I did all that the sticky said, ran TFC, ERUNT (Didn't run because I tried clicking the download but couldn't find the exe on the website and scared to go outside somewhere since my machine is obviously vulnerable), MBAM, GMER I tried to run but it became interrupted and gave me a BSOD, so I tried to run it in safe mode and again froze half way through and gave me a BSOD, on safe mode run I noticed it was stuck at something like microsoft shadow volume copy or something along those lines before it went BSOD. Ran OTL and here are all the logs of everything:
MBAM:
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4378 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 8/1/2010 3:32:55 PM mbam-log-2010-08-01 (15-32-55).txt Scan type: Quick scan Objects scanned: 134373 Time elapsed: 5 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
OTL:
OTL logfile created on: 8/1/2010 4:09:50 PM - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Administrator\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free 7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 115.33 Gb Free Space | 38.69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BEEFY-PC Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/08/01 14:53:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe PRC - [2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/22 02:56:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/11/17 15:57:18 | 000,014,336 | ---- | M] () -- C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/19 03:33:39 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2007/12/21 01:47:55 | 000,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgemc.exe PRC - [2007/10/25 22:51:59 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe PRC - [2007/10/19 06:26:56 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe PRC - [2007/10/19 06:26:50 | 000,192,512 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgrssvc.exe PRC - [2007/05/30 08:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe PRC - [2007/03/09 16:28:02 | 000,598,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/08/01 14:53:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/01/22 02:56:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009/11/17 15:57:18 | 000,014,336 | ---- | M] () [Auto | Running] -- C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe -- (OrbisClient.Services) SRV - [2009/11/02 21:11:44 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater) SRV - [2008/09/15 11:27:28 | 000,002,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/21 01:47:55 | 000,406,528 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS) SRV - [2007/10/25 22:51:59 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt) SRV - [2007/10/19 06:26:56 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc) SRV - [2007/10/19 06:26:50 | 000,192,512 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG7\avgrssvc.exe -- (AvgCoreSvc) SRV - [2007/07/14 05:53:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007/05/30 08:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/01/22 05:50:59 | 011,586,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/12/12 18:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis) DRV - [2008/12/12 18:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp) DRV - [2008/03/25 21:15:30 | 004,137,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2007/12/21 01:47:57 | 000,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgclean.sys -- (AvgClean) DRV - [2007/12/21 01:47:52 | 000,055,304 | ---- | M] (GRISOFT, s.r.o.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\avgwfp.sys -- (AvgWFP) DRV - [2007/12/21 01:47:49 | 000,026,952 | ---- | M] (GRISOFT, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2007/05/30 08:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver) DRV - [2007/05/30 08:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AvgAsCln.sys -- (AvgAsCln) DRV - [2007/05/11 16:28:30 | 000,357,376 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86) DRV - [2007/05/03 18:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.geekstogo.com/forum/topic/2852-malware-and-spyware-cleaning-guide/|http://www.geekstogo.com/forum/index.php?app=forums&module=post§ion=post&do=new_post&f=37|http://www.vhahockey.net/index.php" FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.20.0 FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1 FF - prefs.js..extensions.enabledItems: [email protected]:7 FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/08 22:46:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 19:33:23 | 000,000,000 | ---D | M] [2009/03/22 13:42:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions [2010/08/01 10:24:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rqvyihq0.default\extensions [2009/09/10 21:41:05 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rqvyihq0.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2010/05/02 16:56:59 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rqvyihq0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2009/03/22 13:43:00 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rqvyihq0.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2009/07/23 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rqvyihq0.default\extensions\[email protected] [2008/05/28 01:38:10 | 000,001,162 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rqvyihq0.default\searchplugins\dictionarycom.xml [2008/08/07 12:08:47 | 000,002,006 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rqvyihq0.default\searchplugins\urban-dictionary.xml [2008/06/18 16:41:53 | 000,001,108 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rqvyihq0.default\searchplugins\wikipedia-en.xml [2010/08/01 10:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/07/24 19:33:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: ([2010/07/26 18:52:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgwlntf: DllName - avgwlntf.dll - C:\Windows\System32\avgwlntf.dll (GRISOFT, s.r.o.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.tscc - C:\Windows\System32\TSCCVID.DLL (TechSmith Corporation) Drivers32: VIDC.XVID - xvidvfw.dll File not found Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2010/08/01 14:39:59 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2010/07/29 05:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010/07/27 05:57:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira [2010/07/27 05:54:32 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010/07/27 05:54:32 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010/07/27 05:54:32 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010/07/27 05:54:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010/07/27 05:54:32 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010/07/27 05:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010/07/27 05:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010/07/26 20:00:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2010/07/26 19:59:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/07/26 19:59:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/07/26 19:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/07/26 19:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/07/26 18:56:34 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010/07/26 18:56:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp [2010/07/26 18:55:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/07/26 18:42:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/07/26 18:39:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/07/26 18:39:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/07/26 18:39:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/07/26 18:39:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/07/26 18:38:23 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/07/26 18:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/07/26 06:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010/07/24 19:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/06/30 21:55:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\The Lord of the Rings Online [2010/06/30 21:55:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\The Lord of the Rings Online [2010/06/30 21:22:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Turbine [2010/06/30 21:21:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Turbine [2010/06/30 21:14:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ApplicationHistory [2010/06/30 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP [2010/06/28 13:51:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Procaster [2010/06/24 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\vlc [2010/06/17 14:52:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\LolClient [2010/06/04 07:49:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\GM Editor [2010/06/03 14:58:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Tracing [2010/06/03 14:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/06/03 14:52:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010/06/03 14:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2010/06/03 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2010/06/03 09:31:26 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2010/05/10 09:29:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Guild Wars [2010/05/10 09:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\Guild Wars [2010/05/04 22:33:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Nero [2010/05/04 22:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010/05/04 22:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero [2010/05/04 08:05:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{35ACA973-70F0-495F-9092-74A130711865} [2010/05/04 07:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared [2010/05/04 07:57:42 | 000,939,368 | R--- | C] (Macromedia, Inc.) -- C:\Windows\System32\myflash.ocx [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2010/08/01 16:10:55 | 000,716,862 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/08/01 16:10:55 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/08/01 16:10:55 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/08/01 16:10:01 | 038,535,168 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT [2010/08/01 16:06:48 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/08/01 16:04:43 | 000,035,655 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/08/01 16:04:43 | 000,035,655 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/08/01 16:04:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/08/01 16:04:06 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/08/01 16:04:06 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/08/01 16:04:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/08/01 16:03:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/08/01 16:03:49 | 3489,062,912 | -HS- | M] () -- C:\hiberfil.sys [2010/08/01 16:03:47 | 148,713,262 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/08/01 15:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/08/01 15:13:46 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/08/01 15:13:46 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/08/01 14:53:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2010/08/01 11:58:51 | 000,076,800 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/01 02:38:39 | 002,913,923 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db [2010/07/26 18:53:01 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/07/26 18:52:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/07/26 17:05:34 | 001,642,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/07/14 17:42:18 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin [2010/07/14 17:41:21 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX [2010/07/14 17:41:21 | 000,000,004 | ---- | M] () -- C:\Windows\Twain001.Mtx [2010/07/09 18:53:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010/07/09 17:00:52 | 000,046,080 | ---- | M] () -- C:\Users\Administrator\Desktop\Keith_Resume.doc [2010/06/30 21:21:36 | 000,000,101 | ---- | M] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat [2010/06/28 21:15:47 | 000,065,024 | ---- | M] () -- C:\Users\Administrator\Desktop\GSK Background Check.doc [2010/06/14 10:57:46 | 000,000,087 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences2.dat [2010/06/14 10:57:25 | 000,000,045 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences.dat [2010/06/14 10:56:37 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\jagex__preferences3.dat [2010/06/03 14:52:59 | 000,000,767 | ---- | M] () -- C:\Users\Administrator\Documents\My Sharing Folders.lnk [2010/05/27 11:09:08 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp [2010/05/09 00:53:02 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/05/08 16:09:14 | 000,000,764 | ---- | M] () -- C:\Users\Administrator\Desktop\beefykeithy - Shortcut.lnk [2010/05/06 11:30:42 | 000,000,197 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\default.rss [2010/05/06 11:30:28 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010/05/04 22:14:14 | 000,002,509 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk [2010/05/04 22:14:14 | 000,002,485 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2010/05/04 14:21:26 | 000,073,328 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT [2010/05/04 08:04:53 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/08/01 16:03:49 | 3489,062,912 | -HS- | C] () -- C:\hiberfil.sys [2010/08/01 15:59:58 | 148,713,262 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/08/01 15:29:19 | 000,293,376 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer.exe [2010/07/26 18:39:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010/07/26 18:39:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/07/26 18:39:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/07/26 18:39:53 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/07/26 18:39:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/06/30 21:21:36 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat [2010/06/28 21:15:45 | 000,065,024 | ---- | C] () -- C:\Users\Administrator\Desktop\GSK Background Check.doc [2010/06/14 10:56:37 | 000,000,087 | ---- | C] () -- C:\Users\Administrator\jagex_runescape_preferences2.dat [2010/06/14 10:56:37 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\jagex__preferences3.dat [2010/06/11 21:26:33 | 000,035,655 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010/06/11 21:25:53 | 000,035,655 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010/05/27 11:09:08 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp [2010/05/09 00:53:01 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/05/08 16:09:14 | 000,000,764 | ---- | C] () -- C:\Users\Administrator\Desktop\beefykeithy - Shortcut.lnk [2010/05/06 11:30:42 | 000,000,197 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\default.rss [2010/05/04 22:14:14 | 000,002,509 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk [2010/05/04 22:14:14 | 000,002,485 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2010/05/04 11:28:52 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2010/05/04 08:04:53 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk [2009/12/28 13:32:01 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009/12/28 13:32:01 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009/12/28 13:32:01 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2008/09/15 11:27:28 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll [2008/06/06 16:18:38 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll [2008/06/06 16:18:36 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008/06/06 16:14:08 | 000,027,648 | -HS- | C] () -- C:\Windows\System32\Smab0.dll [2008/02/20 22:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008/02/20 22:04:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008/02/20 22:04:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008/02/20 22:03:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007/07/10 13:21:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2007/06/30 00:58:16 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2007/06/26 01:30:29 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007/05/22 21:29:54 | 000,000,169 | ---- | C] () -- C:\Windows\RtlRack.ini [2007/05/22 21:25:27 | 000,147,456 | R--- | C] () -- C:\Windows\System32\RtlCPAPI.dll [2007/05/22 20:49:01 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Install6x.dll [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [color=#E56717]========== LOP Check ==========[/color] [2007/05/23 14:38:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\acccore [2008/03/19 03:22:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acreon [2010/07/26 05:53:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG7 [2010/07/29 18:05:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitTorrent [2008/05/30 01:21:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Blackberry Desktop [2009/10/22 13:04:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EVEMon [2010/07/14 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FrostWire [2007/10/19 06:26:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Grisoft [2007/09/06 21:16:39 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\ijjigame [2009/11/23 21:48:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire [2010/06/17 14:52:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient [2009/12/10 13:16:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2008/11/21 19:55:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ProfitUI Reborn Downloader [2009/07/24 18:31:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Publish Providers [2008/05/30 01:24:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Research In Motion [2009/07/24 17:17:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony [2010/06/22 14:25:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab [2008/04/17 02:24:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Three Rings Design [2010/06/30 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Turbine [2010/08/01 15:13:22 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008/01/19 03:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2007/05/23 12:09:34 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2010/07/26 18:56:33 | 000,023,995 | ---- | M] () -- C:\ComboFix.txt [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010/08/01 16:03:49 | 3489,062,912 | -HS- | M] () -- C:\hiberfil.sys [2007/05/22 20:45:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/03/22 14:13:12 | 000,001,810 | -H-- | M] () -- C:\IPH.PH [2007/05/22 20:45:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/08/01 16:03:47 | 3802,681,344 | -HS- | M] () -- C:\pagefile.sys [2010/08/01 14:10:15 | 000,056,156 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_01.08.2010_14.08.24_log.txt [2010/07/27 21:42:51 | 000,055,922 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_27.07.2010_21.28.11_log.txt [color=#A23BEC]< %systemroot%\system32\*.wt >[/color] [color=#A23BEC]< %systemroot%\system32\*.ruy >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.com >[/color] [2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color] [2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini [color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color] [2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll [2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color] [color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color] [color=#A23BEC]< %systemroot%\system32\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.png >[/color] [color=#A23BEC]< %systemroot%\*.scr >[/color] [color=#A23BEC]< %systemroot%\*._sy >[/color] [color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color] [color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [2008/11/23 11:19:32 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini [color=#A23BEC]< %APPDATA%\Update\*.* >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-01 06:37:47 [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report >
OTL Extras:
OTL Extras logfile created on: 8/1/2010 4:09:50 PM - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Administrator\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free 7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 115.33 Gb Free Space | 38.69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BEEFY-PC Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 1 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe" = C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe" = C:\Program Files\TestOut\Orbis\Legacy\LegacyXEng.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05318E80-0410-4849-9CE6-8A80C8F06F42}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{0B4EA058-78DD-414F-8E46-2DC063659EB9}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service | "{117956B8-6155-49EF-BCEC-A60AEC22810B}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher | "{1588D752-76EA-4D75-9FC6-28047B0A1812}" = lport=8374 | protocol=17 | dir=in | name=league of legends launcher | "{1ED99921-0C22-422E-8ADF-3A11C8A859D7}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher | "{231AE5BB-1037-471D-B1DD-BBD2B68808FD}" = lport=8374 | protocol=6 | dir=in | name=league of legends launcher | "{50EE1E42-5379-4D5D-AD1E-4C7349551901}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher | "{5C380175-AE66-45B2-9243-7A03964D296F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{6F21A407-D863-46DE-A2A2-1D5B2C84E5D1}" = lport=8375 | protocol=6 | dir=in | name=league of legends launcher | "{75D5D7BC-9786-46A2-B3E7-FB69A7522251}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher | "{7B10E329-402C-4CDC-801C-BFF9BF8ABC9A}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher | "{865A3668-31A5-4281-954F-CCC9AA2791F0}" = lport=8373 | protocol=17 | dir=in | name=league of legends launcher | "{8B03C479-2A32-40A2-85CC-EA2B892122AD}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher | "{920CA6B9-0612-4CAE-95AF-5F809976304B}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher | "{92FE4234-C12A-4218-8FE1-6BD365BFE5F8}" = lport=8375 | protocol=17 | dir=in | name=league of legends launcher | "{A2821B32-BB2C-4351-8C78-CE96850BEAF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{AA815F25-2006-41C8-9A7F-5616A04EEAA0}" = lport=8377 | protocol=6 | dir=in | name=league of legends launcher | "{ADFC1D03-214E-49BC-8C08-51369CCCA067}" = lport=2869 | protocol=6 | dir=in | app=system | "{AE356447-5555-474D-B5AA-8269D9F5FA07}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher | "{B98279AC-B30C-460C-8593-2BD41FD97295}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher | "{BAF15EC2-352E-4BA8-AD7F-6C2118D4D0C0}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher | "{C21124F3-3F68-4854-A73F-8FD5394369E1}" = lport=8373 | protocol=6 | dir=in | name=league of legends launcher | "{C3CE9EC0-9650-40F5-AED1-70F518678B72}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher | "{D1BE1A7C-A5F9-46AD-8C69-C1B86DECFC4C}" = lport=6112 | protocol=6 | dir=in | name=warcraft 3 | "{D34CE867-9219-4FB2-80DB-174F90329AB2}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service | "{D7E6826D-C1CC-4DEC-BC7C-C25B163C783F}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher | "{DD80B34C-94A8-48F1-9A91-35CEF8D67AAC}" = lport=8377 | protocol=17 | dir=in | name=league of legends launcher | "{ECBCB2AD-BA95-44CC-AE7C-7C9BD175EA31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{FF398E8A-30E0-43F8-ACF0-3FF24BB63A85}" = lport=2869 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05158ADE-F6BE-4325-81E8-992327267C5E}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\frozen throne.exe | "{0656756A-F6AB-4109-82BE-FE19055D7DDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0682A80F-310C-48C4-B22A-2998B02812F4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{0806C7CB-79C2-4FBF-B4E9-F74204DA1395}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{0820E4F9-F403-4749-B255-46B31091DED2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{0AED4715-0C47-4075-B4B3-2259DB2D8C15}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "{0B4A93E0-F863-4F0E-8947-51FE65CC7FB5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{10A998F1-C229-4B90-8B1F-DD1D22537745}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | "{1748A5CB-296F-4663-B110-B946BD14D70E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{2741F621-D1F6-42BB-B49A-11CCFC52491E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\counter-strike source\hl2.exe | "{27606A4B-A82D-40B5-A52B-8019F70C4838}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | "{2B74E60D-53BD-40DA-B619-41AA3431DC55}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | "{3355A50A-39FA-4FC4-9920-A7FB0E015959}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{35025441-3522-4D03-A9C9-7A47B2A43DE3}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{364B24B5-4FDD-4AF3-8AF6-009CF4E0BDD6}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{39E485F0-3DB5-44B8-8EC6-28D4AF5B5473}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | "{4291E9D5-12F1-4E8F-836E-2BE657DA4464}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{479C08AC-A9C0-4FF4-B844-310D0E6624D4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | "{4D810844-55BA-457A-9A36-E196ED99D8EE}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wowtest\wow-0.3.0.7382-to-0.3.0.7441-enus-downloader.exe | "{4E680159-D3D5-4C7F-B218-E18A1C959205}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | "{585A4FA7-328B-494B-B6BC-AC585C7CD440}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{58EA06FB-FE98-4458-857F-80C8F28FB250}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | "{5AF4C561-B4CD-4D3C-9E74-A18B72A88610}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe | "{64002B62-2A24-45C6-930A-B75E12370735}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\frozen throne.exe | "{64C34017-7895-4A8E-8069-66D000A8CC17}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | "{6844B808-6F4B-4FFB-A399-9820260FEE7D}" = protocol=6 | dir=in | app=c:\program files\spyware doctor\swdoctor.exe | "{69B164BD-6D15-4E9C-93A0-C13A7951E66E}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\locallow\dyyno receiver\dppm.exe | "{6A42B55A-15E1-418E-8022-90E913D3A081}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{74346B67-2493-49D5-A946-95EE4D90779A}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{747EFCEB-4246-4D95-9C7E-C761564C1A84}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | "{753410F4-1E8A-49BC-973F-7194313FD742}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{756ACBCB-4DFB-44B6-8A29-B6DF318F8356}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | "{75F3B103-EA14-43B9-8737-6876F690FC6B}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "{767A4965-7A9A-4465-BD95-C6FE432BBD3B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{780F58D5-A458-47D8-8417-91812E3D493B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{7834837A-6FC1-4557-A3C3-64CF595740F4}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{786EA835-6E46-4C81-B85E-A37D27E625C5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{84827FAA-C172-4A52-9942-84A222AAEE5A}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\locallow\dyyno receiver\dppm.exe | "{8F52C5A7-B325-48FE-A014-E1D51C7BD9C3}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "{91A996E3-04B4-49DF-97DD-141A12074A7A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | "{9457689E-F1FD-44E6-BA21-82BAB9AF2E32}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{98AFB953-2205-44B4-AFA8-5192AC09835B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{9F7C4CDF-0BAC-4E62-AFC8-F3397B566E4B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{A22FCEB6-2AAA-43D7-92A4-2D4B43EA846A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{A646A090-56A1-4E8A-81A7-2E49FBC9C03C}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wowtest\wow-0.3.0.7382-to-0.3.0.7441-enus-downloader.exe | "{A6689314-DA94-463D-9826-8F4DF44B4280}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{A6FD3F37-5C48-4754-A9AE-8A65EE00B34B}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe | "{AC6FAF8D-12FD-47F7-886B-4D696F669AF3}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | "{B07F730B-0C2D-487E-AE86-4BAFBD63856F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe | "{B2E2F141-188A-49DA-B5CE-0F1843983F7F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B51E6D98-345B-4CD3-A418-74658245D18E}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "{B5472AD9-1ADE-47BE-BE76-4C667D24F27C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "{B99AEE39-6176-4B50-B935-CB1E9B4A11F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BC89F850-A8AF-4312-A65B-7E31D499AFEC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | "{C0136D8D-E3DD-4EAA-9FE6-45603A32CA05}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{C0D319DB-E26F-4DBF-A01C-9B65A7EBE6B5}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{C127A792-0655-49B6-9E72-A29EC8971E6D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C6F9AF30-1709-4FDE-B8F6-415E6E5B6A25}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | "{C8A6ACAE-6CB4-4799-AB7B-9ADBC74095F8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | "{CB098B60-7B02-47C9-BF4C-CAA9C8086866}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\counter-strike source\hl2.exe | "{D46D618C-D61F-4108-AE35-90F58B15566F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{D98FFD46-20F1-41C1-8DCE-16A5710E6F41}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe | "{DEDED1CF-0EEF-4860-B01A-A2816ED2C09E}" = protocol=17 | dir=in | app=c:\program files\spyware doctor\swdoctor.exe | "{E91E6FDD-6A3F-4C1F-9C79-14C86B0FBC4D}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | "{F94F46C6-DE9E-45A5-BC51-8833B8642B3B}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{FA7F4FE6-1B9A-46DA-9A5A-4BCDACEAFC5E}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | "{FAE1E9D7-FE2C-4236-A04B-BE0A1108EFB3}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{FDE6ABF1-2F28-4D09-8BE0-E7B2B2266984}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | "{FEAB01AC-3BE3-48AD-9A4C-CC4D6E4DB41E}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | "TCP Query User{00116625-B099-46DE-BE0D-47CF4D33AB29}C:\program files\steam\steamapps\beefykeithy\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\source sdk base\hl2.exe | "TCP Query User{0119D07F-B290-4535-AEE9-DB148C2A3F35}C:\users\administrator\appdata\local\temp\76171f690520421e9a1e6964cb9a1295\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\76171f690520421e9a1e6964cb9a1295\relicdownloader.exe | "TCP Query User{0C330BD1-C04D-491B-B348-F305E36AD72E}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=6 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe | "TCP Query User{132F8B31-01B3-48DB-BF7F-C53C7FE35096}C:\program files\xfire\dppm_source.exe" = protocol=6 | dir=in | app=c:\program files\xfire\dppm_source.exe | "TCP Query User{13EC8DA0-4B4B-484E-B240-3E59CA3E547F}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe | "TCP Query User{1BA8C764-D7BB-4B92-9FF2-C9402050837B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | "TCP Query User{203346F3-2357-4F48-B10D-CAA0E81CDFB3}C:\users\administrator\appdata\local\temp\87d761399d8b405dafa76ae4f0625e0b\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\87d761399d8b405dafa76ae4f0625e0b\relicdownloader.exe | "TCP Query User{2601E3C6-C09C-4FE6-99E4-4A96DAE29FF9}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{40495BB2-655A-4E54-B006-11369DAEE24A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{436D37B9-46AC-4B8F-BA03-4D8571E85F0D}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "TCP Query User{4A33FF27-6177-43BF-86F8-C5FD01450D02}C:\program files\steam\steamapps\beefykeithy\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\team fortress 2\hl2.exe | "TCP Query User{4ACFC7AF-7D58-46ED-8BF4-66F7EE221034}C:\program files\sony\everquest ii\everquest2.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe | "TCP Query User{4DB95592-1C8F-435B-8B97-9EDA306C429F}C:\users\administrator\desktop\kitt2005\mirc.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\kitt2005\mirc.exe | "TCP Query User{58CAA003-252B-4077-8D5A-29BE63F58C09}C:\users\administrator\appdata\local\temp\41e67f74b05c484c8af310d7fb2893b6\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\41e67f74b05c484c8af310d7fb2893b6\relicdownloader.exe | "TCP Query User{6762F262-883E-4970-90EC-6FC85271AD31}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | "TCP Query User{69CF76E9-EF3E-42E6-950A-031D1EACF211}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe | "TCP Query User{6A4B3BD4-AF37-4705-8D57-33ECA83D944B}C:\program files\steam\steamapps\beefykeithy\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\half-life 2 deathmatch\hl2.exe | "TCP Query User{6EC61BBF-5DA4-40FD-B885-61F02A8BB4B8}C:\users\administrator\appdata\local\temp\0b7dfa75e47542548df0b8d4d34d83c2\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\0b7dfa75e47542548df0b8d4d34d83c2\relicdownloader.exe | "TCP Query User{7149CFD1-27B6-4E66-80F7-E38172974472}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{716DA89F-181F-420F-8A42-BE94970B462D}C:\program files\steam\steamapps\beefykeithy\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\counter-strike source\hl2.exe | "TCP Query User{76147D1F-9AF2-4820-A9DD-026A65EA64C4}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | "TCP Query User{7639AB6E-2257-4EEF-8FA4-26D5AED7517F}C:\users\administrator\appdata\local\temp\8980c84962db46e0a337f08479123b7a\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\8980c84962db46e0a337f08479123b7a\relicdownloader.exe | "TCP Query User{76BF49D3-328B-4308-A6AB-A0CA8377FC55}C:\users\administrator\desktop\kitt2005\kitt.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\kitt2005\kitt.exe | "TCP Query User{7A1950DC-4E80-4C14-B09F-F150E94C0DB3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{7AA1A4B2-34B5-45D0-B07E-FAD058D16481}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe | "TCP Query User{7B47BE97-2F86-4F6F-AE68-4883E8B794D3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{7E67957C-C0E0-45E2-BEAC-94C08A58FA43}C:\program files\steam\steamapps\beefykeithy\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\zombie panic! source\hl2.exe | "TCP Query User{86F1D2C7-604D-4C46-8F41-47AB694BEB1D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{9136A407-8FA7-44D5-AA55-42EB0155073B}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | "TCP Query User{9265BA5E-1F39-433C-B1B1-7F48B679B342}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{A03BA776-1679-4BF6-BF4B-E17EA04D08DF}C:\program files\steam\steamapps\beefykeithy\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\day of defeat source\hl2.exe | "TCP Query User{A71410E9-D3B9-446A-828C-3138F44DAD32}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=6 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe | "TCP Query User{B23E1AF0-63EA-4D3E-A416-0756F1240C67}C:\program files\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe | "TCP Query User{BB909222-4B89-437E-BD0A-923ABD3A9386}C:\program files\steam\steamapps\beefykeithy\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\team fortress 2\hl2.exe | "TCP Query User{C3CBBB27-48C5-45A0-A356-3FAA6A58784B}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "TCP Query User{CF5C95A6-DB93-4EC4-9BCA-F59213EFC99F}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | "TCP Query User{D00A9122-F7A1-4ACF-B3D2-996E0F7024ED}C:\users\administrator\appdata\local\temp\8716bfd14df44b5db04a3fcca0c996d2\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\8716bfd14df44b5db04a3fcca0c996d2\relicdownloader.exe | "TCP Query User{E5643620-B117-41A4-9F17-841C0B110236}C:\program files\steam\steamapps\beefykeithy\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\day of defeat source\hl2.exe | "TCP Query User{E9C49C54-109A-4E54-AE34-EF672EE24B51}C:\users\administrator\appdata\local\temp\9e1ab30c6db143e78c1dacc358c20a3a\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\9e1ab30c6db143e78c1dacc358c20a3a\relicdownloader.exe | "TCP Query User{EC058DFE-8144-4BE2-A204-886A4366F596}C:\users\administrator\desktop\kitt.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\kitt.exe | "TCP Query User{F159C0D5-ECEE-451C-A417-E6DA839CB717}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "TCP Query User{F86AE848-2D7A-4ACB-9FC6-D33BA5155C96}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe | "UDP Query User{04BD8DD3-A574-4DBA-A868-2CED2F3B584E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{04EAF278-83DA-48FF-9CCF-7EB6C05E2C72}C:\users\administrator\desktop\kitt.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\kitt.exe | "UDP Query User{13A6ECE1-2836-4121-B128-BDBD1C3A82A6}C:\program files\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe | "UDP Query User{15D5097A-57C5-485B-A622-B343CE316275}C:\users\administrator\appdata\local\temp\8716bfd14df44b5db04a3fcca0c996d2\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\8716bfd14df44b5db04a3fcca0c996d2\relicdownloader.exe | "UDP Query User{17E343CD-05D2-4691-A65F-F69916251C42}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | "UDP Query User{1E3D4987-96EC-4A32-9F19-EEEA2C86B781}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | "UDP Query User{1F79753B-3D2B-4B8A-A2E0-D7C86E32E6A4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{24DE6337-25EC-44D5-BA2C-847D3A5ACD8F}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=17 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe | "UDP Query User{29ECAC49-1126-4838-B2E9-2212C31F1F40}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe | "UDP Query User{2A46C21D-BCC0-40DB-B369-76C5FDEFB6FA}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe | "UDP Query User{2D10E35D-0CD8-4E46-89CA-C4EAEC7ACC23}C:\program files\xfire\dppm_source.exe" = protocol=17 | dir=in | app=c:\program files\xfire\dppm_source.exe | "UDP Query User{2D9BB4C0-B6DC-4C8B-B77C-0CB5B63E446D}C:\users\administrator\appdata\local\temp\41e67f74b05c484c8af310d7fb2893b6\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\41e67f74b05c484c8af310d7fb2893b6\relicdownloader.exe | "UDP Query User{36545CB7-1738-40C3-9C06-24EA28140AC1}C:\users\administrator\appdata\local\temp\8980c84962db46e0a337f08479123b7a\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\8980c84962db46e0a337f08479123b7a\relicdownloader.exe | "UDP Query User{4250FA9A-A97F-4555-A5FC-BD8DB942EBBF}C:\users\administrator\appdata\local\temp\76171f690520421e9a1e6964cb9a1295\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\76171f690520421e9a1e6964cb9a1295\relicdownloader.exe | "UDP Query User{47ACD8F2-B19D-467F-8844-2ADB97C65411}C:\program files\steam\steamapps\beefykeithy\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\day of defeat source\hl2.exe | "UDP Query User{53D8CC0D-6C7C-4FF5-A6BC-954EFE972DEB}C:\users\administrator\appdata\local\temp\9e1ab30c6db143e78c1dacc358c20a3a\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\9e1ab30c6db143e78c1dacc358c20a3a\relicdownloader.exe | "UDP Query User{630D35AA-1733-4FA9-9AB8-DE9752181F63}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe | "UDP Query User{6771C142-6922-4BAC-A5DE-B99D9D88FF96}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{681F0CBE-69A5-4684-902F-EE11D3589679}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{79EE194F-0354-491A-A232-809FA05AFD3D}C:\users\administrator\desktop\kitt2005\kitt.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\kitt2005\kitt.exe | "UDP Query User{79F62A45-287F-4DEE-A7E4-FA1106F62969}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=17 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe | "UDP Query User{7A473D79-1161-4723-BE3D-88FEFA64F5B5}C:\program files\steam\steamapps\beefykeithy\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\half-life 2 deathmatch\hl2.exe | "UDP Query User{7B350384-06DC-40C6-A5F5-3B8E28625294}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{7DB93309-2710-4DB8-B6F7-4A90D62CFBE7}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "UDP Query User{8439D57D-250B-4508-AA3E-3B0F7435CCB0}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | "UDP Query User{86F2E821-F1D3-4484-AE73-7437B6355EEB}C:\users\administrator\appdata\local\temp\87d761399d8b405dafa76ae4f0625e0b\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\87d761399d8b405dafa76ae4f0625e0b\relicdownloader.exe | "UDP Query User{8DCA8926-E9B0-435C-87A5-25E4598ED9AB}C:\program files\steam\steamapps\beefykeithy\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\zombie panic! source\hl2.exe | "UDP Query User{99B4D97B-350A-40F0-8F61-2E96610363B7}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | "UDP Query User{9EEA1F2B-AC34-416E-9C75-F5C1A05F3944}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | "UDP Query User{9F714261-1F48-4394-968F-B1A3838EB298}C:\program files\steam\steamapps\beefykeithy\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\team fortress 2\hl2.exe | "UDP Query User{AD00070E-F69D-4B2F-9DA2-CA5637D5A0C0}C:\program files\steam\steamapps\beefykeithy\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\day of defeat source\hl2.exe | "UDP Query User{C4DE49B8-167A-41BC-96E3-30DF6F08EA29}C:\program files\sony\everquest ii\everquest2.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe | "UDP Query User{CC784A76-B551-46BD-8021-819B582C779F}C:\users\administrator\desktop\kitt2005\mirc.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\kitt2005\mirc.exe | "UDP Query User{D4401E87-600D-4603-BBC1-DF44B48EBFFB}C:\program files\steam\steamapps\beefykeithy\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\counter-strike source\hl2.exe | "UDP Query User{D826971A-9F95-4E80-9BD3-8A8CEC6FD8A4}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe | "UDP Query User{E07611E3-DED3-4029-9085-023A4A5FDED0}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{E2A413CD-11DC-4DBC-9054-6FEB29DE955B}C:\program files\steam\steamapps\beefykeithy\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\source sdk base\hl2.exe | "UDP Query User{E81957D5-4AE5-4B06-A0D7-B57BF03BEC9E}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | "UDP Query User{F495059D-0C5B-4A17-B63A-50A86DAC674C}C:\program files\steam\steamapps\beefykeithy\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\beefykeithy\team fortress 2\hl2.exe | "UDP Query User{FBED5766-5556-49CD-BA33-B9E161E54380}C:\users\administrator\appdata\local\temp\0b7dfa75e47542548df0b8d4d34d83c2\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\0b7dfa75e47542548df0b8d4d34d83c2\relicdownloader.exe | "UDP Query User{FC6778DA-79BB-496F-A77E-04CD3CFAFCE0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{FEFE1F30-52FC-49D9-B161-745826B018E0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20c2a61f-c7e2-4e41-982e-911d1a81ee9d}" = Nero 9 Trial "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6C15309C-E9D3-4E4F-A9FB-B7CF5C6BB176}" = LabSim "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2 "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}" = NHL Eastside Hockey Manager 2007 "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AE00FF6D-ECFA-4466-A78C-A7212200ACEA}" = Gigabyte GN-WP01GS "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0 "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "Adrianne" = Adrianne demo by NVIDIA (remove only) "AIM_6" = AIM 6 "AVG7Uninstall" = AVG 7.5 "AVGAntiSpyware75" = AVG Anti-Spyware 7.5 "AVI to DVD Converter" = AVI to DVD Converter "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Belarc Advisor" = Belarc Advisor 7.2 "BitTorrent" = BitTorrent "BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2 "CCleaner" = CCleaner (remove only) "Company of Heroes" = Company of Heroes "Continuum_is1" = Continuum 0.40 "dBpoweramp Music Converter" = dBpoweramp Music Converter "Fraps" = Fraps (remove only) "FrostWire" = FrostWire 4.18.0 "Google Updater" = Google Updater "Guild Wars" = Guild Wars "HijackThis" = HijackThis 2.0.2 "Hijackthis_is1" = Hijackthis 1.99.1 "Linksys EasyLink Advisor" = Linksys EasyLink Advisor "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "mIRC" = mIRC "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "SprayR" = SprayR 1.0 RC7b "Steam App 215" = Source SDK Base "Steam App 220" = Half-Life 2 "Steam App 240" = Counter-Strike: Source "Steam App 300" = Day of Defeat: Source "Steam App 320" = Half-Life 2: Deathmatch "Steam App 380" = Half-Life 2: Episode One "Steam App 400" = Portal "Steam App 420" = Half-Life 2: Episode Two "Steam App 440" = Team Fortress 2 "Steam App 550" = Left 4 Dead 2 "SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008) "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 1.1.0 "VTFEdit_is1" = VTFEdit 1.2.5 "Warcraft III" = Warcraft III "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player "Warcraft III" = Warcraft III: All Products [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 8/1/2010 2:37:18 AM | Computer Name = Beefy-PC | Source = Application Error | ID = 1000 Description = Faulting application vssvc.exe, version 6.0.6001.18000, time stamp 0x47918fb9, faulting module credui.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception code 0xc0000142, fault offset 0x00009cac, process id 0x1390, application start time 0x01cb3143fd073317. Error - 8/1/2010 2:37:22 AM | Computer Name = Beefy-PC | Source = VSS | ID = 13 Description = Error - 8/1/2010 2:37:22 AM | Computer Name = Beefy-PC | Source = VSS | ID = 8193 Description = Error - 8/1/2010 2:37:22 AM | Computer Name = Beefy-PC | Source = System Restore | ID = 8193 Description = Error - 8/1/2010 2:40:27 AM | Computer Name = Beefy-PC | Source = LicCtrlService | ID = 0 Description = Error - 8/1/2010 1:51:39 PM | Computer Name = Beefy-PC | Source = LicCtrlService | ID = 0 Description = Error - 8/1/2010 3:15:20 PM | Computer Name = Beefy-PC | Source = LicCtrlService | ID = 0 Description = Error - 8/1/2010 3:57:40 PM | Computer Name = Beefy-PC | Source = Application Error | ID = 1000 Description = Faulting application gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, faulting module gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, exception code 0xc0000005, fault offset 0x0000c4b1, process id 0x328, application start time 0x01cb31b37ec61ea9. Error - 8/1/2010 4:01:17 PM | Computer Name = Beefy-PC | Source = EventSystem | ID = 4609 Description = Error - 8/1/2010 4:04:20 PM | Computer Name = Beefy-PC | Source = LicCtrlService | ID = 0 Description = [ System Events ] Error - 8/1/2010 4:01:45 PM | Computer Name = Beefy-PC | Source = Service Control Manager | ID = 7001 Description = Error - 8/1/2010 4:01:45 PM | Computer Name = Beefy-PC | Source = Service Control Manager | ID = 7001 Description = Error - 8/1/2010 4:01:55 PM | Computer Name = Beefy-PC | Source = Service Control Manager | ID = 7001 Description = Error - 8/1/2010 4:01:55 PM | Computer Name = Beefy-PC | Source = DCOM | ID = 10005 Description = Error - 8/1/2010 4:01:55 PM | Computer Name = Beefy-PC | Source = DCOM | ID = 10005 Description = Error - 8/1/2010 4:01:56 PM | Computer Name = Beefy-PC | Source = Service Control Manager | ID = 7001 Description = Error - 8/1/2010 4:03:59 PM | Computer Name = Beefy-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 4:02:48 PM on 8/1/2010 was unexpected. Error - 8/1/2010 4:04:03 PM | Computer Name = Beefy-PC | Source = HTTP | ID = 15016 Description = Error - 8/1/2010 4:04:27 PM | Computer Name = Beefy-PC | Source = Service Control Manager | ID = 7009 Description = Error - 8/1/2010 4:04:27 PM | Computer Name = Beefy-PC | Source = Service Control Manager | ID = 7000 Description = < End of report >