Hi Cypher. I have followed all of your instructions. Here are the logs you have requested:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliesp4\queencracker.pz2
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliesp4\queencracker.rsr
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliesp5p6\queencracker.pz2
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliesp5p6\queencracker.rsr
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliespp\queencracker.pz2
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliespp\queencracker.rsr
c:\program files\curious labs\poser 6\runtime\libraries\pose\spywear mat files\bob - firecracker.pz2
c:\program files\curious labs\poser 6\runtime\libraries\pose\spywear mat files\bob - firecracker.rsr
scanner sequence 3.DD.11.DXAPEQ
----- EOF -----
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
http://www.malwarebytes.orgDatabase version: v2012.05.08.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Athena :: ATHENA-PC [administrator]
Protection: Enabled
5/8/2012 9:12:32 AM
mbam-log-2012-05-08 (09-12-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255520
Time elapsed: 34 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 11
HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790571B47655513EA998 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790571B2765A5B30AB96 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\$RECYCLE.BIN\S-1-5-21-4292145869-839141467-1624706230-1000\$RDIG9OL.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-4292145869-839141467-1624706230-1000\$RDLS8XS.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
(end)
OTL logfile created on: 5/8/2012 10:05:38 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Athena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.93 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 47.72% Memory free
4.10 Gb Paging File | 2.92 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 11.77 Gb Free Space | 16.91% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 6.30 Gb Free Space | 9.04% Space Free | Partition Type: NTFS
Computer Name: ATHENA-PC | User Name: Athena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/05/08 10:04:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
PRC - [2012/04/28 03:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/22 13:33:22 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/02 23:08:25 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/07 10:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 00:58:44 | 000,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/06/11 19:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/15 02:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
========== Modules (No Company Name) ========== MOD - [2012/04/28 03:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/28 03:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 03:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 03:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 03:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/10/12 03:39:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/12 03:39:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 03:36:33 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 03:36:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 03:35:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 03:34:07 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/05/03 01:59:51 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/06/11 19:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008/05/15 02:05:10 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008/04/30 10:56:54 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/04/30 10:56:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008/04/30 10:56:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (wlidsvc)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/07 10:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/06 10:30:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/12/12 00:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\vfilter.sys -- (vflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/05/08 10:01:13 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D132E251-F89F-49FC-8B4D-BC0FE177AA07}\MpKsl5125c685.sys -- (MpKsl5125c685)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/01 23:18:28 | 000,023,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2011/08/19 16:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/07 10:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2009/10/07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/03/30 12:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/21 18:38:32 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2009/01/13 17:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/18 20:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 16:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/09/22 20:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/02 21:38:48 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2004/09/29 21:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" =
http://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" =
http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" =
http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes,DefaultScope = {0DE7E63F-9B26-48AE-9CE9-64F921EEF81A}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0DE7E63F-9B26-48AE-9CE9-64F921EEF81A}: "URL" =
http://start.funmoods.com/results.php?f=4&a=bf&q={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" =
http://search.babylon.com/?q={searchTerms}&AF=108714&babsrc=SP_ss&mntrId=240e99d100000000000000234e729955
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{3AB02F26-10C0-4977-8810-4F016257C733}: "URL" =
http://search.avg.com/route/?d=$instd$& ... =chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" =
http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=5091cce4-295f-419f-83e1-8693d92eff8e&query={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" =
http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{AB19A308-BCB6-4A7E-A78C-A3FF41782F8B}: "URL" =
http://uk.search.yahoo.com/search?fr=ch ... =685749&p={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{ec9658c7-78c3-431f-be24-6fa2ad5bb935}: "URL" =
http://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Athena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/23 18:32:55 | 000,000,000 | ---D | M]
[2011/02/20 19:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Athena\AppData\Roaming\Mozilla\Extensions
[2010/10/19 19:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Athena\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012/02/26 21:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Athena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Time spend on Facebook = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdiihnkhjaiokcaeiecemajlohbhefo\0.21_0\
CHR - Extension: Google Search = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.16_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/04/20 14:17:05 | 000,442,659 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 edgefcs.net
O1 - Hosts: 127.0.0.1 cp72511.edgefcs.net
O1 - Hosts: 127.0.0.1
http://www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
http://www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
http://www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
http://www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
http://www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1
http://www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1
http://www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
http://www.100888290cs.comO1 - Hosts: 127.0.0.1
http://www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1
http://www.10sek.comO1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 15211 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000..\Run: [Facebook Update] C:\Users\Athena\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Athena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B06F0BBE-A709-487A-A02F-BB25C5863F9F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Athena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Athena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2012/05/08 10:04:26 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
[2012/05/08 09:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/08 09:10:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/08 09:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/08 09:09:05 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Athena\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/08 07:05:52 | 000,000,000 | ---D | C] -- C:\Users\Athena\Desktop\PDF content
[2012/05/06 11:18:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Athena\Desktop\dds.com
[2012/05/05 17:43:08 | 000,000,000 | ---D | C] -- C:\Users\Athena\AppData\Local\Facebook
[2012/05/05 17:42:54 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Athena\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2012/04/30 21:25:26 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/30 21:25:26 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/30 21:24:47 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/04/30 21:24:18 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/05/08 10:05:22 | 000,716,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/08 10:05:22 | 000,148,618 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/08 10:04:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
[2012/05/08 10:01:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/05/08 10:01:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 10:00:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 10:00:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 10:00:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/08 10:00:38 | 2070,831,104 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/08 09:38:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 09:10:35 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 09:09:33 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Athena\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/08 09:02:28 | 000,458,240 | ---- | M] () -- C:\Users\Athena\Desktop\CKScanner.exe
[2012/05/08 08:51:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000UA.job
[2012/05/07 17:51:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000Core.job
[2012/05/06 11:18:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Athena\Desktop\dds.com
[2012/05/06 00:34:23 | 000,001,356 | ---- | M] () -- C:\Users\Athena\AppData\Local\d3d9caps.dat
[2012/05/05 18:23:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/05/05 17:42:46 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Athena\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2012/05/03 09:05:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/04/30 21:25:26 | 003,602,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/30 21:25:26 | 003,550,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/30 21:24:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/04/20 14:17:05 | 000,442,659 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/13 19:42:59 | 000,442,659 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120420-141704.backup
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/05/08 09:10:35 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 09:02:32 | 000,458,240 | ---- | C] () -- C:\Users\Athena\Desktop\CKScanner.exe
[2012/05/06 00:46:30 | 2070,831,104 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/05 17:43:12 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000UA.job
[2012/05/05 17:43:10 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000Core.job
[2012/03/23 19:27:53 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/23 19:27:53 | 000,106,184 | ---- | C] () -- C:\Windows\unins000.dat
[2012/01/01 02:34:42 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2011/12/30 16:35:20 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011/12/07 19:42:04 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/09/19 10:21:23 | 000,296,135 | ---- | C] () -- C:\Users\Athena\AppData\Local\census.cache
[2011/09/19 10:20:57 | 000,213,728 | ---- | C] () -- C:\Users\Athena\AppData\Local\ars.cache
[2011/09/19 10:11:55 | 000,000,036 | ---- | C] () -- C:\Users\Athena\AppData\Local\housecall.guid.cache
[2011/09/18 02:22:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/08/10 05:49:56 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/08/26 04:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/26 04:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/26 04:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/26 03:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/26 03:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/26 03:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/26 03:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
========== Files - Unicode (All) ==========[2011/06/11 21:39:13 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\䥀Ї
[2011/06/11 21:39:13 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\䥀Ї
[2011/06/06 13:44:02 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\馀˹
[2011/06/06 13:44:02 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\馀˹
[2011/06/05 10:27:23 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\瀘т
[2011/06/05 10:27:23 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\瀘т
========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EC2246A6
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:325064EA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:2B99FE60
< End of report >
OTL Extras logfile created on: 5/8/2012 10:05:38 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Athena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.93 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 47.72% Memory free
4.10 Gb Paging File | 2.92 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 11.77 Gb Free Space | 16.91% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 6.30 Gb Free Space | 9.04% Space Free | Partition Type: NTFS
Computer Name: ATHENA-PC | User Name: Athena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4292145869-839141467-1624706230-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0689654D-DDAA-4DEE-B39F-43723D2A61D0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{15B65947-41F1-4AB6-80F9-D001E9823981}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37F7DB1C-97B3-414E-AB7A-F094E68F4A62}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{45E4DC25-D77A-4FF5-844B-B4BE31FD532E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B900881-13A1-4396-875B-DAAC867CDCEC}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6BB55909-A1B9-4DAD-B37F-25B704E0232B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8BF6293B-E7D9-4A18-AE85-23AC80BAF1C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DD69651-2ADA-4905-BB89-DC9DDE9E9493}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F3FFCC2-BD70-48AD-B6E1-A2C2870F7CC2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{A24E0BE6-B6DF-4C02-BE22-44DE5518F91F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8B855A8-13CA-452C-B639-94E163B7B559}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF41525C-A160-4DB6-9506-C2EE9124D105}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DBA25A86-DB51-4421-BFFD-41D2B9185C5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0839668C-E726-4A4D-BA26-CB3F61E42AB9}" = protocol=6 | dir=in | app=c:\users\athena\appdata\roaming\dropbox\bin\dropbox.exe |
"{09CEAC2F-0180-4452-86E6-031923DB4221}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{0B32FFD9-0220-4D5A-9988-5D12D686BB61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B538B91-DA99-4709-B4D4-0B6AC6ADA895}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0DE249EC-E92C-47D8-A3EC-32997601A6CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F388B47-814E-4F3F-82B2-859760D32881}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{11D92C4D-9730-48B0-BC1F-80C05FEEF2DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13161FC7-C65A-4A09-BD88-BE62DD193480}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{18DEAD3F-50AB-46FC-AFEB-25EAFBB74826}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AF2D08A-9BE8-4943-8DFB-AC4578B8E184}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D2FBF3F-7D73-49B8-93F5-248369213DA1}" = protocol=17 | dir=in | app=f:\magicjack.exe |
"{1DC19C2B-39F0-43B1-9D7C-809A9F5D70A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F745759-7CD5-4A7E-B650-837155002EDD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{205FD617-D857-4423-807A-72B76246E583}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{256FEF41-CFFC-4894-9C9F-D2DC20A0B541}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A13695C-BA16-45C2-B862-F4BC3054373D}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{2C26314D-62F9-41B2-B9A3-1ED185B35290}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C411C84-53D6-4469-905E-392FC486B67F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E68A8BA-2A8D-413E-995F-20425EB50C6E}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{302CF5E3-5F91-4EDB-AA55-A9AB9B02AFDF}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{3232618E-20BB-4467-9926-553334CE2CB9}" = dir=in | app=c:\users\athena\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{34CE2ECE-0455-4F90-B6CD-2AD626B18446}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{381ECEC6-BE8F-4526-8CE5-00AE0ADAA038}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3A739DA8-A7F1-4163-B021-9D45959E7E7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ADDA58A-166D-45ED-B2E0-7BD98396E007}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3D24F9F9-E850-46C9-9406-B7419431426C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4291CB2B-AF9F-454F-B621-F3F910AD01E0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{500173A5-3983-4AEA-8871-1804A445B43B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5014C171-919D-476D-BE17-E716460C41B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5219AD82-4535-45B0-BA3D-7B39D1BBF104}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53DB035E-4A44-493F-8061-8DB808CC1802}" = protocol=6 | dir=out | app=system |
"{55E5AC1D-E66C-4A6D-AB6E-40A1926AA6D5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{566E13E7-A6C5-4876-A9D7-1E414830894E}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{58539EBA-1BA6-48D4-B87B-2CF7A71E4E05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A5982D6-62B8-4DD4-AB0A-7BA934DF4E9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B94FB7E-4F9E-4B8F-BE1F-9FE57EAFC1EE}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5C974394-7D55-414A-9CF6-BB3E379EC1B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E4789D0-3C40-4818-BF93-FAE11A634B25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E8D11AE-D8BC-4D82-9F96-F6159375705B}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{616270DB-2373-4C63-A0A6-0FB8892FBFF5}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{6286BDA6-F74F-446C-B2C2-023EE460AD09}" = protocol=6 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{63487A8A-6807-4F44-AFA6-53BF899E1F88}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{63D83010-C40B-47E6-B860-6E591D54CA6A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{64058BFC-EE9F-41CC-9BFB-397BBB1AF233}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6433445D-98DD-4CA5-9517-01F8A0B648CB}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{6486CFE6-C58B-47CE-8D87-C584A31EA27F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{662B402E-BFF3-470A-BF95-AF910E77C158}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{685C3898-7B1B-4D30-A65B-9D5B8516AEA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6861641A-64CB-4909-AE1B-9742975388BF}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{69DD78C0-E592-4AA5-9950-3E3D52ABEC3A}" = protocol=17 | dir=in | app=c:\users\athena\desktop\sweetimsetup.exe |
"{70EE5B4E-6EFD-4555-B913-48073B49346E}" = protocol=6 | dir=in | app=c:\users\athena\desktop\sweetimsetup.exe |
"{729D14B7-8B0D-4AC7-B43E-3C6C98FE6777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7339B7F7-96CB-4964-AB93-F2F957B2CEF2}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{74AE6906-EA9F-4EA3-85E7-5F806969D7BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{782B1532-616A-4555-933B-0D7A609CB435}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{78B61112-F0F1-4716-8B3D-D39BCFD66091}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B842830-0EE0-4AFF-9B64-ABDF3DB9D6A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C25EB82-4050-4259-A688-9E728E4EF952}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{820A18B6-CEA2-4CB3-9911-40A0C1A1D0D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83E662E8-092F-4E1B-94CC-12B3A92B16FF}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{84D1126F-EE74-481C-87F5-8F2D2F239833}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{87837E6E-366D-4D90-8F1D-298A5B723E6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8808E388-B436-4EDE-8E9A-53A680F8850D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{887F4DB3-68C1-44F8-A341-8962C08BBFA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88B5539A-01C4-4F8B-A6BC-738189C446CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8968B6E6-FAAC-47BE-83B5-B4E19C59D75F}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{8DED9F45-E51E-4D18-A83C-190D9583A9EC}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{8FE1C24D-F295-4AED-ABB6-C79080CA4BBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{949255BE-270C-4B55-8A47-CA66A348AF80}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{9BDB4ABC-97DA-41CC-B3EF-9939CAD86612}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BDC4922-9AC1-4B07-A353-00FAB42E4170}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9D6E20A9-10F6-42A4-8403-1BC31B77B241}" = protocol=17 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{9D98E990-C19D-4F98-98A9-1CBED704874E}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydl.exe |
"{9E8D99DC-1C1E-4C14-BF5D-D7CB03768709}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{9FD76A0D-C898-49D6-BC6C-2550491DC450}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A393DB73-51AF-4804-B6ED-9AC47F71A4C9}" = protocol=6 | dir=in | app=f:\magicjack.exe |
"{A3B7047C-88BB-4C46-8635-B513FC56191A}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{A4A230D8-3309-46A5-9896-1A2A466106F6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A556C65E-6F2A-4AFB-9862-C3BE1E090FCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A72FCB45-216E-45B3-999C-851963CF526A}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{AA84B0FC-1E52-46D2-9CFC-B77E09017365}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{B02BA571-E623-47F6-ACC9-7FEF4C26ACF6}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{B69029B2-A597-45F7-975A-81A2BCD32939}" = protocol=6 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{B793D141-BE4F-4531-84D1-8CD08735EC5D}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{BA5EEAC4-BBD4-4655-BAE8-94F3EE16812F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{BADE10F0-D2D9-4451-9C10-4EE9D7429246}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydownloads.exe |
"{C0E11B1E-5BAA-4643-AA01-B995F8D8B6F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1426FB8-1465-43CE-8701-D442BD713804}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1DD3982-4297-4CF1-A531-D5689BBE943D}" = protocol=17 | dir=in | app=c:\users\athena\appdata\roaming\dropbox\bin\dropbox.exe |
"{C2679D44-8051-4A03-83AE-55AA0C1D9BE9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5B1BBB9-0312-4A19-9E8B-92B5F1C2E443}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C91578BC-5964-4F67-833C-A067298FAD53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C974A6FA-59C6-424B-9E4C-65802BE18D65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA489281-0370-453B-8014-8147A3D7EDF4}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{CBFCEE09-B268-40D0-9B98-8253B9881C48}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{CD16783D-9DF9-470E-8A88-FA0FECD133B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE3F0F08-F5EB-46F6-AF6D-63F7D76D8B75}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydownloads.exe |
"{CEBBE1AF-A9AC-488D-8919-1A08F589750C}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydl.exe |
"{D9A994B7-D83E-4DD2-9477-DEA90E16B606}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{DAB536E2-8738-4BDA-822A-6ABB08839AC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB1B6BF0-FB23-4ED2-888D-C6782D89782E}" = protocol=17 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{DBFFFFC7-FD07-4718-99F8-6200842F3AE6}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{DD5230C0-20C5-421B-80A9-A00D3A14482A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF6C8874-08D1-454E-B74A-7B150B6E2900}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0A69F3F-BD3D-4956-AACF-A71769EEC3C7}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{E2E5E4DD-C44D-42DD-96B5-4ECE172438B1}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E4C2FD8A-3EE3-4E31-B28F-6A89F796C628}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E68A7CEC-28BC-42DB-B3BE-172902CE0B87}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{E87B19EB-142D-43AC-A0B5-91093090286C}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{E96A8F53-9ECF-4F07-849C-9D400BAD9C3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF145C90-9629-425D-99E5-7C5820E365BE}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F04523A0-0A1A-49BA-82DB-E53B5E74E384}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F17B8894-4B83-4DED-88C3-760FE526505B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F3F822F8-FDC1-416E-9A67-60DBAD656703}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F49D54F5-3671-486E-9066-7EDB53DB57D7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F60402A0-E74A-4084-8C77-C452FDC16112}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F87084DD-4514-4A46-A74B-8D85DB397BFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9A5A12E-71EB-41A5-A218-EA33AF1526CE}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{F9C2557B-2A2A-489E-AD90-DF4790557E78}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FD5308F5-6852-4BBF-9959-59EA78EAEE37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17DD30CE-F0AF-4E46-97EE-DEDD59BD6FA0}" = MAGIX Music Maker MX Premium Download Version (Instrument package 1)
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{216107C4-4993-43F3-AA7A-D0508878C102}" = Canon DV TWAIN Driver
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25A3AFB2-BED8-477E-95C0-28ECDEE1D630}" = MAGIX Music Maker MX Premium Download Version (Instrument package 2)
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A61ACAF-29F5-4939-88DE-E2EF0647A4E7}" = MAGIX Music Maker MX Premium Download Version (Instrument package 3)
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{520C2939-555B-40BF-A91B-8B671AB560EB}" = Easy Burner
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5C19F599-20AD-4A27-8EB4-1B7121D4F603}" = MAGIX Music Maker MX Premium Download Version (Sound package)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729E66B3-1B80-4A3F-8D19-342A89631E0A}_is1" = Wav to Mp3 Converter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E890D16-5CB9-4F18-BAA1-CCD0A543CAE5}" = MAGIX Music Maker MX Premium Download Version
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994359E8-D614-4CC6-84DB-415C27D2BA12}" = MAGIX Screenshare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1F94695-C59F-4BF1-A9C5-370DCCE8364D}_is1" = X2X Free Video Audio Merger 2.0
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBCB66BD-328F-421C-96BA-8E66C7B69336}" = MAGIX Speed burnR (MSI)
"{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}" = Watchtower Library 2011 - English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AnyDVD" = AnyDVD
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Boilsoft ASF Converter_is1" = Boilsoft ASF Converter 2.68
"Bryce 5" = Bryce(R) 5
"CCleaner" = CCleaner
"Color Schemes" = Color Schemes
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX Setup
"EMCO Malware Destroyer_is1" = EMCO Malware Destroyer
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Free Audio Editor" = Free Audio Editor
"Free Convert ASF WMV to AVI MP4 3GP Converter_is1" = Free Convert ASF WMV to AVI MP4 3GP Converter 5.8
"Free FLV Converter_is1" = Free FLV Converter
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{216107C4-4993-43F3-AA7A-D0508878C102}" = Canon DV TWAIN Driver 6.3.0
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"LManager" = Launch Manager
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"MAGIX_MSI_mm18dlx" = MAGIX Music Maker MX Premium Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"OneClick Cleaner_is1" = OneClick Cleaner
"PC Tools Firewall Plus" = PC Tools Firewall Plus 5.0
"Poser 6" = Poser 6
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VoipCheapCom_is1" = VoipCheapCom
"WavePad" = WavePad Sound Editor
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 5/7/2012 3:24:58 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/7/2012 11:10:44 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/7/2012 11:10:46 AM | Computer Name = Athena-PC | Source = Windows Search Service | ID = 3038
Description =
Error - 5/7/2012 11:11:11 AM | Computer Name = Athena-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 5/7/2012 11:11:11 AM | Computer Name = Athena-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 5/7/2012 6:51:51 PM | Computer Name = Athena-PC | Source = Google Update | ID = 20
Description =
Error - 5/7/2012 9:51:29 PM | Computer Name = Athena-PC | Source = Google Update | ID = 20
Description =
Error - 5/8/2012 12:51:12 AM | Computer Name = Athena-PC | Source = Google Update | ID = 20
Description =
Error - 5/8/2012 5:01:06 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/8/2012 5:01:19 AM | Computer Name = Athena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 6/19/2011 12:34:42 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 6/28/2011 3:51:15 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 83
Description = Event Info: Exception opening connection to database. Program Guide
info not available. Data may be corrupt. Windows Media Center could not load the
Guide. Please restart the computer and try again. If the problem persists, see
Help for more information. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Database.GuideDbConnection
Error - 6/28/2011 3:51:21 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 83
Description = Event Info: Exception opening connection to database. Program Guide
info not available. Data may be corrupt. Windows Media Center could not load the
Guide. Please restart the computer and try again. If the problem persists, see
Help for more information. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Database.GuideDbConnection
Error - 6/28/2011 3:51:21 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: Unable to initialize connection to the database. Process:
DefaultDomain Object Name: Media Center Guide
Error - 7/11/2011 9:31:20 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 7/12/2011 4:17:43 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 7/16/2011 11:30:59 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 7/19/2011 8:55:05 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 7/29/2011 1:32:33 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 8/14/2011 11:32:28 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ OSession Events ]
Error - 12/16/2009 12:54:07 PM | Computer Name = Athena-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 472 seconds with 180 seconds of active time. This session ended with a crash.
Error - 2/5/2011 5:09:27 PM | Computer Name = Athena-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11/16/2011 3:29:21 PM | Computer Name = Athena-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17866
seconds with 14100 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 5/7/2012 11:11:15 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 5/7/2012 11:11:15 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 5/7/2012 11:11:15 AM | Computer Name = Athena-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842
Error - 5/7/2012 11:11:17 AM | Computer Name = Athena-PC | Source = DCOM | ID = 10005
Description =
Error - 5/7/2012 11:11:17 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 5/7/2012 11:11:17 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 5/8/2012 4:58:31 AM | Computer Name = Athena-PC | Source = DCOM | ID = 10010
Description =
Error - 5/8/2012 5:01:06 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 5/8/2012 5:01:06 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 5/8/2012 5:01:15 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
I feel very positive that the scans picked up everything. Let me know if I need to do anything more. Thanks