15:37 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\bgfnqy3f.default\extensions
[2008/10/22 12:09:50 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\bgfnqy3f.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/03/26 16:16:58 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\bgfnqy3f.default\extensions\[email protected]
[2008/12/08 00:52:41 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\bgfnqy3f.default\extensions\[email protected]
[2009/12/05 17:15:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/04 20:38:14 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\system32\rdolib.dll) - C:\Windows\System32\rdolib.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 22:26:04 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dc81a133-b962-11de-825e-001e8c36b12a}\Shell - "" = AutoRun
O33 - MountPoints2\{dc81a133-b962-11de-825e-001e8c36b12a}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f287b22a-f617-11dd-a8fe-001e8c36b12a}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\L\Shell\AutoRun\command - "" = wdsync.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/10/29 23:04:14 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2009/12/05 17:10:39 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/05 17:09:48 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/30 03:07:49 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/11/29 21:45:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/29 18:11:50 | 00,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Malwarebytes
[2009/11/29 18:11:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/29 18:11:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/29 18:11:40 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/29 18:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 11:00:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft PData
[2009/11/25 16:53:38 | 00,000,000 | ---D | C] -- C:\Program Files\Bodog Poker
[2009/11/25 02:12:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/11/25 02:12:08 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
========== Files - Modified Within 14 Days ==========
[2009/12/05 17:44:55 | 03,407,872 | -HS- | M] () -- C:\Users\Chad\NTUSER.DAT
[2009/12/05 17:40:55 | 00,000,000 | ---- | M] () -- C:\Users\Chad\Desktop\settings.dat
[2009/12/05 17:09:52 | 00,000,772 | ---- | M] () -- C:\Users\Chad\Desktop\NTREGOPT.lnk
[2009/12/05 17:09:51 | 00,000,753 | ---- | M] () -- C:\Users\Chad\Desktop\ERUNT.lnk
[2009/12/05 17:08:28 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/05 17:08:28 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/05 17:08:28 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/05 17:05:32 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{68FF6BC4-3168-4BF4-8372-5D67FB6D0180}.job
[2009/12/05 17:03:39 | 00,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/12/05 17:03:24 | 00,000,498 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2009/12/05 17:03:04 | 00,002,455 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
[2009/12/05 17:02:51 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/05 17:02:51 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/05 17:02:50 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/05 17:02:33 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/05 17:02:29 | 21,384,31488 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/05 17:01:25 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/12/05 17:01:13 | 00,524,288 | -HS- | M] () -- C:\Users\Chad\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/05 17:01:13 | 00,065,536 | -HS- | M] () -- C:\Users\Chad\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/05 16:58:09 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-394915937-528073413-913584154-1000UA.job
[2009/12/05 16:29:26 | 46,243,751 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/05 15:56:12 | 00,064,512 | ---- | M] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/05 09:25:27 | 00,112,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/05 01:58:01 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-394915937-528073413-913584154-1000Core.job
[2009/11/30 03:21:18 | 02,173,869 | -H-- | M] () -- C:\Users\Chad\AppData\Local\IconCache.db
[2009/11/29 23:11:01 | 00,001,356 | ---- | M] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat
[2009/11/29 22:42:22 | 00,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/29 21:45:27 | 00,001,913 | ---- | M] () -- C:\Users\Chad\Desktop\HijackThis.lnk
[2009/11/29 18:11:45 | 00,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 11:01:07 | 00,000,691 | ---- | M] () -- C:\Personal Protector.lnk
[2009/11/28 17:05:35 | 00,000,104 | ---- | M] () -- C:\Users\Chad\Desktop\Internet - Shortcut.lnk
[2009/11/28 14:25:19 | 18,874,0157 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/25 02:12:08 | 00,001,432 | ---- | M] () -- C:\Users\Chad\Desktop\DivX Movies.lnk
[2009/11/23 13:53:33 | 00,129,672 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
========== Files Created - No Company Name ==========
[2009/12/05 17:40:55 | 00,000,000 | ---- | C] () -- C:\Users\Chad\Desktop\settings.dat
[2009/12/05 17:09:52 | 00,000,772 | ---- | C] () -- C:\Users\Chad\Desktop\NTREGOPT.lnk
[2009/12/05 17:09:51 | 00,000,753 | ---- | C] () -- C:\Users\Chad\Desktop\ERUNT.lnk
[2009/11/29 23:17:43 | 21,384,31488 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/29 21:45:27 | 00,001,913 | ---- | C] () -- C:\Users\Chad\Desktop\HijackThis.lnk
[2009/11/29 18:11:45 | 00,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 11:01:07 | 00,000,691 | ---- | C] () -- C:\Personal Protector.lnk
[2009/11/28 17:05:35 | 00,000,104 | ---- | C] () -- C:\Users\Chad\Desktop\Internet - Shortcut.lnk
[2009/11/25 02:12:08 | 00,001,432 | ---- | C] () -- C:\Users\Chad\Desktop\DivX Movies.lnk
[2009/11/23 13:53:33 | 00,129,672 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/04/21 10:34:32 | 00,006,464 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Replay Music 3 Setup Log.txt
[2008/04/03 00:36:18 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/03/25 08:56:08 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/02/11 18:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/05 19:34:31 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/05 19:34:31 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/02/01 22:32:12 | 00,000,926 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\wklnhst.dat
[2008/01/30 03:12:25 | 00,064,512 | ---- | C] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/23 02:48:12 | 00,001,356 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat
[2007/11/23 22:15:55 | 00,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/11/23 22:07:30 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1332.dll
[2007/11/23 21:56:46 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/23 21:56:46 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/04/04 13:42:00 | 00,361,472 | ---- | C] () -- C:\Windows\System32\MouseHook.dll
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2008/10/11 15:13:15 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\acccore
[2008/03/01 02:53:12 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Canon
[2008/12/13 11:41:31 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\cmw
[2009/03/03 16:34:41 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\DiskAid
[2008/07/08 10:37:26 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Flickr
[2009/11/09 14:03:03 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\GetRightToGo
[2008/10/21 13:48:26 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\LimeWire
[2008/04/01 15:53:21 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\NetMedia Providers
[2008/05/26 13:56:06 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Propellerhead Software
[2008/04/01 15:53:21 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Publish Providers
[2008/01/22 23:31:45 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Snapfish
[2008/02/01 22:33:06 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Template
[2009/02/11 13:45:34 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\webex
[2008/02/12 02:53:30 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WildTangent
[2008/01/24 03:13:13 | 00,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WinBatch
[2009/12/05 17:01:32 | 00,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/05 17:05:32 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{68FF6BC4-3168-4BF4-8372-5D67FB6D0180}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/18 23:06:48 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/18 23:06:48 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/18 22:33:23 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2007/01/13 00:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: IASTORV.SYS >
[2008/01/19 01:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 01:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s >
< End of report >
OTL Extras Log:
OTL Extras logfile created on: 12/5/2009 5:45:20 PM - Run 1
OTL by OldTimer - Version 3.1.11.7 Folder = C:\Users\Chad\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.42% Memory free
4.00 Gb Paging File | 2.92 Gb Available in Paging File | 72.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.99 Gb Total Space | 172.90 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
Drive D: | 9.36 Gb Total Space | 1.23 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 13.97 Gb Total Space | 1.58 Gb Free Space | 11.30% Space Free | Partition Type: NTFS
Drive G: | 92.81 Gb Total Space | 11.18 Gb Free Space | 12.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHAD-PC
Current User Name: Chad
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\vlc\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\vlc\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\Chad\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E3CEF7-11F4-4D48-B231-37FC21485338}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{12BB7B16-7EF5-4672-B8FD-F14D7D6C05BE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{138DCFFF-C3E4-4BEB-87AC-34047F5D0FE0}" = lport=3689 | protocol=6 | dir=in | name=itunes remote |
"{1B77BADA-A815-4A16-B690-A980A69093A8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C9D703F-B675-4664-90D2-329D0E78FFA6}" = rport=10244 | protocol=6 | dir=out | app=system |
"{1EFFC573-002E-4A68-959C-71ACFE55DC1B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1F4B08B9-CB37-4522-A640-EF64D6576D46}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29CEFE13-6B15-41FC-874E-957164EE795E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{2B7B0643-1A65-4A4C-AEB7-C8290EB2D0DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{348045F9-9D83-4613-B0FC-C03BCDCC71F0}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3BC304A7-3007-4666-8FDC-67207FDBE12D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EFEF596-EF69-421C-9B14-85CD73D6D1DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41CBC302-5B12-43BF-A31B-1F917A5A70B5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{508BE8BF-4E4E-4514-B6CE-B4428C0D2F77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56838460-8D99-42E3-9F38-333BE74D9D73}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{590E1091-E25B-42BD-ABA6-8F7473D05123}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{59DB67B1-A756-4636-9660-09FFEC3945FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61466339-D035-442C-977C-395AE6245412}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{664CC48F-BD8A-4CBC-AABB-30D735FED87A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7344DC30-F4AB-4D9C-847D-6839B1953E6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80C7CE14-80EF-4BAE-9E92-2508CD542AD7}" = lport=15846 | protocol=6 | dir=in | name=bitcomet 15846 tcp |
"{839BDC3D-507C-4D66-B769-3A03293F9CA7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8638FA1E-3B3E-46E1-82C4-3A73CA8A6C47}" = lport=57016 | protocol=6 | dir=in | name=pandorest listening port |
"{8F353A04-B100-4D94-8160-A8DDA8D092AC}" = lport=5353 | protocol=17 | dir=in | name=itunes remote |
"{93E03E58-A814-4319-991A-C9C54E54D475}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{972CF975-01EF-45D6-9E8E-840DEB604AA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A02024D1-C01D-4244-974A-5344F4E17D68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD753FB4-3262-4C7C-B15D-7F433C141DFB}" = lport=15846 | protocol=6 | dir=in | name=bitcomet 15846 tcp |
"{B1535FBB-8F9C-4869-B324-A617D286D6AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB19CC7B-3AEA-46A0-840B-4E82129D2690}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C82BE212-F989-4441-8F89-606C858C16C5}" = rport=2869 | protocol=6 | dir=out | app=system |
"{CFF0BEBC-B480-490A-B5B9-24DB767B67C5}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D586F5D9-6D34-49E7-B121-6C4F5B116E06}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6C4CF2C-475B-4560-9906-CABB29130B06}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA3459EA-CF4D-4F63-87D1-A76D061648F2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC8BAB40-D515-48AB-818D-FB5F0E064E8B}" = lport=3390 | protocol=6 | dir=in | app=system |
"{DF63D1F3-BD5C-453E-BAF3-46A79838756C}" = lport=15846 | protocol=17 | dir=in | name=bitcomet 15846 udp |
"{E086ED4D-414C-42D5-A371-DC97341A3A61}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6E0015A-FCC0-4297-9349-9AB47B6D7D66}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E79CB07B-B313-46D8-B6DE-70A228F163EE}" = lport=3390 | protocol=6 | dir=in | app=system |
"{EDCC5CB1-DA0F-4CBE-9CC0-46F15AA00D11}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EF0FDEE0-712B-40D7-8667-44EA28BE5065}" = lport=15846 | protocol=17 | dir=in | name=bitcomet 15846 udp |
"{F1B381A8-BAC8-40B2-8D2C-9C65AFE543E2}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F34894B1-DEED-436E-84D8-E7AAB9998691}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5D51C6D-C245-43D3-864F-1BC11B235DC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8F3CB9D-81B6-4799-B4ED-CC5CF474A524}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0056469A-BE57-498A-89FA-272C24324623}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{02B5C58A-ACE2-46B0-AF46-E8521FF9AACC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09BC8C54-E16A-4FC8-8002-551CE3DEA6C1}" = protocol=58 | dir=in | [email protected],-148 |
"{0B068EE5-42F9-439D-9BCF-0248D1136246}" = protocol=17 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{0B103B02-BF0C-4728-8C64-D0B295D62645}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{166083D6-C09A-4991-8E5D-58CC211D29BD}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{173178E4-AF82-48AB-8BD7-40B268BAF69B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{19C8F985-E9BF-4360-9B6B-B18BCD77769A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1D036B2F-7CBD-4009-9EE8-CB5A4E335DAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D4F3A86-B1F0-4D6E-8C82-B956FF96328A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F80E781-8458-41DA-B118-D5AA270E9FA7}" = protocol=17 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{20830C31-8D77-4DCF-AB9C-5A4F08B0F008}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24A8B6DD-B36C-4A8A-8EEA-9406ECE904B1}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{25AEC76E-80D3-46C7-98D3-5282996D9705}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28612311-EF49-4F91-B016-B9DCDE2D0906}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{286D95B8-AF13-451A-A9FF-C659072141ED}" = protocol=6 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{30877E2F-9151-4023-A808-F6145D50632C}" = protocol=6 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{311201B3-9578-430D-AE10-87F3C08422D5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{328B8345-1AD2-4EC4-954C-F539E4F5453A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34F9A8A9-6FB5-437C-A8FB-C42F550C53DE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{35396C8C-05DA-4EDF-8FA4-642F8DD0B6E2}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{368DE845-29F2-4981-B90F-36F6769EDD4F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3B4D2EE0-14AA-4E52-9A34-441249D8B164}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CB5536B-7131-4B3A-87DD-A757D461F850}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3F84E66F-7375-49E6-AC33-F94428942539}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{40D62FDD-FA5D-460E-AA27-2211C66BC6A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{429A0A0C-AECF-4223-B6C7-A2C45B8354A2}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{453919E3-ED17-4F50-974D-2F926485C910}" = protocol=6 | dir=in | app=c:\users\chad\appdata\local\tversity\media server\mediaserver.exe |
"{4A534350-7460-4F6D-A7D9-85B6D547F20F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4C2BFFCD-CF92-4111-8608-4CC540C55A41}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4C4FA9D7-5684-4822-983A-64AD301C0598}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{50B40062-EFE8-4FEC-9E1A-614ED5432888}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{51A93094-2F6F-497D-9A3F-80D624AAE27C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53240C43-3271-4AD5-9B05-FF2E20E5DF88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55DF067A-774A-41C9-BBC2-523C6F69142B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{581F03E4-EF23-4C44-B6D4-FD90849E4300}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5844F4C3-84D4-4BB5-B9FD-9E9AB39B0BFB}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{59A87A4F-55A6-4DDE-A92D-308F5160283B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AC70D4D-3F1B-4E8D-AAD2-F2CB55333EEC}" = protocol=17 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{5AD190FD-CED6-41D8-B8C5-B09E51B0D209}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{5C5A2E29-DDE2-4AB2-AD6B-6EDBE2FBED33}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{62FC6FE9-644C-4E34-9D23-F5EFA3E7AEEB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{631250FD-6309-4A4F-A5E5-CF5C78D07A5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63AF5C2D-CFE4-46C9-AE21-54A7CC7E0C1E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{656C6EF3-F7FA-4979-8F37-1AE0E1D37A51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67871FCA-36C3-4B73-8A9C-8237E26FF41E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67A7C90F-C417-406F-839E-EBA2CA0506DB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{67DF68B3-621B-4893-9FDA-81E0B9594943}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{699DB67B-463E-448F-8481-E78C81D3B50D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6AF69B39-8538-475F-AB9B-2125BD5AE135}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{6E694703-629E-4270-A067-9949F31A0343}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72715F4E-7AFE-4ECE-B1AE-7504226F4B9A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{72C511A6-BBFE-4492-BE81-4D428E3050A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72C5AC15-2784-4027-B479-EAE9F0F3C1DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{739C036A-AA72-4806-B8EA-03A5AA8502B3}" = protocol=6 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{74957D82-D957-4B7C-84DB-94C8A86C1487}" = protocol=6 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{758CE82E-1E07-4EBC-AAC9-FF6047722F80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76C99AF3-1258-4BBB-87BD-C422D5851560}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{78824E47-CD58-4B68-B386-B834F6CC9614}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{78F6090B-0892-4862-9927-F847802ACEBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BCD1DEA-FCCB-4C96-A8FC-F072E3DECD33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7ECF2C03-3522-4141-9F6B-DBC7714FD605}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80C0B821-2EEC-4C74-B3D2-41926941AFB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81335750-AF1A-40CA-8C89-BB3B7E0EA541}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8175E15C-3A76-4487-9EEC-0FFF935A4380}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{845A20FC-E46E-4587-ADA0-63A610089A92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{849599C2-DFBA-467D-A134-8FDC59EA4631}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E548DCC-47FA-4485-BEB3-C75E082A1E58}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9469C13C-4E21-4E8A-B839-E56524E566C6}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{94E5DA72-B596-43EB-B036-40B67D729BBA}" = protocol=6 | dir=out | app=system |
"{96303944-6D3C-4686-BF0D-1C18721154A3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9A05AA5C-40A6-454A-9B37-BA933C494E01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A19D9DF-537E-40C8-9905-B1E7989BB83E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9AC6880D-CB9C-47D1-A790-D545DCAF57D0}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9C903CA8-31A7-4DB5-863F-A1BC862CBFC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CC9E304-46D4-4136-B4FC-0A619491F34B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9D08D5C4-05FF-46E2-9303-4BD86BBB8E5F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9DC3D583-6755-4FE4-8057-8926BE714C4B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{A4589985-A651-4B51-BCDE-A258BE787E16}" = protocol=17 | dir=in | app=c:\users\chad\appdata\local\tversity\media server\mediaserver.exe |
"{A6D13874-EB47-4494-9DFC-BE987FEEED32}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AEBA25E1-9B21-4482-9C07-24B4801C008C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B04DF8B3-CABF-4260-B78E-9E6D1042E902}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1075E4D-3282-4756-B5E6-52D20EB3EF31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B10A775A-72AD-4644-8A17-1652650ED8B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B29D18C2-058A-4988-9C12-CA20E6A6F1A6}" = protocol=17 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{B2ED47DF-CD97-41CC-8AE6-0673BD943481}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B33A66E5-FFB4-4375-A64A-7969F7D0230D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B67B6B52-7659-4295-920B-3C9CE66D2B2B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B6E2D633-5F4D-4034-ADF0-EEEF96708070}" = protocol=6 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{B70CBFD8-6BD2-442B-B5B2-AB86C8A4E457}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BA6A65D1-C01E-4F89-9D19-2362A2B93825}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA925560-8B58-4C6A-9698-023B6CD0BFAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C06D02F0-DCE9-4639-BF92-BC3113D7EDF0}" = protocol=6 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{C3189EE1-65E3-40E4-97D7-871C975D58A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C377DFBF-57C6-4252-BDF9-791D5B445BB9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C7A9180F-6FBE-46D9-82AA-CF9A72984ACE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8A99889-5F15-41B5-A4C9-04EE29166A25}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C8B042E4-D028-450A-9F06-3517DE5C6AAB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CA82CA82-3418-41E1-A4E3-DED97C325C78}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{CAA15642-F684-4E30-BC41-93E83404408F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CBAA4900-F2E6-404A-BA6B-FC6BF80EA76E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CC0794B4-5FA3-43E4-ADD9-F18F4F63251C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CC514EB3-1264-4595-B73A-D5D1A8D15617}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0BCE245-8F7D-4BD9-AA2F-15AD8F5B0834}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D129C26A-83EC-4117-9462-41AE1C218C70}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D12BCC15-C614-4DB5-8507-404FD19B14CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D219A472-1E74-44A2-9773-5DDDCD104B2E}" = protocol=17 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D76DF4FB-6384-414F-BC22-8235BF53A493}" = protocol=17 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{D9433783-CD6E-45FF-B96B-BBBBCD44CA95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9AD5817-3868-472B-B668-B3DFE7C408CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBC0E664-8F59-44F8-AAAA-9B34487E7194}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E00E0BD5-D0D9-4E0E-9C8A-6EC2DBB7EA98}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E1355801-6FCF-4307-9C5F-6B97911676B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3127235-0070-436F-A062-5BA12247A84F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6F16048-83AA-4376-A162-ADACED9AD859}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7BF71A8-2062-429E-9554-DE56EA3B3A8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7C92608-3BFE-4D43-8BE1-348C4BA59302}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EAEA4026-2E75-43FB-AB59-845204830AE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB42AC2F-2353-45A1-B4AA-15992BDA3F9B}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{F034951F-77E9-4D06-9D27-60BAE224D9A2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F2B9CDF0-EC27-4811-8767-14A5679D4486}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{F3F073A7-F254-4BDD-8F0E-A89085FD1ACB}" = protocol=17 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{F48E29EC-CE8E-45D6-A5A0-70F53D3FD01B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8AA839A-DCA1-43C0-AF3C-C443F97D16DD}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F8FB4107-E264-439E-BC39-F3BD3EDC2434}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB7391BD-7577-4900-A803-A94A646C2397}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF25E7D9-B6E8-4EB2-B99A-1AF5601CED15}" = protocol=6 | dir=in | app=c:\users\chad\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{0026DA7E-D863-4353-AD9D-68CD91BBC27D}C:\program files\microsoft broadband networking\msbnupdate.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbnupdate.exe |
"TCP Query User{056D6174-AAC7-457D-8499-28017F54D36D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1808B353-FE16-44A5-8CCF-5BD58FC06809}C:\program files\microsoft broadband networking\msbnutil.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbnutil.exe |
"TCP Query User{37E15C7E-8CB0-4B56-8BD2-CEE81B70A40F}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{38CDEF8B-5FC5-4A51-89BA-5B7336A833FC}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{4CB85AFB-E0D9-463D-94C3-43C26E51D0E2}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{51EA4E1E-10D9-4254-8BD2-670874841914}C:\program files\microsoft broadband networking\msbnupdate.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbnupdate.exe |
"TCP Query User{60F26974-FF8E-4E04-8A8E-AD3580139C5E}C:\program files\simplify media\simplifymedia.exe" = protocol=6 | dir=in | app=c:\program files\simplify media\simplifymedia.exe |
"TCP Query User{62E80AB6-8423-442E-9165-1D70857D4374}C:\program files\microsoft broadband networking\msbncfg.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbncfg.exe |
"TCP Query User{965F0A46-C3F0-48F4-B8E2-EFEF40C7F67D}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{9CD07DA1-D0BA-416F-87F6-637AD2360719}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{BE31A25B-E882-4706-87CF-233AA3472606}C:\program files\microsoft broadband networking\msbncfg.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbncfg.exe |
"TCP Query User{C49AE4D8-5344-4DE3-B633-1256B8DE5302}C:\program files\microsoft broadband networking\msbnutil.exe" = protocol=6 | dir=in | app=c:\program files\microsoft broadband networking\msbnutil.exe |
"TCP Query User{CCE63763-C27E-4640-B5EB-D5C5EC9B46EF}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{EDE59C10-F8E1-4333-9BC7-5BAC2EA6634D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F9C8947A-5FC8-42F9-ABBF-B6E9FBA3E7D2}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{30563EC8-8EAB-40E9-B975-4AE3099D5989}C:\program files\simplify media\simplifymedia.exe" = protocol=17 | dir=in | app=c:\program files\simplify media\simplifymedia.exe |
"UDP Query User{31889C9F-7847-4247-9F75-485BDB1F5B78}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{42F03A01-3DBB-4AA2-8964-51D12E7DD5C8}C:\program files\microsoft broadband networking\msbnutil.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbnutil.exe |
"UDP Query User{5A4A1FCA-4BDF-43C5-8F19-3009E476C867}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{6686E8D6-93FB-418F-A2E2-47BFEB3E8D26}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{6740F048-782E-4918-8605-D74F0EFC62C2}C:\program files\microsoft broadband networking\msbnupdate.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbnupdate.exe |
"UDP Query User{79E8839B-0092-4E77-907A-10804BC990BC}C:\program files\microsoft broadband networking\msbnutil.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbnutil.exe |
"UDP Query User{80F58BBE-2B06-4F33-90BD-84356F408C1C}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{843F2944-88E3-40B5-8DEA-41BF069715CA}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{84B3990E-1A90-418E-98D5-95F1C7F44B15}C:\program files\microsoft broadband networking\msbncfg.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbncfg.exe |
"UDP Query User{9169E349-76DA-407D-92E9-656970AACEB3}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{927D00D2-82C8-4A2B-A02E-52887CFB6A81}C:\program files\microsoft broadband networking\msbncfg.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbncfg.exe |
"UDP Query User{A431EAF5-8B3D-4FE9-A8F2-EAA4D759C096}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{C19BB74C-6F43-406B-831A-49248E89EE9A}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{E01710F6-AF25-4C2C-9224-3C295971FF07}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EBA66B54-17F5-4D6C-9F8D-B5066E83EA39}C:\program files\microsoft broadband networking\msbnupdate.exe" = protocol=17 | dir=in | app=c:\program files\microsoft broadband networking\msbnupdate.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2C84BB95-1DB9-4AC4-8750-F979BBCDD859}" = Microsoft Broadband Networking
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3C3DB57C-522F-47A0-B56F-EF745BCFB0CF}" = Sonic Foundry ACID 4.0b
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43274993-56DB-472B-95FD-73C7B5B4B598}" = Simplify Media
"{495B6040-801F-474C-ADB8-309F132CF5F9}" = iPhoneBrowser
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74C67658-A0B4-45D3-A4A0-9321D8E9CF09}" = Sonic Foundry 5.1 Surround Plug-In Pack 1.0
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB9FC2F9-7FC7-11D7-9D82-00065BABCB42}" = Reason
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{EC59BF9E-39D5-3108-A34B-12FB60ECAF8B}" = Google Talk Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avant DVD/DivX Player_is1" = Avant DVD/DivX Player
"AVG8Uninstall" = AVG Free 8.5
"BitComet" = BitComet 0.98
"Bodog Poker_is1" = Bodog Poker
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Cucusoft iPhone Ringtone Maker_is1" = Cucusoft iPhone Ringtone Maker 2.4.4
"DiskAid_is1" = DiskAid 2.12
"DraftDominator_is1" = DraftDominator Version 10.0m Full
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KeyStation1x1" = USB Keyboard Device 1.0.1.0
"LastFM_is1" = Last.fm 1.5.4.24567
"LimeWire" = LimeWire 4.16.2
"LogonStudio Vista" = LogonStudio Vista
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Native Instruments Beatport Sync" = Native Instruments Beatport Sync
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Replay_Music_3" = Replay Music 3.35
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server " = TVersity Media Server 1.0.0.8 RC5
"TVersity Media Server Pro" = TVersity Media Server Pro 1.7.2.1 Beta
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.6
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.86
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Rootrepeal Log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/05 17:44
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: 000012BC
Image Path: 000012BC
Address: 0xAB1C1000 Size: 78720 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x82FCD000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8CBF4000 Size: 45056 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB2AA9000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1244 Status: Locked to the Windows API!
SSDT
-------------------
ServiceTable Hooked [0x872653f0]!
Hidden Services
-------------------
Service Name: uuzxhon
Image Path: C:\Windows\system32\drivers\ljrfpn.sys
==EOF==