virtumonde.sdn infection

dmanshead · July 13, 2010

I got the virtumonde.sdn infection and haven't been able to get rid of it. I first tried with spy-bot then found malwarebytes. after running malwarebytes it seemed to work but I notice my browsers are hijacked if i try to click on a link from say google pages. now it gives me a bad request screen instead of bad results. every once inawhile if just sitting idle my antivirus goes off and wants some program renamed and moved to chest. here is my log file.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:53:12 PM, on 7/12/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Winamp Remote\bin\orbtray.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Sean\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Windows\System\w98eject.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Winamp Remote\bin\Orb.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: MySpace Toolbar - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: MySpace Toolbar - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Startup: CurseClientStartup.ccip

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: w98Eject.lnk = ?

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://media.keytrain.com/player/IE/awswaxd.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.charter.net/files/charter/securitysuite/fscax.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--

End of file - 12476 bytes

kahdah · July 13, 2010

Hello dmanshead

Welcome to Malwarebytes.

=====================

Download OTL to your desktop.
Double click on OTL to run it.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Under Custom scan's and fixes section paste in the below in bold

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
It may take a minute to load and become available.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
IAT/EAT
Drives/Partition other than Systemdrive (typically only C:\ should be checked)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Click OK and quit the GMER program.
Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
Post that log in your next reply.

dmanshead · July 13, 2010

Thanks for the timely response, here they are...

OTL logfile created on: 7/13/2010 10:51:40 AM - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Sean\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.76 Gb Total Space | 298.11 Gb Free Space | 64.01% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 76.37 Gb Free Space | 16.40% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SEAN-PC

Current User Name: Sean

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Sean\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\Sean\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - C:\Program Files\MySpace\IM\MySpaceIM.exe ()

PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Program Files\SoulseekNS\slsk.exe ()

PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)

PRC - C:\Program Files\Winamp Remote\bin\Orb.exe (Orb Networks, Inc.)

PRC - C:\Windows\system\w98eject.exe (Sigmatel)

========== Modules (SafeList) ==========

MOD - C:\Users\Sean\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ServiceLayer) -- File not found

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)

DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)

DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)

DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)

DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)

DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)

DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)

DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)

DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)

DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)

DRV - (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM) -- C:\Windows\System32\drivers\s616unic.sys (MCCI Corporation)

DRV - (s616obex) -- C:\Windows\System32\drivers\s616obex.sys (MCCI Corporation)

DRV - (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS) -- C:\Windows\System32\drivers\s616nd5.sys (MCCI Corporation)

DRV - (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s616mgmt.sys (MCCI Corporation)

DRV - (s616mdm) -- C:\Windows\System32\drivers\s616mdm.sys (MCCI Corporation)

DRV - (s616mdfl) -- C:\Windows\System32\drivers\s616mdfl.sys (MCCI Corporation)

DRV - (s616bus) Sony Ericsson Device 616 driver (WDM) -- C:\Windows\System32\drivers\s616bus.sys (MCCI Corporation)

DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)

DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (DCamUSBVeo532) -- C:\Windows\System32\drivers\ubVeo532.sys (IC Media Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0

FF - prefs.js..extensions.enabledItems: myspacefftb@myspace.com:1.0.72.0

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1

FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20100408Wb1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6

FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/13 05:22:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Program Files\MySpace\Toolbar\1.0.72.0\ [2010/02/27 11:38:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/04 19:59:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 11:42:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/02 23:27:09 | 000,000,000 | ---D | M]

[2009/09/17 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions

[2009/03/27 06:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/09/17 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2010/07/04 00:50:41 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8ebfyefd.default\extensions

[2010/05/26 16:44:13 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8ebfyefd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2010/05/30 02:03:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8ebfyefd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/04/16 21:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8ebfyefd.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2010/05/08 10:04:17 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8ebfyefd.default\extensions\firebug@software.joehewitt.com

[2010/02/22 01:01:55 | 000,002,163 | ---- | M] () -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8ebfyefd.default\searchplugins\bing.xml

[2009/09/28 18:46:40 | 000,002,160 | ---- | M] () -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8ebfyefd.default\searchplugins\MySpace.xml

[2010/05/26 17:15:17 | 000,001,196 | ---- | M] () -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8ebfyefd.default\searchplugins\winamp-search.xml

[2010/05/29 01:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/28 11:42:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/10/15 04:45:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2009/11/09 21:22:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/04/14 08:14:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

[2010/04/18 15:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/06/28 11:42:18 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/06/28 11:42:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/07/13 17:15:58 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2010/06/28 11:42:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2010/06/19 12:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/06/20 17:43:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/06/20 17:43:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/06/20 17:43:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/06/20 17:43:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/06/20 17:43:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/06/20 17:43:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/06/20 17:43:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/05/25 09:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

[2010/06/23 22:59:16 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/06/23 22:59:16 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/06/23 22:59:16 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/06/23 22:59:16 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/06/23 22:59:16 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/06/23 22:59:16 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/06/23 22:59:16 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/08/16 14:41:30 | 000,321,588 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 11019 more lines...

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [soundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

O4 - HKCU..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()

O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://media.keytrain.com/player/IE/awswaxd.cab (Macromedia Authorware Web Player Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} http://www.charter.net/files/charter/securitysuite/fscax.cab (F-Secure Online Scanner 3.0)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Sean\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Sean\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{6a6c4fc2-effa-11db-8881-0019db604555}\Shell - "" = AutoRun

O33 - MountPoints2\{6a6c4fc2-effa-11db-8881-0019db604555}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O33 - MountPoints2\{9f3e2950-304c-11dd-8196-0019db604555}\Shell - "" = AutoRun

O33 - MountPoints2\{9f3e2950-304c-11dd-8196-0019db604555}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found

O33 - MountPoints2\{f1477121-4b17-11dc-a282-0019db604555}\Shell - "" = AutoRun

O33 - MountPoints2\{f1477121-4b17-11dc-a282-0019db604555}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/13 10:30:28 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe

[2010/07/11 13:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2010/07/10 01:35:24 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Malwarebytes

[2010/07/10 01:35:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/07/10 01:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/07/10 01:35:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/07/10 01:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/07/10 00:48:40 | 000,000,000 | ---D | C] -- C:\VundoFix Backups

[2010/06/27 21:19:46 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\missy

[2010/06/27 13:50:39 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\vlc

[2010/06/27 13:00:11 | 000,000,000 | ---D | C] -- C:\avi2dvd.temp

[2010/06/27 12:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid

[2010/06/27 12:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow

[2010/06/27 12:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Haali

[2010/06/27 12:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5

[2010/06/27 12:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avi2Dvd

[2010/06/24 03:00:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/06/24 03:00:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/06/24 03:00:49 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/06/23 13:35:03 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/06/23 13:35:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010/06/20 17:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/06/20 17:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/06/20 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/06/16 10:42:13 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\phonecard

========== Files - Modified Within 30 Days ==========

[2010/07/13 10:55:26 | 008,126,464 | -HS- | M] () -- C:\Users\Sean\NTUSER.DAT

[2010/07/13 10:52:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{29760909-8F74-4EC4-B956-CB459F70074F}.job

[2010/07/13 10:31:13 | 000,293,376 | ---- | M] () -- C:\Users\Sean\Desktop\g2ninro6.exe

[2010/07/13 10:30:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe

[2010/07/13 10:26:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/07/13 10:26:51 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1178376959-1097443270-983249577-1001UA.job

[2010/07/13 10:26:50 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/07/13 10:26:49 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/07/13 10:26:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/07/13 03:50:25 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/07/13 03:50:25 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/07/12 23:57:02 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/07/12 23:57:02 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/07/12 23:57:02 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/07/12 23:50:37 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/07/12 23:50:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/07/12 23:50:12 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys

[2010/07/12 23:47:45 | 001,958,616 | -H-- | M] () -- C:\Users\Sean\AppData\Local\IconCache.db

[2010/07/12 22:48:44 | 000,524,288 | -HS- | M] () -- C:\Users\Sean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2010/07/12 22:48:44 | 000,065,536 | -HS- | M] () -- C:\Users\Sean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010/07/12 21:33:54 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{351F992F-0EC9-4B2E-8E57-54048D372291}.job

[2010/07/12 14:56:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1178376959-1097443270-983249577-1001Core.job

[2010/07/11 23:48:08 | 000,095,232 | ---- | M] () -- C:\Users\Sean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/07/11 16:46:09 | 000,028,160 | ---- | M] () -- C:\Users\Sean\Documents\Gene's Services.doc

[2010/07/10 01:35:16 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/09 23:48:51 | 000,001,356 | ---- | M] () -- C:\Users\Sean\AppData\Local\d3d9caps.dat

[2010/07/09 18:36:13 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2010/07/09 01:21:15 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2010/07/04 01:56:50 | 000,002,037 | ---- | M] () -- C:\Users\Sean\Desktop\Google Chrome.lnk

[2010/07/04 01:56:50 | 000,001,999 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/07/02 19:03:37 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini

[2010/07/02 10:08:46 | 000,011,214 | ---- | M] () -- C:\Users\Sean\Documents\torrents for cannabis.docx

[2010/06/28 00:02:54 | 000,000,552 | ---- | M] () -- C:\Users\Sean\Desktop\Soulseek - Shortcut.lnk

[2010/06/27 13:50:24 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/06/27 12:11:54 | 000,033,019 | ---- | M] () -- C:\Windows\System32\CoreAAC-uninstall.exe

[2010/06/27 12:08:34 | 000,000,748 | ---- | M] () -- C:\Users\Sean\Desktop\Avi2Dvd.lnk

[2010/06/26 23:44:51 | 000,002,077 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail (2).lnk

[2010/06/19 16:42:49 | 000,013,542 | ---- | M] () -- C:\Users\Sean\Documents\scholarly studies.xlsx

[2010/06/19 16:29:11 | 000,012,294 | ---- | M] () -- C:\Users\Sean\Documents\scholarly label.docx

[2010/06/19 15:42:35 | 000,011,441 | ---- | M] () -- C:\Users\Sean\Documents\pplable.docx

[2010/06/18 13:17:43 | 000,012,560 | ---- | M] () -- C:\Users\Sean\Documents\screen sav-ya.docx

[2010/06/15 00:53:44 | 000,000,724 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 7.lnk

[2010/06/15 00:53:44 | 000,000,700 | ---- | M] () -- C:\Users\Sean\Desktop\DVDFab 7.lnk

========== Files Created - No Company Name ==========

[2010/07/13 10:31:17 | 000,293,376 | ---- | C] () -- C:\Users\Sean\Desktop\g2ninro6.exe

[2010/07/10 01:35:16 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/09 23:50:07 | 3220,627,456 | -HS- | C] () -- C:\hiberfil.sys

[2010/07/02 10:08:43 | 000,011,214 | ---- | C] () -- C:\Users\Sean\Documents\torrents for cannabis.docx

[2010/06/28 00:02:54 | 000,000,552 | ---- | C] () -- C:\Users\Sean\Desktop\Soulseek - Shortcut.lnk

[2010/06/27 13:50:24 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/06/27 12:13:02 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/06/27 12:13:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/06/27 12:12:41 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/06/27 12:11:54 | 000,033,019 | ---- | C] () -- C:\Windows\System32\CoreAAC-uninstall.exe

[2010/06/27 12:08:34 | 000,000,748 | ---- | C] () -- C:\Users\Sean\Desktop\Avi2Dvd.lnk

[2010/06/26 23:44:51 | 000,002,077 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail (2).lnk

[2010/06/19 16:29:11 | 000,012,294 | ---- | C] () -- C:\Users\Sean\Documents\scholarly label.docx

[2010/06/18 12:30:35 | 000,013,542 | ---- | C] () -- C:\Users\Sean\Documents\scholarly studies.xlsx

[2010/06/18 10:49:52 | 000,011,441 | ---- | C] () -- C:\Users\Sean\Documents\pplable.docx

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2009/10/20 13:05:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2009/04/14 08:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll

[2009/04/04 01:27:24 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Veo532ut.dll

[2008/12/11 13:41:01 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2007/08/11 19:26:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/04/13 17:46:37 | 000,001,029 | ---- | C] () -- C:\Windows\maxlink.ini

[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2002/09/08 19:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2002/08/09 13:15:16 | 000,101,376 | ---- | C] () -- C:\Windows\System32\Welsof32.dll

[2002/06/11 00:08:00 | 000,023,180 | ---- | C] () -- C:\Windows\System32\evgainit.sys

[2002/05/13 02:16:19 | 000,356,352 | ---- | C] () -- C:\Windows\System32\xvid.dll

[2002/01/08 16:57:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Jpeg32.dll

[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\Windows\System32\VxDMDcDlg.dll

========== LOP Check ==========

[2009/04/24 07:44:28 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Acreon

[2009/06/05 23:07:15 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/03/26 19:27:20 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\DVDFab

[2009/04/04 01:19:39 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\GlobalSCAPE

[2009/10/10 02:46:15 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\ICQ

[2010/02/04 21:39:08 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\ImgBurn

[2008/06/03 01:04:25 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\jPodder

[2009/09/18 03:26:46 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\LimeWire

[2008/06/09 22:48:57 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Nokia

[2008/12/18 21:37:17 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\OpenOffice.org

[2008/05/22 08:47:25 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\PC Suite

[2008/01/04 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\RipIt4Me

[2007/07/26 20:22:35 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\VERITAS

[2010/06/15 00:53:50 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Vso

[2010/07/12 23:11:10 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/07/13 10:52:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{29760909-8F74-4EC4-B956-CB459F70074F}.job

[2010/07/12 21:33:54 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{351F992F-0EC9-4B2E-8E57-54048D372291}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2007/04/10 07:23:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010/07/12 23:50:12 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys

[2009/09/18 10:00:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/09/18 10:00:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/02/04 03:24:55 | 000,000,000 | ---- | M] () -- C:\OrbPVR.db

[2010/07/12 23:50:10 | 3534,442,496 | -HS- | M] () -- C:\pagefile.sys

[2008/06/03 07:12:02 | 000,000,158 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 04:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2009/03/08 04:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

[2010/05/03 22:55:41 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll

[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

[2008/01/19 00:36:39 | 000,357,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\taskschd.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/05/28 04:04:52 | 000,014,896 | ---- | M] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2006/11/02 02:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL

[2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp70v.dll

[2008/01/19 00:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL

[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

[2002/01/08 15:51:00 | 000,047,616 | ---- | M] (Black Ice Software) -- C:\Windows\System32\spool\prtprocs\w32x86\ppbiPr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:370EF5E8

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:07D3634B

< End of report >

dmanshead · July 13, 2010

OTL Extras logfile created on: 7/13/2010 10:51:40 AM - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Sean\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.76 Gb Total Space | 298.11 Gb Free Space | 64.01% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 76.37 Gb Free Space | 16.40% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SEAN-PC

Current User Name: Sean

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{012C3BBF-D9A1-4115-A616-44BC76233851}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{0C18187D-C3BF-46EA-A79A-7795F946C290}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{187B75EB-4A7D-45F1-AD47-2A60858F034C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{1AAB76FE-4340-4B6B-B072-72E453916FAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{32BB460E-828B-470A-AB56-FA738E7DCA20}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{33A093EC-4728-4EE5-A161-3A8B7C82228E}" = lport=445 | protocol=6 | dir=in | app=system |

"{33D506E4-1979-46E5-BE75-921067B9A888}" = lport=138 | protocol=17 | dir=in | app=system |

"{3A67A0DE-6E22-4299-8CAF-3AAA1E3B8CE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4E5338A4-D71F-4228-8797-A32AE890B8AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{513BC3E2-A4BC-4A4D-A7E4-DC2F106A6F3B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{63255316-BC17-4883-8BF2-4D9F2CE72DC5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{723421A0-FBEC-4F96-83DA-E033406B8E62}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{77CC248C-8D97-4933-A81C-9D8E3F7100AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{79DC4876-D6C6-444B-94AC-0BC75BDA7C34}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7DF99746-E0A0-483A-BB18-F0BC64FE40E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8D5D5FD2-3F02-434F-84E0-4E3AF5BFB3D0}" = lport=137 | protocol=17 | dir=in | app=system |

"{91415F36-1DC9-4A21-9EE2-1C1CD712690A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{95D49940-ABCB-4597-9A79-03E7616592AD}" = lport=139 | protocol=6 | dir=in | app=system |

"{A290D0EA-12C6-45B9-B89B-1F4E8A990F7D}" = rport=10243 | protocol=6 | dir=out | app=system |

"{A761860D-1012-48E0-A13F-C4377A138328}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A8337319-EE87-4C74-AAED-5DC87AE3B888}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{ABDF46CC-8F6A-4B56-A68B-8C4C4BDA54A8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B682F298-0E45-44D6-AC01-EEBA707BB345}" = rport=139 | protocol=6 | dir=out | app=system |

"{BBAC15B3-673E-430B-AA08-8ECD0AD8F8DB}" = lport=10243 | protocol=6 | dir=in | app=system |

"{C5A76F91-4EBF-484A-858E-7A40A9391140}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{C6EE9EC0-8F4E-473F-8D12-13222F67D9B5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{D5F5E123-BC24-4614-A463-09F9040B1EAF}" = rport=137 | protocol=17 | dir=out | app=system |

"{DA2F7124-488A-4813-8F4A-EAFDA0F80ECB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E1B37985-C0D2-4B7A-A6CD-FB7F1FB1D39C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E81256C9-AA7C-446D-A1A3-C8801E5A471B}" = rport=445 | protocol=6 | dir=out | app=system |

"{F3BF596D-B2FA-4827-95B2-D988620F296B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F929271D-989C-4FDC-A8BA-28F52AF0E361}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FB099C8F-22BF-4A2A-9A3A-39CE3E570AE6}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{027E7126-BB05-4CF9-8C40-7D815F2636D8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{05A4FE28-58DF-4A25-99A2-ACB40ADF8681}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{07A53372-E397-48BC-9530-1FDCE8C1C2F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{08DAA55E-A077-47BC-BDB7-CA406A303B40}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |

"{0D466592-49FB-4B4A-A2FD-8915BD44A642}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |

"{17240E08-7A50-4FCB-824D-2A389D272F42}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |

"{182959B4-0CA9-4407-A74A-22C45B52D26F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |

"{28454B5B-22C3-43F4-B936-11AD989728B0}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |

"{3269B502-2AC3-45EF-98F1-68C146F6120F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{32C34999-7D1A-401F-A866-8F0B6D92877A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

"{330A8BF4-5977-423D-942F-B3F43E40DF17}" = protocol=6 | dir=out | app=system |

"{384013B4-260A-4029-AA13-7814BE66326E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3A05B810-E11B-4AF2-AB32-D8A9C8BBE453}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{41E8309B-FC05-47B3-B3FE-4D2D0A0617AB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{422F3E6F-6E6A-4DFD-87DC-0EA9F60D2FB9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{44EE67C4-90FD-47A4-9C26-DFE389C4A189}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4621C2D4-1776-4193-9014-3ED95D018DFA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{4AA2B41F-D89C-4FC8-AF66-D85CC6CD323C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{4BE6F88C-FDA7-4ADB-9321-ABE8BA9F3216}" = dir=in | app=e:\setup\hpznui01.exe |

"{4D625FAE-F9A4-48DD-973F-F8EFE43C773A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{53FD6A9C-E530-43DB-ADC1-87CFFF368032}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{54FC2954-06D9-4991-8B00-464DD2553C9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{5B5CD7A4-1DC0-45E4-937E-4C536A58ECF7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{5B7C02BA-5B11-4C6C-B18F-61806B541D4A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{62A19B2E-561E-40B0-B321-8348749B761A}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |

"{68B88D0E-0818-4B02-8D82-EA2EAB6FE8D7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{6FA6E974-7AE5-473D-952D-506FE1AFFD7C}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for psp 2.0\mediamanager.exe |

"{70370DFD-26C3-4A18-99E4-5820DDA5E9B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |

"{753FD222-1227-455C-B139-8FD5E07041C5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |

"{76D01BA8-D64F-42A1-9DDA-FF75200BBE9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{7C860724-5462-428B-9BF7-19053A0C1A7A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{8A1F88F3-3E96-4C89-97CB-3B39DBF8E6F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8BBD515F-13D2-4A8D-9381-8443A92DE854}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{93B5103F-EE46-428D-97D9-CB1C47D70844}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |

"{99DDE0DD-B61B-44C2-B8F0-23328F1D58D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9CB37470-79AE-49BF-9302-FEFD917542A1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9F5609BE-5E18-4B3F-B7F8-E2A4AA96AE23}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |

"{A7D4B4A3-E634-4413-83D9-37F249F71D98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AD7E77D7-F0E3-4ACE-92B9-2A0ECBA31029}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |

"{B12F70FC-6199-4ECA-87EC-D4D5835E5D90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |

"{B2CD0FFC-1ACA-4AFE-8F20-17F82FEB942A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{B30E8017-C522-4C9B-B322-80B0E955318E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B6D73793-5FE5-4B94-9697-913AD887D53C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{B6EFBC5F-56B8-49B7-8971-BDDC9FED5008}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{B756589B-E26A-4BBD-B626-D687D659F0B4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{B8B9185C-678E-414D-9A59-6F46F51ADC76}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{BA2EC656-085C-41FB-8962-85BE4689A503}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |

"{BBF4C6CF-6B83-491A-BA74-F9254C007C11}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{BF6EA69B-1FD5-408A-A69D-5FD2D3011067}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{C1B63675-56D1-4897-8DC8-EA7A8B97A273}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{C2EB7FF9-330E-46DC-A2BE-7EDEB828D6B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"{C38BFF20-D5D7-4377-9B16-8D8D81BEF82C}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{C556A422-8074-427B-8217-B4C62C224D14}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{C6C3AA12-2A25-41D5-AFBA-4F2DEA86E97B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |

"{C72526D3-78E8-46E3-97CB-ED7D1F05342B}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{C9D77EA2-468A-4BE2-98C2-C4B8C60B5244}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |

"{CA525110-5119-4F52-8BEC-EFF801CE496D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{D78151A2-06D1-44D5-9B4B-89DC1140F37C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{DB396B5C-F8A7-4E12-9AB5-BD93208CAD3F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{DC3DF33C-B7AB-4FCE-97C4-A69F38B85496}" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |

"{E4D8478F-2F41-41AD-8F01-95E5D89AB571}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{E5EE5101-E0A7-4378-971D-D576A446509B}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for psp 2.0\mediamanager.exe |

"{E6DE65CF-B20F-4839-BB95-F6837BEE2648}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{EA69E1CA-00CD-49B5-8408-CC5C5B20D8EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{EA99BA05-E957-48B0-9BFD-C442DFFF276B}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |

"{EE3AAD8A-0021-4FFC-95B1-4DBC34BEF130}" = protocol=6 | dir=out | app=system |

"{F13F996C-AB20-419B-A7C6-FBF3AFB368F4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{F3113E82-6FCF-473B-8321-A32B40718156}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F375AD15-112E-4263-8B24-63225D493E22}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{F4C3AA5A-9EF5-4DDE-8BDD-E1D486795852}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{F57F9F9A-98FA-4E92-AC34-B08E61473985}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{F604D9B0-9407-4863-8AC0-93DC729E52F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FE9A22B1-6DDB-4A4C-8496-385C33141CC7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"TCP Query User{01014BF2-78DE-4176-A26D-908D886523A8}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |

"TCP Query User{05D0E36F-5D04-4125-81E0-A19EDBCAB039}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |

"TCP Query User{07D5DEBB-B185-4B9E-AD07-473DBF70853E}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\4pcz9qa5\wotlk-beta-3.0.1-enus-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\4pcz9qa5\wotlk-beta-3.0.1-enus-downloader[1].exe |

"TCP Query User{099CAFC4-C32E-4898-88D4-2D75D72BAED6}C:\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-1.12.0-enus-downloader.exe |

"TCP Query User{0AC3D521-089C-43B1-9DF2-0ECF64DA061B}C:\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe |

"TCP Query User{0D051479-43FF-486B-B1D4-9F3BA2503852}C:\program files\winamp remote\bin\orb.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"TCP Query User{10309B45-3C7A-405A-8E00-2FFBD6DE2FE7}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |

"TCP Query User{1C036EE2-2C14-4699-960C-2691FA8BB802}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |

"TCP Query User{1E89C443-85BB-4E54-9BB7-03DB33B15ED4}C:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

"TCP Query User{1F3F6322-4A86-46B3-A132-360A52A7FBBB}C:\world of warcraft\wowtest\wow-0.3.0.7501-to-0.3.0.7521-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wowtest\wow-0.3.0.7501-to-0.3.0.7521-enus-downloader.exe |

"TCP Query User{25636305-8CAA-41C3-AF6D-62551FDA3CF0}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |

"TCP Query User{2625D8CC-5031-4A4D-94EF-1FFC19C05F3E}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |

"TCP Query User{385A0C5B-AC29-4064-BE14-95422BEA5267}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\hhwza64z\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[2].exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\hhwza64z\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[2].exe |

"TCP Query User{47C1C2A4-3D0C-407D-B4A5-FC5428F917D7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{4F949302-76B9-4A16-A389-DAD60AA45AB2}C:\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe |

"TCP Query User{52A61C1D-4992-4D6B-83BF-87991516B3AA}C:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |

"TCP Query User{616A3733-2EED-4524-BD62-8FEC8985DAED}C:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe" = protocol=6 | dir=in | app=c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe |

"TCP Query User{64B0D133-4804-4384-A46F-49CA013281B9}C:\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe |

"TCP Query User{6E99A693-7B31-4C5A-899D-64E1033AFE5F}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"TCP Query User{744483DC-EC69-43B9-823C-BC107F1F83B4}C:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |

"TCP Query User{7654E477-4C9D-415E-9337-969A059D6814}C:\world of warcraft\wowtest\wow-0.3.0.7521-to-0.3.0.7543-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wowtest\wow-0.3.0.7521-to-0.3.0.7543-enus-downloader.exe |

"TCP Query User{7D6F8D04-5DD3-4211-AD62-367933B99524}D:\rips\slsknet_org\soulseek\slsk.exe" = protocol=6 | dir=in | app=d:\rips\slsknet_org\soulseek\slsk.exe |

"TCP Query User{83BD6391-794D-4E2A-B4DC-4F33D8EE9A15}C:\world of warcraft\wowtest\wow-0.3.0.7485-to-0.3.0.7501-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wowtest\wow-0.3.0.7485-to-0.3.0.7501-enus-downloader.exe |

"TCP Query User{83C0BA89-CFE4-4A37-94E7-6CFE6A375434}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{8FE77BF4-371A-4473-A4FE-61F5A0C26275}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe |

"TCP Query User{91325684-A6DD-4E4D-BEC7-67E3FB64BFA4}C:\users\sean\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\sean\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe |

"TCP Query User{940C4C05-2EA8-485B-9855-36426AA15A7F}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\655d36hx\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\655d36hx\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe |

"TCP Query User{A25541F7-79BD-4CB9-B5D6-F50FB4DA0F66}C:\users\sean\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{AA9F170B-F106-4D6B-816E-F8016B45F2AB}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |

"TCP Query User{AB3E6390-C54F-4B60-AC2D-5706343770EB}C:\world of warcraft\wowtest\wow-0.3.0.7468-to-0.3.0.7485-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wowtest\wow-0.3.0.7468-to-0.3.0.7485-enus-downloader.exe |

"TCP Query User{B246D78F-CC68-498B-B60F-60C6649CAADA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{B3082E4E-C10C-4DE1-B29D-6A7F9562C4E1}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\2kv85wjf\wrath_of_the_lich_king_en.avi-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\2kv85wjf\wrath_of_the_lich_king_en.avi-downloader[1].exe |

"TCP Query User{B4066CF7-C529-401A-B23B-344A252A3DF5}C:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe |

"TCP Query User{B6687B09-E3DA-4255-94C4-849ED44761CC}C:\world of warcraft\wowtest\wow-0.3.0.7441-to-0.3.0.7468-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wowtest\wow-0.3.0.7441-to-0.3.0.7468-enus-downloader.exe |

"TCP Query User{BA987E33-6C99-49D0-9EDD-0DEA6FD815EA}C:\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |

"TCP Query User{BE458D59-A112-4AED-9432-C8F7A368227F}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |

"TCP Query User{BFABF6B4-F8DD-4362-95C9-A1EB2F7E5F46}C:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe |

"TCP Query User{C158DC80-A45A-484C-8EEA-070CBBAD5A1E}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\655d36hx\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[2].exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\655d36hx\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[2].exe |

"TCP Query User{C3875768-42E5-41C6-AE1B-BEB47E7B2319}C:\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-enus-downloader.exe |

"TCP Query User{C87CFF88-F1F7-4956-9D4B-CD2DFFFEF952}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\hhwza64z\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\hhwza64z\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe |

"TCP Query User{CAC49678-B238-4460-ADD4-6A09D72E7E7E}C:\users\sean\appdata\local\temp\blizzard launcher temporary - 0c5a0d80\launcher.exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\temp\blizzard launcher temporary - 0c5a0d80\launcher.exe |

"TCP Query User{CD689621-57DC-4B93-B114-33BB9F2732FD}C:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |

"TCP Query User{D14A4EBB-C8BC-4350-9579-90CF4D46DF4D}C:\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe |

"TCP Query User{D24AE1E0-051F-484D-88E4-56A4772D4AD6}C:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |

"TCP Query User{D5A56FDA-BCB8-43A9-9563-5CD444B3B33D}C:\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe |

"TCP Query User{D8DC8887-EF1C-4397-8022-159C227FEB21}C:\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\world of warcraft\repair.exe |

"TCP Query User{DE29DC60-E303-4C0A-A25B-CC75DF4EB468}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\4krfubgd\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\4krfubgd\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader[1].exe |

"TCP Query User{DE8140F4-1A21-4BC7-9FA0-EB3AC50F01EF}C:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe |

"TCP Query User{E0593428-0C04-488C-871C-821663F4A722}C:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |

"TCP Query User{E517C976-A6F8-4803-9098-81149E9FB4E0}C:\users\sean\appdata\local\temp\blizzard launcher temporary - 6cd186e8\launcher.exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\temp\blizzard launcher temporary - 6cd186e8\launcher.exe |

"TCP Query User{EFE84735-48F4-470E-97DD-A67840D5FD48}C:\program files\winamp remote\bin\orbir.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"TCP Query User{F7C1DD29-1F30-4CA9-BC4A-709E66F6CCC6}C:\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe |

"TCP Query User{FEECB93F-196A-4C51-B47C-246ADF9F0017}C:\world of warcraft\wow-2.0.3-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.0.3-enus-downloader.exe |

"UDP Query User{0021984C-EC88-43FA-9E34-04102705B517}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |

"UDP Query User{01C2434B-309D-450C-A767-6137E34A299B}C:\program files\winamp remote\bin\orb.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"UDP Query User{09207BAF-CDBF-48DC-810D-6E41038F16A4}C:\world of warcraft\wowtest\wow-0.3.0.7521-to-0.3.0.7543-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wowtest\wow-0.3.0.7521-to-0.3.0.7543-enus-downloader.exe |

"UDP Query User{0FEDBE95-18E6-4FE3-81DB-8B61BB62D232}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe |

"UDP Query User{12869FD0-80E9-4967-B684-B2E3017F4DDC}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"UDP Query User{1643A608-7C6A-44E0-AD21-9DD73940AA38}D:\rips\slsknet_org\soulseek\slsk.exe" = protocol=17 | dir=in | app=d:\rips\slsknet_org\soulseek\slsk.exe |

"UDP Query User{19B92C04-753E-4209-86A6-3873798BA95F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{1CDCD7D1-157A-49AD-9BD0-784C60CD33F8}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |

"UDP Query User{1CF6E562-53A3-451D-B28B-2D72C56E93CD}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\hhwza64z\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[2].exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\hhwza64z\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[2].exe |

"UDP Query User{2303130E-4FBD-4CE8-AD6B-3C21FBE3E4F2}C:\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe |

"UDP Query User{2C81B1D0-28FE-4B13-8B23-D4EF657723A9}C:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |

"UDP Query User{2ECB45BF-E3B6-4906-8151-1D977AC6AB9D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{2F64BC35-6524-4EC8-AC1C-3967E48A2F0A}C:\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |

"UDP Query User{2FF3923D-95BE-44A3-82D4-DF0F424E5EBA}C:\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\world of warcraft\repair.exe |

"UDP Query User{3BC45ED9-5733-4816-ACED-62910BCC61BE}C:\world of warcraft\wowtest\wow-0.3.0.7485-to-0.3.0.7501-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wowtest\wow-0.3.0.7485-to-0.3.0.7501-enus-downloader.exe |

"UDP Query User{3DA3ACD6-8E5A-491F-8C92-5B0A4284F824}C:\users\sean\appdata\local\temp\blizzard launcher temporary - 0c5a0d80\launcher.exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\temp\blizzard launcher temporary - 0c5a0d80\launcher.exe |

"UDP Query User{4066C1C6-54B9-43D3-A32A-6FE7E1EA89A0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

"UDP Query User{4CE2527D-2BD7-472A-AE2D-683521B0BC32}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\4pcz9qa5\wotlk-beta-3.0.1-enus-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\4pcz9qa5\wotlk-beta-3.0.1-enus-downloader[1].exe |

"UDP Query User{4FAAD1F6-6321-4927-BC1C-CACF439B1122}C:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |

"UDP Query User{50426CFB-1CAE-4BE5-B96D-1AC3997615C4}C:\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-1.12.0-enus-downloader.exe |

"UDP Query User{577D5E2B-F61D-4900-B6BA-793983493C76}C:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |

"UDP Query User{5FA4AB85-8BE0-4DAD-853A-11EC3B8667D1}C:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

"UDP Query User{616F19C5-420A-4034-BEC5-A115113319FD}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\655d36hx\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[2].exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\655d36hx\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[2].exe |

"UDP Query User{640952A5-D82E-4558-9269-182B6C0DCDCC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

"UDP Query User{6E81FFC4-3B01-4D22-8E18-E32E8CC3AA75}C:\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe |

"UDP Query User{73E6A905-0E7B-49FB-A5FE-DCCF16DAC611}C:\users\sean\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\sean\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe |

"UDP Query User{7A1608EC-5246-4CC4-9156-CBE8AC6DEC19}C:\users\sean\appdata\local\temp\blizzard launcher temporary - 6cd186e8\launcher.exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\temp\blizzard launcher temporary - 6cd186e8\launcher.exe |

"UDP Query User{7AA570E0-3B57-4ED7-9D70-14E0CA6D3E06}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\655d36hx\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\655d36hx\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe |

"UDP Query User{7B1EDC14-4087-4F7A-8EE9-ED4BDB5E62FB}C:\program files\winamp remote\bin\orbir.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"UDP Query User{86CE5A68-AF94-4198-8B04-42EE1A4DEF4B}C:\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe |

"UDP Query User{8754CAA6-932A-41D3-B89B-E94696D96A8E}C:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe |

"UDP Query User{8B6E0B27-2204-4395-9800-5EFE9C76ABCD}C:\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe |

"UDP Query User{8F59472B-8B37-4BF4-ADE6-0F51A5F6FF19}C:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |

"UDP Query User{90589D56-FFCB-4EAB-976D-D2C3CCAD7C13}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |

"UDP Query User{9344BC15-DFF6-4F90-B369-C74990B735DF}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\hhwza64z\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\hhwza64z\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe |

"UDP Query User{94FBD726-24F3-41E4-B2C9-A27D8C57C64F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{9B79B705-39BD-47F9-AE69-D95C76FFAB2A}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |

"UDP Query User{A162C3EA-D7B5-437E-987C-817114457CE7}C:\world of warcraft\wow-2.0.3-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.0.3-enus-downloader.exe |

"UDP Query User{ABAFE034-A1A4-45C1-85D5-1DC83CD4E5AE}C:\users\sean\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{AE5F2C2A-8D7D-4E6A-A673-F177610D3C1A}C:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |

"UDP Query User{B63A2106-C382-4899-A7EA-53194896FA76}C:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe |

"UDP Query User{BB40B378-DABF-4640-BF7A-6E0735291FBB}C:\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-enus-downloader.exe |

"UDP Query User{BC8CC59D-35FE-4FE5-AFFB-B2A619195094}C:\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe |

"UDP Query User{BCD35A4C-7F7F-4B27-859C-A9F2C4E4AB9C}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\2kv85wjf\wrath_of_the_lich_king_en.avi-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\2kv85wjf\wrath_of_the_lich_king_en.avi-downloader[1].exe |

"UDP Query User{C6174721-8841-420C-BCF0-AFA77DCC2D81}C:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\4krfubgd\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\microsoft\windows\temporary internet files\content.ie5\4krfubgd\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader[1].exe |

"UDP Query User{D2805C94-9374-4A12-A743-FA5D40008D67}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |

"UDP Query User{D98A8B0A-4867-4BA9-A926-3D4FAC459918}C:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe" = protocol=17 | dir=in | app=c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe |

"UDP Query User{DA6FB8F3-C8B0-4C69-9F61-4825A4D68F25}C:\world of warcraft\wowtest\wow-0.3.0.7501-to-0.3.0.7521-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wowtest\wow-0.3.0.7501-to-0.3.0.7521-enus-downloader.exe |

"UDP Query User{DE26CA34-2711-4D37-AFAA-BDBAE1607535}C:\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe |

"UDP Query User{DE34D931-F165-42D2-BB22-A50EF1906039}C:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe |

"UDP Query User{E92E8403-FD06-463A-9318-59FD74EB0496}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |

"UDP Query User{F5F6C280-FF1A-4835-9C96-60F8BB4D4B4F}C:\world of warcraft\wowtest\wow-0.3.0.7441-to-0.3.0.7468-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wowtest\wow-0.3.0.7441-to-0.3.0.7468-enus-downloader.exe |

"UDP Query User{F9B4E45D-346D-4974-BE76-8F05A956F15D}C:\world of warcraft\wowtest\wow-0.3.0.7468-to-0.3.0.7485-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wowtest\wow-0.3.0.7468-to-0.3.0.7485-enus-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)

"{05861C9A-98C0-4A8F-9A36-EB2F7E0FA2D1}" = Sony Media Manager for PSP 2.0

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 20

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00

"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{7B63B2922B174135AFC0E1377DD81EC2}" =

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8214CC02-6271-4DC8-B8DD-779933450264}" = VERITAS RecordNow

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110206700}" = Bejeweled

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3

"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"AC3Filter" = AC3Filter (remove only)

"AC3Filter_is1" = AC3Filter 1.63b

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"avast!" = avast! Antivirus

"Avi2Dvd" = Avi2Dvd 0.6.1

"AviSynth" = AviSynth 2.5

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Flick_is1" = DVD Flick 1.3.0.7

"DVD Shrink_is1" = DVD Shrink 3.2

"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)

"DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)

"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint

"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!

"esClient" = Echospin Delivery Wizard

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]

"HaaliMkx" = Haali Media Splitter

"Halo 2" = Halo 2 for Windows Vista

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"ImgBurn" = ImgBurn

"iPod To Computer Transfer_is1" = iPod To Computer Transfer 5.6

"jPodder" = jPodder 1.0

"Magic M4A to MP3 Converter_is1" = Magic M4A to MP3 Converter 3.1

"MakeMKV" = MakeMKV v1.4.8_beta

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)

"MySpaceIM" = MySpaceIM

"MySpaceToolbar" = MySpace Toolbar

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"Orb" = Winamp Remote

"Secunia PSI" = Secunia PSI

"Shop for HP Supplies" = Shop for HP Supplies

"Soulseek2" = SoulSeek 157 NS 13e

"Stone Jong" = Stone Jong (remove only)

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Vidomi" = Vidomi (remove only)

"VLC media player" = VLC media player 1.1.0

"Winamp" = Winamp

"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"World of Warcraft" = World of Warcraft

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

"Google Chrome" = Google Chrome

"Winamp Detect" = Winamp Application Detect

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 6/30/2010 2:00:05 AM | Computer Name = Sean-PC | Source = avast! | ID = 33554522