virus! need help

littleshu · August 20, 2010

i got a virus. i think it was resultdns service. the main problem now is explorer wont start up.

Malwarebytes' Anti-Malware log file

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4449

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18882

08/19/2010 3:10:58 PM

mbam-log-2010-08-19 (15-10-58).txt

Scan type: Full scan (C:\|)

Objects scanned: 523906

Time elapsed: 1 hour(s), 30 minute(s), 31 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 1

Registry Keys Infected: 38

Registry Values Infected: 12

Registry Data Items Infected: 3

Folders Infected: 10

Files Infected: 41

Memory Processes Infected:

C:\ProgramData\ResultDns\resultdns113.exe (Adware.ResultDns) -> Unloaded process successfully.

C:\Program Files (x86)\ResultDns\resultdns.exe (Adware.ResultDns) -> Unloaded process successfully.

Memory Modules Infected:

C:\Program Files (x86)\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3615583f-c2a5-4148-81ce-7152c14716e4} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3615583f-c2a5-4148-81ce-7152c14716e4} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3615583f-c2a5-4148-81ce-7152c14716e4} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3615583f-c2a5-4148-81ce-7152c14716e4} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{24f7625d-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{24f7625d-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{24f7625d-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24f7625d-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d212b886-1bdd-4046-b807-c61650837da1} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d212b886-1bdd-4046-b807-c61650837da1} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d212b886-1bdd-4046-b807-c61650837da1} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d212b886-1bdd-4046-b807-c61650837da1} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gabpath (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDns) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pdekurozece (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gabpath (Adware.GabPath) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Adware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bar (Trojan.Dropper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{24f7625c-f9fe-4384-8732-1c780f567f8c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windrivxxx.exe (Trojan.SpyEye) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipusp (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cvmtupnx (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nrgurgxx (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\epecicima (Trojan.Agent.U) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://home.tangotoolbar.com/) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Folders Infected:

C:\Users\Ryan\AppData\Roaming\GabPath (Adware.Agent) -> Quarantined and deleted successfully.

C:\ProgramData\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} (Adware.ResultDns) -> Delete on reboot.

C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome (Adware.ResultDns) -> Delete on reboot.

C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ResultDns (Adware.ResultDns) -> Delete on reboot.

C:\Program Files (x86)\ResultDns\ResultDns_deleted_ (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\WinDrivxxx.exe (Trojan.SpyEye) -> Quarantined and deleted successfully.

Files Infected:

C:\Users\Ryan\AppData\Local\nsonFwm.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Roaming\GabPath\gabpath.exe (Adware.GabPath) -> Quarantined and deleted successfully.

C:\Windows\System32\sogkp.exe (Trojan.Adware) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Local\Temp\emxoawcnrs.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\fogkp.dll (Adware.EZlife) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Left 4 Dead 2\Razor1911.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ResultDns\ResultDns_deleted_\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\ProgramData\Update\seupd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Local\Temp\mkcxhunr.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Local\Temp\ooflgt.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Local\Temp\xjoqojgw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\components\gpff.dll (Adware.Agent) -> Delete on reboot.

C:\Users\Ryan\Downloads\XPKey-283451.unk (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Ryan\Downloads\Call of Duty 4 Keygen\CoD4 Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\Windows\System32\5a78.dll (Adware.Mirar) -> Quarantined and deleted successfully.

C:\Windows\System32\bogkp.dll (Adware.BHO) -> Quarantined and deleted successfully.

C:\Windows\System32\fogkp.dll (Adware.BHO) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\5a78.dll (Adware.Mirar) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\bogkp.dll (Adware.BHO) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\sogkp.exe (Trojan.Adware) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsrE96D.tmp\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Roaming\GabPath\config.cfg (Adware.Agent) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Roaming\GabPath\GPUninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\ProgramData\ResultDns\resultdns113.exe (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome.manifest (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\install.rdf (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome\resultdns.jar (Adware.ResultDns) -> Delete on reboot.

C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences\prefs.js (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot.

C:\Program Files (x86)\ResultDns\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ResultDns\uninstall.exe (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ResultDns\ResultDns_deleted_\resultdns.dll (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\WinDrivxxx.exe\config.bin (Trojan.SpyEye) -> Quarantined and deleted successfully.

C:\WinDrivxxx.exe\WinDrivxxx.exe (Trojan.SpyEye) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\jnipmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Ryan\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Local\xlpfrloba\ijrsdbashdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Local\rnyesxpnk\iyiansishdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Users\Ryan\AppData\Local\uvoyejuh.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

ark.zip

Elise · August 20, 2010

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

Please download OTL from one of the following mirrors:
- This is THE Mirror
[*]Save it to your desktop.
[*]Double click on the icon on your desktop.
[*]Click the "Scan All Users" checkbox.
[*]Push the button.
[*]Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

A detailed description of your problems
A new OTL log (don't forget extra.txt)

littleshu · August 20, 2010

Thanks for helping. The symptoms started like normal ad ware. a fake virus scan popped up and said i need to run a virus scan. after that happend explorer crashed. i restarted the computer and explorer said it need to close. i've tryed to start explorer with the task manager but it keeps saying it needs to close. the only other problem i can see is chrome internet does not work.

i've run avg free and mbam.

OTL logfile created on: 08/20/2010 11:02:01 AM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Ryan\Downloads

64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 10.68 Gb Free Space | 2.29% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RYAN1-PC

Current User Name: Ryan

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/20 11:01:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\OTL.exe

PRC - [2010/08/19 15:52:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/04/30 16:47:37 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009/04/02 16:30:12 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe

PRC - [2006/11/02 08:03:35 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe

========== Modules (SafeList) ==========

MOD - [2010/08/20 11:01:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\OTL.exe

MOD - [2008/01/20 19:51:13 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll

MOD - [2008/01/20 19:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2008/01/20 19:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)

SRV:64bit: - [2010/03/02 21:12:12 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2008/01/20 19:51:22 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)

SRV:64bit: - [2008/01/20 19:51:03 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)

SRV:64bit: - [2008/01/20 19:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008/01/20 19:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/09/07 11:16:16 | 001,909,032 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)

SRV - [2010/08/19 15:52:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009/11/05 22:42:19 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/04/02 16:30:12 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2009/02/16 17:42:00 | 002,741,114 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2008/12/13 12:18:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/12/05 21:42:11 | 000,376,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2008/11/11 15:33:12 | 000,200,704 | ---- | M] (SoundMovieServer) [On_Demand | Stopped] -- C:\Windows\SysWOW64\snmvtsvc.exe -- (SoundMovieServer)

SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)

SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2010/08/19 15:53:25 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)

DRV:64bit: - [2010/08/19 15:53:20 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)

DRV:64bit: - [2010/08/19 15:53:18 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/03/02 21:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/03/02 21:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/03/02 20:07:32 | 000,188,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2009/10/12 21:34:45 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)

DRV:64bit: - [2009/10/12 21:34:44 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/01/08 20:09:10 | 000,033,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)

DRV:64bit: - [2008/12/04 21:05:25 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2008/11/11 15:05:16 | 000,033,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio)

DRV:64bit: - [2008/06/10 14:04:28 | 000,036,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)

DRV:64bit: - [2008/06/09 14:12:08 | 000,020,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)

DRV:64bit: - [2008/02/13 23:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/01/20 19:51:03 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)

DRV:64bit: - [2008/01/20 19:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2007/02/16 12:12:36 | 000,012,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2007/02/16 11:30:12 | 000,014,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2007/02/15 17:11:26 | 000,012,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid)

DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2009/01/26 15:17:09 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2009/01/26 15:17:08 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2006/10/31 00:25:01 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)

DRV - [2005/01/01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 46 B6 F9 0B 8D CA 01 [binary data]

IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7

FF - prefs.js..extensions.enabledItems: {4bcdbfd0-fa26-11de-8a39-0800200c9a66}:3

FF - prefs.js..extensions.enabledItems: firedownload@mozilla.org:1.1.7

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52

FF - prefs.js..extensions.enabledItems: {1FC31306-9493-433B-8F49-5C8FCFA8A3F3}:1.9.1

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845

FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Ryan\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} [2010/08/19 11:59:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{1FC31306-9493-433B-8F49-5C8FCFA8A3F3}: C:\Users\Ryan\AppData\Local\{1FC31306-9493-433B-8F49-5C8FCFA8A3F3}\ [2010/08/19 11:59:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/08/19 15:52:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/10 18:11:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/10 18:11:17 | 000,000,000 | ---D | M]

[2008/12/04 20:59:34 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions

[2010/08/19 18:24:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions

[2009/06/29 18:07:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/11/13 13:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2009/08/29 11:12:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/10/29 21:58:12 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009/10/02 17:40:48 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\battlefieldheroespatcher@ea.com

[2009/07/25 19:58:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\firedownload@mozilla.org

[2009/09/04 08:32:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\uutx9myz.default\extensions\firetorrent@radicalsoft.com

[2010/08/19 18:24:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2009/01/28 20:08:04 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiCHPlugin.dll

[2008/09/10 00:39:42 | 000,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

[2010/08/05 12:37:48 | 000,002,074 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2009/01/04 20:30:06 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000..\Run: [steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-2920161537-2277595896-3629292948-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files (x86)\Hamachi\hamachi.exe (LogMeIn Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()

O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{5810b619-c284-11dd-a60b-00e04da13977}\Shell - "" = AutoRun

O33 - MountPoints2\{5810b619-c284-11dd-a60b-00e04da13977}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found

O33 - MountPoints2\{584129dc-ddc5-11dd-8050-00e04da13977}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe -- File not found

O33 - MountPoints2\{f00d8c8c-c303-11dd-b906-f68d64452dcd}\Shell - "" = AutoRun

O33 - MountPoints2\{f00d8c8c-c303-11dd-b906-f68d64452dcd}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/19 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\logs

[2010/08/19 16:48:05 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/08/19 15:53:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg

[2010/08/19 15:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2010/08/19 15:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[2010/08/19 13:29:37 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes

[2010/08/19 13:29:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/08/19 13:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/08/19 13:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/08/19 11:59:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1FC31306-9493-433B-8F49-5C8FCFA8A3F3}

[2010/08/19 11:58:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\rnyesxpnk

[2010/08/19 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\xlpfrloba

[2010/08/19 11:57:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Windows Server

[2010/08/19 11:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Update

[2010/08/15 16:50:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\sc2

[2010/08/15 16:49:25 | 004,797,440 | ---- | C] (Vernam7) -- C:\Users\Ryan\Desktop\SC2ALLin1.exe

[2010/08/15 16:49:25 | 002,995,712 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.Utils.v9.3.dll

[2010/08/15 16:49:25 | 002,059,776 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.Data.v9.3.dll

[2010/08/15 16:49:25 | 001,642,496 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.XtraEditors.v9.3.dll

[2010/08/15 16:49:25 | 001,184,256 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.OfficeSkins.v9.3.dll

[2010/08/15 16:49:25 | 000,876,032 | ---- | C] (Abysmal Software) -- C:\Users\Ryan\Desktop\DevIL.dll

[2010/08/15 16:49:25 | 000,698,368 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.XtraLayout.v9.3.dll

[2010/08/15 16:49:25 | 000,584,192 | ---- | C] (Developer Express Inc.) -- C:\Users\Ryan\Desktop\DevExpress.XtraTreeList.v9.3.dll

[2010/08/15 16:49:25 | 000,077,824 | ---- | C] (Abysmal Software) -- C:\Users\Ryan\Desktop\ILU.dll

[2010/08/15 16:49:25 | 000,032,768 | ---- | C] ( ) -- C:\Users\Ryan\Desktop\Interop.Scripting.dll

[2010/08/15 16:49:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\hk

[2010/08/15 16:49:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\ai

[2010/08/13 14:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II

[2010/08/13 14:11:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\StarCraft II

[2010/08/13 14:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2010/08/13 14:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment

[2010/08/13 13:54:01 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\sc

[2010/08/10 22:01:26 | 000,000,000 | R--D | C] -- C:\Users\Ryan\Desktop\Left 4 Dead 2

[2010/08/10 18:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/08/10 18:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/08/10 18:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/08/10 18:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2010/08/10 18:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010/08/10 18:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2009/02/07 19:23:06 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/20 11:03:46 | 063,655,328 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/08/20 11:02:11 | 004,718,592 | -HS- | M] () -- C:\Users\Ryan\NTUSER.DAT

[2010/08/20 11:00:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/08/20 10:58:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/08/20 10:57:51 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/08/20 10:57:51 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/08/20 10:57:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/08/20 10:57:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/08/20 10:57:43 | 4025,802,752 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/20 00:24:23 | 000,524,288 | -HS- | M] () -- C:\Users\Ryan\NTUSER.DAT{ac9130b5-ba11-11de-979e-00e04da13977}.TMContainer00000000000000000001.regtrans-ms

[2010/08/20 00:24:23 | 000,065,536 | -HS- | M] () -- C:\Users\Ryan\NTUSER.DAT{ac9130b5-ba11-11de-979e-00e04da13977}.TM.blf

[2010/08/20 00:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/08/19 23:54:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2920161537-2277595896-3629292948-1000UA.job

[2010/08/19 15:53:27 | 000,013,048 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll

[2010/08/19 15:53:27 | 000,001,725 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/08/19 15:53:25 | 000,317,520 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/08/19 15:53:20 | 000,269,904 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys

[2010/08/19 15:53:18 | 000,035,536 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2010/08/19 15:53:17 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm

[2010/08/19 13:29:30 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/19 12:48:01 | 000,001,356 | ---- | M] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat

[2010/08/19 11:59:18 | 000,000,120 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Qkipataza.dat

[2010/08/19 11:59:18 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Dpuvakaxode.bin

[2010/08/19 11:58:26 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

[2010/08/19 11:46:53 | 000,000,565 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\myMPQ.ini

[2010/08/17 12:54:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2920161537-2277595896-3629292948-1000Core.job

[2010/08/15 16:48:55 | 000,000,805 | ---- | M] () -- C:\Users\Ryan\Desktop\SC2ALLin1.lnk

[2010/08/13 15:09:10 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk

[2010/08/13 13:36:19 | 331,729,743 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/08/12 23:59:12 | 004,345,269 | -H-- | M] () -- C:\Users\Ryan\AppData\Local\IconCache.db

[2010/08/12 19:56:05 | 000,002,072 | ---- | M] () -- C:\Users\Ryan\Desktop\Google Chrome.lnk

[2010/08/12 19:56:05 | 000,002,034 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/08/10 21:34:25 | 000,189,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2010/08/10 21:34:25 | 000,189,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/08/10 19:14:39 | 017,478,913 | ---- | M] () -- C:\Users\Ryan\Desktop\l4d2 2001 patch full no need change.rar.zip

[2010/08/10 18:14:18 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/08/10 18:10:41 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/07/31 15:15:59 | 004,797,440 | ---- | M] (Vernam7) -- C:\Users\Ryan\Desktop\SC2ALLin1.exe

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/19 15:53:27 | 000,001,725 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/08/19 15:53:26 | 000,013,048 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll

[2010/08/19 15:53:25 | 000,317,520 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/08/19 15:53:20 | 000,269,904 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys

[2010/08/19 15:53:17 | 063,629,394 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/08/19 15:53:17 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm

[2010/08/19 15:53:17 | 000,035,536 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2010/08/19 13:29:30 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/19 13:29:27 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys

[2010/08/19 12:57:17 | 4025,802,752 | -HS- | C] () -- C:\hiberfil.sys

[2010/08/19 11:59:18 | 000,000,120 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Qkipataza.dat

[2010/08/19 11:59:18 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Dpuvakaxode.bin

[2010/08/19 11:58:02 | 000,000,005 | ---- | C] () -- C:\zrpt.xml

[2010/08/15 18:35:07 | 000,000,565 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\myMPQ.ini

[2010/08/15 16:49:25 | 001,101,824 | ---- | C] () -- C:\Users\Ryan\Desktop\myMPQ.dll

[2010/08/15 16:49:25 | 000,037,888 | ---- | C] () -- C:\Users\Ryan\Desktop\DevIL.NET2.dll

[2010/08/15 16:49:25 | 000,002,238 | ---- | C] () -- C:\Users\Ryan\Desktop\zergmouse.cur

[2010/08/15 16:49:25 | 000,002,238 | ---- | C] () -- C:\Users\Ryan\Desktop\terranmouse.cur

[2010/08/15 16:49:25 | 000,002,238 | ---- | C] () -- C:\Users\Ryan\Desktop\protossmouse.cur

[2010/08/15 16:48:54 | 000,000,805 | ---- | C] () -- C:\Users\Ryan\Desktop\SC2ALLin1.lnk

[2010/08/13 14:54:54 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk

[2010/08/10 22:45:50 | 017,478,913 | ---- | C] () -- C:\Users\Ryan\Desktop\l4d2 2001 patch full no need change.rar.zip

[2010/08/10 18:14:18 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/08/10 18:10:41 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/03/28 20:16:39 | 000,422,956 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI372C.txt

[2010/03/28 20:16:38 | 000,013,386 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI372C.txt

[2009/12/13 16:45:59 | 000,329,550 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI09FB.txt

[2009/12/13 16:45:59 | 000,013,962 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI09FB.txt

[2009/12/13 16:28:30 | 000,327,858 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI7C9A.txt

[2009/12/13 16:28:30 | 000,011,154 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI7C9A.txt

[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009/07/14 15:55:46 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/07/14 15:31:33 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2009/05/23 10:57:29 | 000,334,332 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI3C1F.txt

[2009/05/23 10:57:29 | 000,011,202 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI3C1F.txt

[2009/05/23 08:22:45 | 000,416,296 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI45B1.txt

[2009/05/23 08:22:45 | 000,011,410 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI45B1.txt

[2009/05/11 12:17:19 | 000,000,035 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\TheHunterSettings.cfg

[2009/05/09 20:08:30 | 002,466,458 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_NET_Framework35_x64_MSI1BFE.txt

[2009/05/09 19:40:27 | 000,227,093 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_depcheck_NETFX_EXP_35.txt

[2009/05/09 19:40:23 | 000,000,002 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx35error.txt

[2009/05/09 19:40:22 | 000,289,102 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx35install.txt

[2009/05/09 19:39:27 | 000,581,814 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistMSI05BB.txt

[2009/05/09 19:39:25 | 000,014,332 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_vcredistUI05BB.txt

[2009/04/09 23:05:16 | 000,001,356 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat

[2009/03/06 22:07:23 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI

[2009/02/07 19:23:06 | 000,748,167 | ---- | C] () -- C:\Windows\SysWow64\Co2c40en.dll

[2009/02/07 19:23:03 | 000,000,227 | ---- | C] () -- C:\Windows\teensmrt.ini

[2009/02/06 14:01:15 | 000,000,080 | ---- | C] () -- C:\Windows\sierra.ini

[2008/12/13 12:25:41 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll

[2008/12/05 08:48:37 | 000,001,460 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps64.dat

[2008/12/05 07:54:02 | 000,000,092 | ---- | C] () -- C:\Users\Ryan\AppData\Local\fusioncache.dat

[2008/12/04 21:55:03 | 000,747,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2008/12/04 21:43:12 | 000,019,968 | ---- | C] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/04/11 17:37:37 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini

[2008/04/03 10:10:34 | 000,028,101 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_depcheckdotnetfx30.txt

[2008/04/03 10:10:28 | 000,005,664 | ---- | C] () -- C:\Users\Ryan\AppData\Local\uxeventlog.txt

[2008/04/03 10:10:28 | 000,000,604 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx3error.txt

[2008/04/03 10:10:27 | 000,031,806 | ---- | C] () -- C:\Users\Ryan\AppData\Local\dd_dotnetfx3install.txt

[2008/01/20 19:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 19:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Ryan\Desktop\Defiance (2008) DVDSCR Occor avi.mp4:TOC.WMV

@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:C39E55C5

< End of report >

OTL Extras logfile created on: 08/20/2010 11:02:01 AM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Ryan\Downloads

64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 10.68 Gb Free Space | 2.29% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RYAN1-PC

Current User Name: Ryan

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2920161537-2277595896-3629292948-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02B236B2-3FD4-4D09-9A16-B506DEC225B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{04D797CB-036D-4C00-80BC-1F1B60489812}" = lport=137 | protocol=17 | dir=in | app=system |

"{180E92A2-AE91-4C8D-803D-66A41F45A718}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{1BC6CB66-0E28-4BD9-B24D-78CF9FD2A614}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1EB3C084-FC43-4A28-AADC-74990294C227}" = rport=139 | protocol=6 | dir=out | app=system |

"{25909D5D-B81B-4A72-890A-FD4AB79A8DF1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2D811196-3099-4780-98DF-A27A92A8C7A1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{2DB7DF9D-2B99-4361-B15E-AF96F621F9AE}" = rport=445 | protocol=6 | dir=out | app=system |

"{40526FE1-FEF7-411B-B66C-5C07AF87B0AA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{423F94F7-490B-42CA-AFC6-1DA5FF5218B7}" = lport=58531 | protocol=6 | dir=in | name=pando media booster |

"{49F03BC6-E08B-4815-AA20-4D929422353E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{4F730EBE-6587-44FF-9ADE-AC2188DFA481}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{61EE5A36-9CC7-4F83-A5E7-96BC416E8F78}" = lport=58531 | protocol=6 | dir=in | name=pando media booster |

"{645ED99D-EA92-4C15-90C5-3F2E5DB692DF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{6ADE226E-40FC-4324-A66F-8D7C98484ECF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7517E53C-32FC-4AE1-A874-A465D79841FE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{78ADABB8-4B63-4228-9238-A378B2ECBCB5}" = rport=10243 | protocol=6 | dir=out | app=system |

"{7F2A2547-1E84-496B-838A-1600664D4F60}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{80FF7F5E-ECB5-416E-A93B-84996826CDBB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{8FC44BD3-2A5B-47B5-AE94-757BF0B27638}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B76BC131-23A7-4F05-B701-F40FAF289CB0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{B8DC4514-3571-436A-8E5F-A84B7F5DBD82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BD5F4804-7967-4FBE-A9E6-81D99970A9A6}" = lport=58531 | protocol=17 | dir=in | name=pando media booster |

"{BD5FCC66-9420-4170-8FB2-4EE3CBE19C7F}" = lport=10243 | protocol=6 | dir=in | app=system |

"{C87AE7C2-47DE-41B5-B48D-AF69C0DA9BF9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{C8B15FEE-F7B4-4472-8A42-49796603B60D}" = lport=139 | protocol=6 | dir=in | app=system |

"{D1555AC4-A891-450B-A964-811DC0CF77D7}" = rport=137 | protocol=17 | dir=out | app=system |

"{D1869FF4-6FD0-434F-933E-60A799D01E31}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D656261F-C86D-44D1-97F2-C8082AA53B72}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{D9579BBC-F122-48AF-9FF1-C552DC637D1A}" = lport=445 | protocol=6 | dir=in | app=system |

"{DA12EEB1-E8A7-42F4-B97B-E34415E3BC42}" = lport=58531 | protocol=17 | dir=in | name=pando media booster |

"{E22EE837-B17F-42A6-BF87-AA066788ED14}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{E364DFE9-DFDE-4E82-BFD1-3D6F07B708A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EB69B14E-28C3-4005-A536-C5F2DFCAF74E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EC33707D-693D-4340-82FF-00AEE051B3B9}" = lport=138 | protocol=17 | dir=in | app=system |

"{F22CA274-BD36-4FB1-A2B6-4BA9A1D94E5E}" = rport=2869 | protocol=6 | dir=out | app=system |

"{F70B3A5A-7304-4F11-972F-88ECAF9F4224}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F7487799-2443-4F4E-A897-34E385A57C49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FF56AC3E-352E-4D0B-BE74-6B92F9FD7ED6}" = rport=138 | protocol=17 | dir=out | app=system |

"{FFDB488E-18AB-43F8-809D-D2873ED47822}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02C0E8B3-38E3-4A1D-AFBA-272059105F32}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |

"{07AA2AB3-7C8F-43FF-9FEC-E293EB68DC8E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{0B62526D-0FE8-4001-8257-9822D9A51E95}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe |

"{0BBBED06-9614-46D2-8512-8FD6011F3744}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{0EAEA559-93A1-408F-8D0D-E712163F2FAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{10AA416E-A0E1-4CDD-B7C9-F5C41D6B7DF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{11EF0F2D-EEEC-45EB-BAAD-0B0939560CC7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{13C7F0B4-FFC2-4EAB-910B-E0D132FB4ADA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{175F3EC9-D46D-44AE-9611-E9D1F26E1EB9}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe |

"{17827644-1785-4E4F-BC88-7BDB4E111E62}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |

"{1838D5AF-B098-4B51-A66E-E753CC04F0FA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{1BE3A066-8B5D-4F92-9C72-07FD185DCC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |

"{1E17A6AC-CF51-4A36-9E27-553F4301134B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{2038CF95-D09A-4447-8730-52070072943D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{214BDFB2-433B-4F17-A6AD-51EB5E4DB51D}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe |

"{26000AD4-C5C9-4730-A799-83C04F1A227C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2729648F-F631-4823-92E9-12B86A9AD7DB}" = protocol=6 | dir=out | app=system |

"{29735DE4-F6EC-450C-906C-6A3F9F4C99BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2AD1C598-B272-47E9-AE60-4279B849AFD7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{2B8737CF-2129-4BA9-BC00-E675B34B845D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{2E9193AD-7D48-4C37-B97C-8F8E1198AA12}" = protocol=6 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |

"{30D01B78-F792-42D3-9021-921484BAB5F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{30D77E41-BCC6-4361-83D4-642B69483042}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |

"{32D12671-10CD-4869-9013-5E78A169E18C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{359AE0C9-827B-449E-A9CB-6C3689E7982E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{384ECBE7-151C-4FC6-B63C-75312098C1AD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{386BF2DE-B97A-49D9-92DD-D66431D38874}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3967E751-F52A-43FA-9BF7-3C2080864403}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |

"{39EB26C9-7365-47EF-9F2E-E8839A1822A6}" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |

"{3E54E104-A963-4AB6-BC5B-F09C1B76BA23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4082335A-B716-449A-B91A-86CD2C327AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{452CCF1A-9D31-4E95-A40A-432FF79196BE}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{45EBE370-B933-4039-971D-ABF91E4FD856}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{47777210-79CD-45AF-9766-8580025D48F0}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{48D8FD4D-E94C-4C12-973A-4B43395839DA}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{49B6F792-CA0D-481A-A75C-BB9383209620}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |

"{4D385FFC-4234-45EC-AE46-F58EE3A1D54F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{4DF39988-0A5C-48D5-AC45-F26CAD85179E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{4F5F61B7-C567-4354-B3FC-26140446EF6D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe |

"{519B2295-B930-4475-B505-BF33CE7AA623}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |

"{51B8D284-D172-4285-8ADA-E9E5F43251AA}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |

"{54E215F3-2A23-4DA1-B835-661816A31DB1}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |

"{5520D2A6-18CB-499D-9EBF-DC4637CB62E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{5AC5503D-63F5-40D2-ABD2-A1A3394035C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{5EF3FF6B-7A05-4452-9363-F0A399550207}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |

"{60D1EB74-A205-40DA-946F-EC86C3D26C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |

"{6A34DDFD-E118-4687-89AA-E83CA488CB94}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |

"{6D59185D-BEF8-4A32-BAF9-2A35CA250AFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{72DC1A49-6917-4959-9CF9-003E9CF8A04F}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |

"{7466CFEE-5F98-48FD-8B6D-D171831649B9}" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |

"{773AD95E-2B3A-472C-8DB6-0133A48373A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{798FB662-8ABB-4527-92C4-9F38E88AAD90}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{7D09DC00-02FF-4E82-95F1-37F2FADA5027}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{7D4B137A-1873-4E10-9ADD-1C289431D7FD}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{7F1DFC69-775F-463B-B799-FA7354CCD88B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{83117107-3E81-4754-B4E9-20EB2FD74EFA}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{83850B18-97C6-4CD4-A88D-8DE126EFA5D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{8698DD3D-C50F-4E8B-AD85-49C369901002}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe |

"{86C92B9A-DA0F-4400-B248-952F74EF7147}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{8A23E8E9-ACE4-45DD-A994-DD392C0E3811}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8E0FC138-4B78-4FE6-B956-44525D5B57C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8E8E960A-5D3F-49A0-9A33-B97909B5F03B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{8ED34286-E02B-4E2D-AAA1-14F7CF15250D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{8FD4D1E2-F21F-4EE6-A84C-39E786874F2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |

"{936FD310-1813-455B-A699-7F6CBF2EDCC4}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mp.exe |

"{93BEB86A-150C-43F7-8839-A8D9DAB11918}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |

"{9526854E-3197-4CC1-8233-383B81222044}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{97B68CF2-C50E-429C-A5DF-0961A140B330}" = protocol=17 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |

"{998FA86A-8D26-4A1F-A0C3-AF0017DED492}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{9A0AA802-FA04-4C4E-B60A-47219EC3A24E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |

"{9C08C6F9-F438-4A7D-BB74-13553841EAF0}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{A17C471F-51D8-43A0-8CAC-3802A524A758}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mplite.exe |

"{A2732B73-6953-4761-91A5-779A5C667995}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{A444B557-1C31-4792-903D-ABB05A8CB1EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A58BC768-B356-4ED9-8E4D-7A9C81B0E998}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{A698BC8D-245D-4B3C-B9FD-A2AF1BA8F31D}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{A6C9FA05-0A5C-4D09-92D4-5C94F50FA109}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |

"{A740734D-8C16-4030-810D-803607F170AB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe |

"{A869345F-7C26-4DE2-8D15-3779258DBF9C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A9C77A91-3834-4AAA-95D8-4B6E0F170ECF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AB9252F1-FC18-4E0D-B038-0CB39C797EDF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe |

"{ACAFDBED-BEAF-4543-A863-222D3EAC12F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{AF20930C-5693-4728-BF4D-39E5AC53B8D3}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{AF848067-88CA-44E0-87AF-F02511AE68F0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{B0D7B10B-EDEE-431B-A849-E58F810251B8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{B3C74E2E-E733-4541-A78F-0831288C3AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mplite.exe |

"{B4E26E87-120B-4A7E-9630-6F89F80EED7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B54C764A-3F9A-40FB-A31E-7EEFD35A8A49}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B87C7C1D-3AC6-480E-9B43-D86245FA016E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |

"{B8E5C988-6917-4CBF-81E5-F433D92CD494}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |

"{B919A65F-DB58-4C7E-9E3B-5EAE72549222}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BA265C78-4364-436E-88D9-59179EDECFC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BB8A83F7-CDA6-4C06-8627-B5790C5AF03C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{BC1CE565-B960-473C-A8AC-378F7197AB5B}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |

"{C46E8DC4-667C-443D-8CAF-42AF21097C7E}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe |

"{C5644948-D301-47AA-98B0-A642056660B4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |

"{C6B70246-71E2-4DCC-B3B5-F737729216A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe |

"{C74BD9AC-9DFD-4BB8-8749-6884D787F8A0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{CE836928-9149-44E4-BDE7-937476411972}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |

"{D040D302-30C7-4E6A-B573-0CD5CCEB1437}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |

"{D228CB32-3820-4568-8976-DF7AB8C614E5}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{D46CBDB8-0EBE-417C-968E-027F3B8045D9}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |

"{D606E9B5-7382-4C91-8B13-F3EADF216785}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{D947EF69-8818-4A82-98FB-8A741A5D8096}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mp.exe |

"{D9AF8AA4-1DAD-4E1A-B696-49404AB44342}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{DC83E66C-A55E-4083-B46E-A3288816798D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |

"{DDCCA54A-A549-4F34-A451-338C097C35D6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{DE926E7D-C321-49AC-AE72-5D5526B88FC8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |

"{E1BB6CA5-13DE-42AC-9331-15EA138D3618}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{E1E86C6A-B2F7-4616-8555-823CB078D494}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{E71E395F-0867-4640-A94A-154F8E9B74BE}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |

"{E7A4C508-E945-4A94-A9E7-AF9620214BD2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |

"{E8F8223B-C183-4F7C-8052-50463C8FF902}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{ECFAD8B5-CDCD-4EA2-8E74-0E3EBE2486D2}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{EDD47D50-C5F1-45C4-86F4-7157762B6C63}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |

"{F4941F6E-7E2B-40C5-BA67-E57102F79C5E}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe |

"{FAE46CFF-FFE3-4BA4-ACD1-B6C5C6EC3C33}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{FCF9A07B-4A80-4EE7-B76A-9EC7E18CBD90}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |

"TCP Query User{0B055FA4-F4DE-4A24-AF09-076272C324BB}C:\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\mohaa\mohaa.exe |

"TCP Query User{277FB28E-90B9-4FD3-BA7E-7E18ECC4FE28}C:\program files (x86)\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\america's army\system\armyops.exe |

"TCP Query User{7A7FA04C-7040-4D69-A55E-B9DBCA91FAE3}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |

"TCP Query User{7F77FCB2-BE08-4027-AD31-7CE9FB11EDDB}C:\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\left 4 dead\left4dead.exe |

"TCP Query User{9D60618F-911D-42BE-A3E6-53D573FC639F}C:\program files (x86)\emote\launcher\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emote\launcher\launcher.exe |

"TCP Query User{9EE92007-0B80-4363-AE0D-05A932DC5C11}C:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |

"TCP Query User{B01FE4B4-1EF9-4B4F-A6F8-95183295B50F}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |

"UDP Query User{17B3C90C-AF1F-4926-B78E-7764748F24D8}C:\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\left 4 dead\left4dead.exe |

"UDP Query User{2FA0C7B2-078A-4200-9589-9420EFE5ADB1}C:\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\mohaa\mohaa.exe |

"UDP Query User{80C58662-EA57-40CE-8E48-EABC9320B0AC}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |

"UDP Query User{8DF605DF-6E17-4A62-91F9-2A0107C82F57}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |

"UDP Query User{9970C97F-3A4D-415A-9AED-7174A49653E1}C:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |

"UDP Query User{AB2DD133-1502-433A-92C7-184FCF335BFF}C:\program files (x86)\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\america's army\system\armyops.exe |

"UDP Query User{BC7E5651-117D-480D-AA56-FFC7B88C99C6}C:\program files (x86)\emote\launcher\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emote\launcher\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{23170F69-40C1-2702-0462-000001000000}" = 7-Zip 4.62 (x64 edition)

"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes

"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{898FF489-EB70-BB92-C5BD-D7E10329BF9E}" = ccc-utility64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2A0CBEE-8949-474E-9D2B-539726D20531}" = Microsoft IntelliPoint 6.3

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"VistaGlazz_is1" = VistaGlazz 1.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0166E190-92D7-482A-A220-DE8B7354383A}" = Demigod

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial

"{039E5107-9932-B731-A551-5BF554DA9542}" = Catalyst Control Center HydraVision Full

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection

"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect

"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup

"{20EB7BAE-7F60-34AD-130B-1C938FD65BE9}" = Catalyst Control Center Core Implementation

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{25235761-5EAB-76EA-2C7A-09FC6513784B}" = Catalyst Control Center Graphics Full Existing

"{25F4442A-6CA5-03F6-2470-E6DF04175374}" = CCC Help English

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15

"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer

Elise · August 20, 2010

Hello again,

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

littleshu · August 20, 2010

explorer still has a problem and has stopped working. chrome works now though.

All processes killed

========== OTL ==========

HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-21-2920161537-2277595896-3629292948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

C:\Users\Ryan\AppData\Local\rnyesxpnk folder moved successfully.

C:\Users\Ryan\AppData\Local\xlpfrloba folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: Ryan

->Temp folder emptied: 7890717368 bytes

->Temporary Internet Files folder emptied: 59394480 bytes

->Java cache emptied: 67996720 bytes

->FireFox cache emptied: 46763288 bytes

->Google Chrome cache emptied: 594288 bytes

->Flash cache emptied: 4372801 bytes

User: Sierra

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 313507832 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 294651127 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 12244254 bytes

Total Files Cleaned = 8,288.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08202010_121459

Files\Folders moved on Reboot...

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVVWK0ZB\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNVQ2UM7\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0VNKTSX\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9T2CV1B3\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Elise · August 20, 2010

Lets see what a virus scan turns up.

KASPERSKY ONLINE SCAN

-----------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.

littleshu · August 21, 2010

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, August 21, 2010

Operating system: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, August 20, 2010 22:22:39

Records in database: 4130136

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

Scan statistics:

Objects scanned: 379186

Threats found: 4

Infected objects found: 6

Suspicious objects found: 0

Scan duration: 07:00:26

File name / Threat / Threats count

C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml Infected: Trojan.Win32.Clicker.hd 1

C:\Users\Ryan\Downloads\corel_painter_10_en\Corel Painter X10.1.0.53 EN_Activate_Patch.exe Infected: Trojan.Win32.Pasta.arw 1

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVVWK0ZB\upgrade[1].cab Infected: not-a-virus:AdWare.Win32.Zwangi.bbt 1

C:\Windows\System32\wininit.exe Infected: Trojan.Win32.Patched.kl 1

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVVWK0ZB\upgrade[1].cab Infected: not-a-virus:AdWare.Win32.Zwangi.bbt 1

C:\Windows\SysWOW64\wininit.exe Infected: Trojan.Win32.Patched.kl 1

Selected area has been scanned.

Elise · August 21, 2010

We are dealing here with an infected windows file. Since it has proven to be quite stubborn, lets first look for a replacement, and then replace it.

Please start OTL.

Please copy/paste the following text into the "custom scan/fix" field, click NONE and then Run Scan. Post me the resulting log.

/md5start
wininit.exe
/md5stop

screen317 · August 29, 2010

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

virus! need help

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information