Thanks for helping. The symptoms started like normal ad ware. a fake virus scan popped up and said i need to run a virus scan. after that happend explorer crashed. i restarted the computer and explorer said it need to close. i've tryed to start explorer with the task manager but it keeps saying it needs to close. the only other problem i can see is chrome internet does not work. i've run avg free and mbam. OTL logfile created on: 08/20/2010 11:02:01 AM - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Ryan\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 10.68 Gb Free Space | 2.29% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RYAN1-PC Current User Name: Ryan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/08/20 11:01:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\OTL.exe PRC - [2010/08/19 15:52:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/04/30 16:47:37 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009/04/02 16:30:12 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe PRC - [2006/11/02 08:03:35 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe ========== Modules (SafeList) ========== MOD - [2010/08/20 11:01:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\OTL.exe MOD - [2008/01/20 19:51:13 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2008/01/20 19:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2008/01/20 19:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc) SRV:64bit: - [2010/03/02 21:12:12 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2008/01/20 19:51:22 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:64bit: - [2008/01/20 19:51:03 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:64bit: - [2008/01/20 19:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008/01/20 19:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/09/07 11:16:16 | 001,909,032 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen) SRV - [2010/08/19 15:52:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/11/05 22:42:19 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/04/02 16:30:12 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009/02/16 17:42:00 | 002,741,114 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2008/12/13 12:18:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/12/05 21:42:11 | 000,376,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2008/11/11 15:33:12 | 000,200,704 | ---- | M] (SoundMovieServer) [On_Demand | Stopped] -- C:\Windows\SysWOW64\snmvtsvc.exe -- (SoundMovieServer) SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp) DRV:64bit: - [2010/08/19 15:53:25 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA) DRV:64bit: - [2010/08/19 15:53:20 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64) DRV:64bit: - [2010/08/19 15:53:18 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64) DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/03/02 21:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010/03/02 21:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/03/02 20:07:32 | 000,188,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009/10/12 21:34:45 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2009/10/12 21:34:44 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/01/08 20:09:10 | 000,033,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2008/12/04 21:05:25 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2008/11/11 15:05:16 | 000,033,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio) DRV:64bit: - [2008/06/10 14:04:28 | 000,036,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64) DRV:64bit: - [2008/06/09 14:12:08 | 000,020,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr) DRV:64bit: - [2008/02/13 23:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/01/20 19:51:03 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:64bit: - [2008/01/20 19:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2007/02/16 12:12:36 | 000,012,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2007/02/16 11:30:12 | 000,014,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2007/02/15 17:11:26 | 000,012,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid) DRV:64bit: - [2006/10/31 00:25:01 | 000,014,136 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS) DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2009/01/26 15:17:09 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2009/01/26 15:17:08 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2006/10/31 00:25:01 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS) DRV - [2005/01/01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 46 B6 F9 0B 8D CA 01 [binary data] IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7 FF - prefs.js..extensions.enabledItems: {4bcdbfd0-fa26-11de-8a39-0800200c9a66}:3 FF - prefs.js..extensions.enabledItems: firedownload@mozilla.org:1.1.7 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52 FF - prefs.js..extensions.enabledItems: {1FC31306-9493-433B-8F49-5C8FCFA8A3F3}:1.9.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845 FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Ryan\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} [2010/08/19 11:59:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{1FC31306-9493-433B-8F49-5C8FCFA8A3F3}: C:\Users\Ryan\AppData\Local\{1FC31306-9493-433B-8F49-5C8FCFA8A3F3}\ [2010/08/19 11:59:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/08/19 15:52:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/10 18:11:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/10 18:11:17 | 000,000,000 | ---D | M] [2008/12/04 20:59:34 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions [2010/08/19 18:24:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions [2009/06/29 18:07:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/11/13 13:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2009/08/29 11:12:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/10/29 21:58:12 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/10/02 17:40:48 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\battlefieldheroespatcher@ea.com [2009/07/25 19:58:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\firedownload@mozilla.org [2009/09/04 08:32:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\firetorrent@radicalsoft.com [2010/08/19 18:24:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2009/01/28 20:08:04 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiCHPlugin.dll [2008/09/10 00:39:42 | 000,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll [2010/08/05 12:37:48 | 000,002,074 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml O1 HOSTS File: ([2009/01/04 20:30:06 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000..\Run: [steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files (x86)\Hamachi\hamachi.exe (LogMeIn Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll () O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5810b619-c284-11dd-a60b-00e04da13977}\Shell - "" = AutoRun O33 - MountPoints2\{5810b619-c284-11dd-a60b-00e04da13977}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found O33 - MountPoints2\{584129dc-ddc5-11dd-8050-00e04da13977}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe -- File not found O33 - MountPoints2\{f00d8c8c-c303-11dd-b906-f68d64452dcd}\Shell - "" = AutoRun O33 - MountPoints2\{f00d8c8c-c303-11dd-b906-f68d64452dcd}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/08/19 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\logs [2010/08/19 16:48:05 | 000,000,000 | -H-D | C] -- C:\$AVG [2010/08/19 15:53:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg [2010/08/19 15:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2010/08/19 15:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [2010/08/19 13:29:37 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes [2010/08/19 13:29:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/08/19 13:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/08/19 13:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/08/19 11:59:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1FC31306-9493-433B-8F49-5C8FCFA8A3F3} [2010/08/19 11:58:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\rnyesxpnk [2010/08/19 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\xlpfrloba [2010/08/19 11:57:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Windows Server [2010/08/19 11:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Update [2010/08/15 16:50:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\sc2 [2010/08/15 16:49:25 | 004,797,440 | ---- | C] (Vernam7) -- C:\Users\Ryan\Desktop\SC2ALLin1.exe [2010/08/15 16:49:25 | 002,995,712 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.Utils.v9.3.dll [2010/08/15 16:49:25 | 002,059,776 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.Data.v9.3.dll [2010/08/15 16:49:25 | 001,642,496 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.XtraEditors.v9.3.dll [2010/08/15 16:49:25 | 001,184,256 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.OfficeSkins.v9.3.dll [2010/08/15 16:49:25 | 000,876,032 | ---- | C] (Abysmal Software) -- C:\Users\Ryan\Desktop\DevIL.dll [2010/08/15 16:49:25 | 000,698,368 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.XtraLayout.v9.3.dll [2010/08/15 16:49:25 | 000,584,192 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.XtraTreeList.v9.3.dll [2010/08/15 16:49:25 | 000,077,824 | ---- | C] (Abysmal Software) -- C:\Users\Ryan\Desktop\ILU.dll [2010/08/15 16:49:25 | 000,032,768 | ---- | C] ( ) -- C:\Users\Ryan\Desktop\Interop.Scripting.dll [2010/08/15 16:49:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\hk [2010/08/15 16:49:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\ai [2010/08/13 14:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II [2010/08/13 14:11:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\StarCraft II [2010/08/13 14:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010/08/13 14:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2010/08/13 13:54:01 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\sc [2010/08/10 22:01:26 | 000,000,000 | R--D | C] -- C:\Users\Ryan\Desktop\Left 4 Dead 2 [2010/08/10 18:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/08/10 18:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/08/10 18:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010/08/10 18:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2010/08/10 18:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010/08/10 18:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2009/02/07 19:23:06 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/08/20 11:03:46 | 063,655,328 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010/08/20 11:02:11 | 004,718,592 | -HS- | M] () -- C:\Users\Ryan\NTUSER.DAT [2010/08/20 11:00:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/08/20 10:58:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/08/20 10:57:51 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/08/20 10:57:51 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/08/20 10:57:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/08/20 10:57:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/08/20 10:57:43 | 4025,802,752 | -HS- | M] () -- C:\hiberfil.sys [2010/08/20 00:24:23 | 000,524,288 | -HS- | M] () -- C:\Users\Ryan\NTUSER.DAT{ac9130b5-ba11-11de-979e-00e04da13977}.TMContainer00000000000000000001.regtrans-ms [2010/08/20 00:24:23 | 000,065,536 | -HS- | M] () -- C:\Users\Ryan\NTUSER.DAT{ac9130b5-ba11-11de-979e-00e04da13977}.TM.blf [2010/08/20 00:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/08/19 23:54:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2920161537-2277595896-3629292948-1000UA.job [2010/08/19 15:53:27 | 000,013,048 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll [2010/08/19 15:53:27 | 000,001,725 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010/08/19 15:53:25 | 000,317,520 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys [2010/08/19 15:53:20 | 000,269,904 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys [2010/08/19 15:53:18 | 000,035,536 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010/08/19 15:53:17 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010/08/19 13:29:30 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/08/19 12:48:01 | 000,001,356 | ---- | M] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat [2010/08/19 11:59:18 | 000,000,120 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Qkipataza.dat [2010/08/19 11:59:18 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Dpuvakaxode.bin [2010/08/19 11:58:26 | 000,000,005 | ---- | M] () -- C:\zrpt.xml [2010/08/19 11:46:53 | 000,000,565 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\myMPQ.ini [2010/08/17 12:54:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2920161537-2277595896-3629292948-1000Core.job [2010/08/15 16:48:55 | 000,000,805 | ---- | M] () -- C:\Users\Ryan\Desktop\SC2ALLin1.lnk [2010/08/13 15:09:10 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010/08/13 13:36:19 | 331,729,743 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/08/12 23:59:12 | 004,345,269 | -H-- | M] () -- C:\Users\Ryan\AppData\Local\IconCache.db [2010/08/12 19:56:05 | 000,002,072 | ---- | M] () -- C:\Users\Ryan\Desktop\Google Chrome.lnk [2010/08/12 19:56:05 | 000,002,034 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/08/10 21:34:25 | 000,189,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010/08/10 21:34:25 | 000,189,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010/08/10 19:14:39 | 017,478,913 | ---- | M] () -- C:\Users\Ryan\Desktop\l4d2 2001 patch full no need change.rar.zip [2010/08/10 18:14:18 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/08/10 18:10:41 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/07/31 15:15:59 | 004,797,440 | ---- | M] (Vernam7) -- C:\Users\Ryan\Desktop\SC2ALLin1.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/08/19 15:53:27 | 000,001,725 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010/08/19 15:53:26 | 000,013,048 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll [2010/08/19 15:53:25 | 000,317,520 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys [2010/08/19 15:53:20 | 000,269,904 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys [2010/08/19 15:53:17 | 063,629,394 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010/08/19 15:53:17 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010/08/19 15:53:17 | 000,035,536 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010/08/19 13:29:30 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/08/19 13:29:27 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2010/08/19 12:57:17 | 4025,802,752 | -HS- | C] () -- C:\hiberfil.sys [2010/08/19 11:59:18 | 000,000,120 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Qkipataza.dat [2010/08/19 11:59:18 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Dpuvakaxode.bin [2010/08/19 11:58:02 | 000,000,005 | ---- | C] () -- C:\zrpt.xml [2010/08/15 18:35:07 | 000,000,565 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\myMPQ.ini [2010/08/15 16:49:25 | 001,101,824 | ---- | C] () -- C:\Users\Ryan\Desktop\myMPQ.dll [2010/08/15 16:49:25 | 000,037,888 | ---- | C] () -- C:\Users\Ryan\Desktop\DevIL.NET2.dll [2010/08/15 16:49:25 | 000,002,238 | ---- | C] () -- C:\Users\Ryan\Desktop\zergmouse.cur [2010/08/15 16:49:25 | 000,002,238 | ---- | C] () -- C:\Users\Ryan\Desktop\terranmouse.cur [2010/08/15 16:49:25 | 000,002,238 | ---- | C] () -- C:\Users\Ryan\Desktop\protossmouse.cur [2010/08/15 16:48:54 | 000,000,805 | ---- | C] () -- C:\Users\Ryan\Desktop\SC2ALLin1.lnk [2010/08/13 14:54:54 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010/08/10 22:45:50 | 017,478,913 | ---- | C] () -- C:\Users\Ryan\Desktop\l4d2 2001 patch full no need change.rar.zip [2010/08/10 18:14:18 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/08/10 18:10:41 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/03/28 20:16:39 | 000,422,956 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI372C.txt [2010/03/28 20:16:38 | 000,013,386 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI372C.txt [2009/12/13 16:45:59 | 000,329,550 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI09FB.txt [2009/12/13 16:45:59 | 000,013,962 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI09FB.txt [2009/12/13 16:28:30 | 000,327,858 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI7C9A.txt [2009/12/13 16:28:30 | 000,011,154 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI7C9A.txt [2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009/07/14 15:55:46 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009/07/14 15:31:33 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2009/05/23 10:57:29 | 000,334,332 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI3C1F.txt [2009/05/23 10:57:29 | 000,011,202 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI3C1F.txt [2009/05/23 08:22:45 | 000,416,296 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI45B1.txt [2009/05/23 08:22:45 | 000,011,410 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI45B1.txt [2009/05/11 12:17:19 | 000,000,035 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\TheHunterSettings.cfg [2009/05/09 20:08:30 | 002,466,458 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_NET_Framework35_x64_MSI1BFE.txt [2009/05/09 19:40:27 | 000,227,093 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_depcheck_NETFX_EXP_35.txt [2009/05/09 19:40:23 | 000,000,002 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx35error.txt [2009/05/09 19:40:22 | 000,289,102 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx35install.txt [2009/05/09 19:39:27 | 000,581,814 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI05BB.txt [2009/05/09 19:39:25 | 000,014,332 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI05BB.txt [2009/04/09 23:05:16 | 000,001,356 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat [2009/03/06 22:07:23 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI [2009/02/07 19:23:06 | 000,748,167 | ---- | C] () -- C:\Windows\SysWow64\Co2c40en.dll [2009/02/07 19:23:03 | 000,000,227 | ---- | C] () -- C:\Windows\teensmrt.ini [2009/02/06 14:01:15 | 000,000,080 | ---- | C] () -- C:\Windows\sierra.ini [2008/12/13 12:25:41 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2008/12/05 08:48:37 | 000,001,460 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps64.dat [2008/12/05 07:54:02 | 000,000,092 | ---- | C] () -- C:\Users\Ryan\AppData\Local\fusioncache.dat [2008/12/04 21:55:03 | 000,747,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008/12/04 21:43:12 | 000,019,968 | ---- | C] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/04/11 17:37:37 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2008/04/03 10:10:34 | 000,028,101 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_depcheckdotnetfx30.txt [2008/04/03 10:10:28 | 000,005,664 | ---- | C] () -- C:\Users\Ryan\AppData\Local\uxeventlog.txt [2008/04/03 10:10:28 | 000,000,604 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx3error.txt [2008/04/03 10:10:27 | 000,031,806 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx3install.txt [2008/01/20 19:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 19:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Ryan\Desktop\Defiance (2008) DVDSCR Occor avi.mp4:TOC.WMV @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:C39E55C5 < End of report > OTL Extras logfile created on: 08/20/2010 11:02:01 AM - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Ryan\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 10.68 Gb Free Space | 2.29% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RYAN1-PC Current User Name: Ryan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" () InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l () scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02B236B2-3FD4-4D09-9A16-B506DEC225B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{04D797CB-036D-4C00-80BC-1F1B60489812}" = lport=137 | protocol=17 | dir=in | app=system | "{180E92A2-AE91-4C8D-803D-66A41F45A718}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1BC6CB66-0E28-4BD9-B24D-78CF9FD2A614}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1EB3C084-FC43-4A28-AADC-74990294C227}" = rport=139 | protocol=6 | dir=out | app=system | "{25909D5D-B81B-4A72-890A-FD4AB79A8DF1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2D811196-3099-4780-98DF-A27A92A8C7A1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2DB7DF9D-2B99-4361-B15E-AF96F621F9AE}" = rport=445 | protocol=6 | dir=out | app=system | "{40526FE1-FEF7-411B-B66C-5C07AF87B0AA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{423F94F7-490B-42CA-AFC6-1DA5FF5218B7}" = lport=58531 | protocol=6 | dir=in | name=pando media booster | "{49F03BC6-E08B-4815-AA20-4D929422353E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4F730EBE-6587-44FF-9ADE-AC2188DFA481}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{61EE5A36-9CC7-4F83-A5E7-96BC416E8F78}" = lport=58531 | protocol=6 | dir=in | name=pando media booster | "{645ED99D-EA92-4C15-90C5-3F2E5DB692DF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6ADE226E-40FC-4324-A66F-8D7C98484ECF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7517E53C-32FC-4AE1-A874-A465D79841FE}" = lport=2869 | protocol=6 | dir=in | app=system | "{78ADABB8-4B63-4228-9238-A378B2ECBCB5}" = rport=10243 | protocol=6 | dir=out | app=system | "{7F2A2547-1E84-496B-838A-1600664D4F60}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{80FF7F5E-ECB5-416E-A93B-84996826CDBB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8FC44BD3-2A5B-47B5-AE94-757BF0B27638}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B76BC131-23A7-4F05-B701-F40FAF289CB0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{B8DC4514-3571-436A-8E5F-A84B7F5DBD82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BD5F4804-7967-4FBE-A9E6-81D99970A9A6}" = lport=58531 | protocol=17 | dir=in | name=pando media booster | "{BD5FCC66-9420-4170-8FB2-4EE3CBE19C7F}" = lport=10243 | protocol=6 | dir=in | app=system | "{C87AE7C2-47DE-41B5-B48D-AF69C0DA9BF9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C8B15FEE-F7B4-4472-8A42-49796603B60D}" = lport=139 | protocol=6 | dir=in | app=system | "{D1555AC4-A891-450B-A964-811DC0CF77D7}" = rport=137 | protocol=17 | dir=out | app=system | "{D1869FF4-6FD0-434F-933E-60A799D01E31}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D656261F-C86D-44D1-97F2-C8082AA53B72}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{D9579BBC-F122-48AF-9FF1-C552DC637D1A}" = lport=445 | protocol=6 | dir=in | app=system | "{DA12EEB1-E8A7-42F4-B97B-E34415E3BC42}" = lport=58531 | protocol=17 | dir=in | name=pando media booster | "{E22EE837-B17F-42A6-BF87-AA066788ED14}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E364DFE9-DFDE-4E82-BFD1-3D6F07B708A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EB69B14E-28C3-4005-A536-C5F2DFCAF74E}" = lport=2869 | protocol=6 | dir=in | app=system | "{EC33707D-693D-4340-82FF-00AEE051B3B9}" = lport=138 | protocol=17 | dir=in | app=system | "{F22CA274-BD36-4FB1-A2B6-4BA9A1D94E5E}" = rport=2869 | protocol=6 | dir=out | app=system | "{F70B3A5A-7304-4F11-972F-88ECAF9F4224}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F7487799-2443-4F4E-A897-34E385A57C49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FF56AC3E-352E-4D0B-BE74-6B92F9FD7ED6}" = rport=138 | protocol=17 | dir=out | app=system | "{FFDB488E-18AB-43F8-809D-D2873ED47822}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02C0E8B3-38E3-4A1D-AFBA-272059105F32}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe | "{07AA2AB3-7C8F-43FF-9FEC-E293EB68DC8E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0B62526D-0FE8-4001-8257-9822D9A51E95}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | "{0BBBED06-9614-46D2-8512-8FD6011F3744}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{0EAEA559-93A1-408F-8D0D-E712163F2FAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{10AA416E-A0E1-4CDD-B7C9-F5C41D6B7DF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{11EF0F2D-EEEC-45EB-BAAD-0B0939560CC7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{13C7F0B4-FFC2-4EAB-910B-E0D132FB4ADA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{175F3EC9-D46D-44AE-9611-E9D1F26E1EB9}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe | "{17827644-1785-4E4F-BC88-7BDB4E111E62}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | "{1838D5AF-B098-4B51-A66E-E753CC04F0FA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1BE3A066-8B5D-4F92-9C72-07FD185DCC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | "{1E17A6AC-CF51-4A36-9E27-553F4301134B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{2038CF95-D09A-4447-8730-52070072943D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{214BDFB2-433B-4F17-A6AD-51EB5E4DB51D}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe | "{26000AD4-C5C9-4730-A799-83C04F1A227C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2729648F-F631-4823-92E9-12B86A9AD7DB}" = protocol=6 | dir=out | app=system | "{29735DE4-F6EC-450C-906C-6A3F9F4C99BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2AD1C598-B272-47E9-AE60-4279B849AFD7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{2B8737CF-2129-4BA9-BC00-E675B34B845D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2E9193AD-7D48-4C37-B97C-8F8E1198AA12}" = protocol=6 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe | "{30D01B78-F792-42D3-9021-921484BAB5F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{30D77E41-BCC6-4361-83D4-642B69483042}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | "{32D12671-10CD-4869-9013-5E78A169E18C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{359AE0C9-827B-449E-A9CB-6C3689E7982E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{384ECBE7-151C-4FC6-B63C-75312098C1AD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{386BF2DE-B97A-49D9-92DD-D66431D38874}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3967E751-F52A-43FA-9BF7-3C2080864403}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | "{39EB26C9-7365-47EF-9F2E-E8839A1822A6}" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe | "{3E54E104-A963-4AB6-BC5B-F09C1B76BA23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4082335A-B716-449A-B91A-86CD2C327AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{452CCF1A-9D31-4E95-A40A-432FF79196BE}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{45EBE370-B933-4039-971D-ABF91E4FD856}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{47777210-79CD-45AF-9766-8580025D48F0}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{48D8FD4D-E94C-4C12-973A-4B43395839DA}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{49B6F792-CA0D-481A-A75C-BB9383209620}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | "{4D385FFC-4234-45EC-AE46-F58EE3A1D54F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4DF39988-0A5C-48D5-AC45-F26CAD85179E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{4F5F61B7-C567-4354-B3FC-26140446EF6D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe | "{519B2295-B930-4475-B505-BF33CE7AA623}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | "{51B8D284-D172-4285-8ADA-E9E5F43251AA}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{54E215F3-2A23-4DA1-B835-661816A31DB1}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{5520D2A6-18CB-499D-9EBF-DC4637CB62E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5AC5503D-63F5-40D2-ABD2-A1A3394035C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{5EF3FF6B-7A05-4452-9363-F0A399550207}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | "{60D1EB74-A205-40DA-946F-EC86C3D26C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | "{6A34DDFD-E118-4687-89AA-E83CA488CB94}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{6D59185D-BEF8-4A32-BAF9-2A35CA250AFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{72DC1A49-6917-4959-9CF9-003E9CF8A04F}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{7466CFEE-5F98-48FD-8B6D-D171831649B9}" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe | "{773AD95E-2B3A-472C-8DB6-0133A48373A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{798FB662-8ABB-4527-92C4-9F38E88AAD90}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7D09DC00-02FF-4E82-95F1-37F2FADA5027}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{7D4B137A-1873-4E10-9ADD-1C289431D7FD}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{7F1DFC69-775F-463B-B799-FA7354CCD88B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{83117107-3E81-4754-B4E9-20EB2FD74EFA}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{83850B18-97C6-4CD4-A88D-8DE126EFA5D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8698DD3D-C50F-4E8B-AD85-49C369901002}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe | "{86C92B9A-DA0F-4400-B248-952F74EF7147}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{8A23E8E9-ACE4-45DD-A994-DD392C0E3811}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8E0FC138-4B78-4FE6-B956-44525D5B57C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8E8E960A-5D3F-49A0-9A33-B97909B5F03B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{8ED34286-E02B-4E2D-AAA1-14F7CF15250D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8FD4D1E2-F21F-4EE6-A84C-39E786874F2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "{936FD310-1813-455B-A699-7F6CBF2EDCC4}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mp.exe | "{93BEB86A-150C-43F7-8839-A8D9DAB11918}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe | "{9526854E-3197-4CC1-8233-383B81222044}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{97B68CF2-C50E-429C-A5DF-0961A140B330}" = protocol=17 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe | "{998FA86A-8D26-4A1F-A0C3-AF0017DED492}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{9A0AA802-FA04-4C4E-B60A-47219EC3A24E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "{9C08C6F9-F438-4A7D-BB74-13553841EAF0}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{A17C471F-51D8-43A0-8CAC-3802A524A758}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mplite.exe | "{A2732B73-6953-4761-91A5-779A5C667995}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A444B557-1C31-4792-903D-ABB05A8CB1EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A58BC768-B356-4ED9-8E4D-7A9C81B0E998}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{A698BC8D-245D-4B3C-B9FD-A2AF1BA8F31D}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{A6C9FA05-0A5C-4D09-92D4-5C94F50FA109}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{A740734D-8C16-4030-810D-803607F170AB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe | "{A869345F-7C26-4DE2-8D15-3779258DBF9C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A9C77A91-3834-4AAA-95D8-4B6E0F170ECF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB9252F1-FC18-4E0D-B038-0CB39C797EDF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe | "{ACAFDBED-BEAF-4543-A863-222D3EAC12F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{AF20930C-5693-4728-BF4D-39E5AC53B8D3}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{AF848067-88CA-44E0-87AF-F02511AE68F0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B0D7B10B-EDEE-431B-A849-E58F810251B8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{B3C74E2E-E733-4541-A78F-0831288C3AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mplite.exe | "{B4E26E87-120B-4A7E-9630-6F89F80EED7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B54C764A-3F9A-40FB-A31E-7EEFD35A8A49}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B87C7C1D-3AC6-480E-9B43-D86245FA016E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{B8E5C988-6917-4CBF-81E5-F433D92CD494}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{B919A65F-DB58-4C7E-9E3B-5EAE72549222}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA265C78-4364-436E-88D9-59179EDECFC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BB8A83F7-CDA6-4C06-8627-B5790C5AF03C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{BC1CE565-B960-473C-A8AC-378F7197AB5B}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | "{C46E8DC4-667C-443D-8CAF-42AF21097C7E}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | "{C5644948-D301-47AA-98B0-A642056660B4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{C6B70246-71E2-4DCC-B3B5-F737729216A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe | "{C74BD9AC-9DFD-4BB8-8749-6884D787F8A0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{CE836928-9149-44E4-BDE7-937476411972}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{D040D302-30C7-4E6A-B573-0CD5CCEB1437}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | "{D228CB32-3820-4568-8976-DF7AB8C614E5}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{D46CBDB8-0EBE-417C-968E-027F3B8045D9}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | "{D606E9B5-7382-4C91-8B13-F3EADF216785}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D947EF69-8818-4A82-98FB-8A741A5D8096}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mp.exe | "{D9AF8AA4-1DAD-4E1A-B696-49404AB44342}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{DC83E66C-A55E-4083-B46E-A3288816798D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{DDCCA54A-A549-4F34-A451-338C097C35D6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DE926E7D-C321-49AC-AE72-5D5526B88FC8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | "{E1BB6CA5-13DE-42AC-9331-15EA138D3618}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{E1E86C6A-B2F7-4616-8555-823CB078D494}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E71E395F-0867-4640-A94A-154F8E9B74BE}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{E7A4C508-E945-4A94-A9E7-AF9620214BD2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{E8F8223B-C183-4F7C-8052-50463C8FF902}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{ECFAD8B5-CDCD-4EA2-8E74-0E3EBE2486D2}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{EDD47D50-C5F1-45C4-86F4-7157762B6C63}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{F4941F6E-7E2B-40C5-BA67-E57102F79C5E}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe | "{FAE46CFF-FFE3-4BA4-ACD1-B6C5C6EC3C33}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{FCF9A07B-4A80-4EE7-B76A-9EC7E18CBD90}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "TCP Query User{0B055FA4-F4DE-4A24-AF09-076272C324BB}C:\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\mohaa\mohaa.exe | "TCP Query User{277FB28E-90B9-4FD3-BA7E-7E18ECC4FE28}C:\program files (x86)\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\america's army\system\armyops.exe | "TCP Query User{7A7FA04C-7040-4D69-A55E-B9DBCA91FAE3}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "TCP Query User{7F77FCB2-BE08-4027-AD31-7CE9FB11EDDB}C:\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\left 4 dead\left4dead.exe | "TCP Query User{9D60618F-911D-42BE-A3E6-53D573FC639F}C:\program files (x86)\emote\launcher\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emote\launcher\launcher.exe | "TCP Query User{9EE92007-0B80-4363-AE0D-05A932DC5C11}C:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "TCP Query User{B01FE4B4-1EF9-4B4F-A6F8-95183295B50F}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | "UDP Query User{17B3C90C-AF1F-4926-B78E-7764748F24D8}C:\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\left 4 dead\left4dead.exe | "UDP Query User{2FA0C7B2-078A-4200-9589-9420EFE5ADB1}C:\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\mohaa\mohaa.exe | "UDP Query User{80C58662-EA57-40CE-8E48-EABC9320B0AC}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | "UDP Query User{8DF605DF-6E17-4A62-91F9-2A0107C82F57}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "UDP Query User{9970C97F-3A4D-415A-9AED-7174A49653E1}C:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "UDP Query User{AB2DD133-1502-433A-92C7-184FCF335BFF}C:\program files (x86)\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\america's army\system\armyops.exe | "UDP Query User{BC7E5651-117D-480D-AA56-FFC7B88C99C6}C:\program files (x86)\emote\launcher\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emote\launcher\launcher.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{23170F69-40C1-2702-0462-000001000000}" = 7-Zip 4.62 (x64 edition) "{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes "{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{898FF489-EB70-BB92-C5BD-D7E10329BF9E}" = ccc-utility64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2A0CBEE-8949-474E-9D2B-539726D20531}" = Microsoft IntelliPoint 6.3 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "TeamSpeak 3 Client" = TeamSpeak 3 Client "VistaGlazz_is1" = VistaGlazz 1.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis® "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{0166E190-92D7-482A-A220-DE8B7354383A}" = Demigod "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial "{039E5107-9932-B731-A551-5BF554DA9542}" = Catalyst Control Center HydraVision Full "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection "{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup "{20EB7BAE-7F60-34AD-130B-1C938FD65BE9}" = Catalyst Control Center Core Implementation "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{25235761-5EAB-76EA-2C7A-09FC6513784B}" = Catalyst Control Center Graphics Full Existing "{25F4442A-6CA5-03F6-2470-E6DF04175374}" = CCC Help English "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer