[g0del]

Picked this thing up sometime yesterday (a forum I frequent served a batch of infected ads). I get random redirects when clicking on google search results sometimes. Running cmd.exe or regedit.exe result in explorer crashing and restarting. None of the spyware/antivirus programs I've tried can download updates.

I ran malwarebytes and it found some vundo files and cleaned them. I then ran SuperAntiSpyware (after manually downloading the updates), and it found one more file and cleaned it. That has not fixed the problem. I've followed the steps in http://www.geekstogo...uide-t2852.html as far as I can (rooter hangs while detecting TDSS). Here are my OTListit2 logs.

OTListIt logfile created on: 3/29/2009 8:32:11 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\tbuch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 118.59 Gb Free Space | 25.46% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 50.33 Gb Free Space | 10.81% Space Free | Partition Type: NTFS
Drive E: | 128.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1397.26 Gb Total Space | 1231.21 Gb Free Space | 88.12% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAD
Current User Name: tbuch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\RivaTuner v2.06\RivaTuner.exe ()
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - D:\games\steam\steam.exe (Valve Corporation)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\BandwidthMonitor\BWMonitor.exe (BWMONITOR.COM)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Documents and Settings\tbuch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - C:\Program Files\Sony Handheld\HOTSYNC.EXE (Palm, Inc.)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
PRC - c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\RivaTuner v2.06\RivaTuner.exe ()
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - c:\program files\logitech\quickcam\lu\lulnchr.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Documents and Settings\tbuch\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (ACDaemon [On_Demand | Stopped]) -- File not found
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BlueSoleil Hid Service [Auto | Running]) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Technology Ltd)
SRV - (CTAudSvcService [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (FLEXnet Licensing Service [Auto | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IntuitUpdateService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (O&O Defrag [Auto | Running]) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (PnkBstrB [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (ufad-ws60 [On_Demand | Stopped]) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (VMAuthdService [Auto | Running]) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP [Auto | Running]) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
SRV - (vmount2 [Auto | Running]) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (VMware NAT Service [Auto | Running]) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ZuneBusEnum [Auto | Running]) -- c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [On_Demand | Stopped]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (archlp [System | Running]) -- C:\WINDOWS\system32\drivers\archlp.sys ()
DRV - (ATITool [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ATITool.sys ()
DRV - (atksgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\atksgt.sys ()
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (BlueletAudio [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys (IVT Corporation)
DRV - (BlueletSCOAudio [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys (IVT Corporation)
DRV - (BT [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys (IVT Corporation)
DRV - (Btcsrusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys ()
DRV - (BTHidMgr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (COMMONFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT.SYS [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPSY.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEXFIFX [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX.SYS [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ENTECH [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys (EnTech Taiwan)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (ha20x2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (hcmon [Auto | Running]) -- C:\WINDOWS\system32\Drivers\hcmon.sys (VMware, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (JL2005C [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\jl2005c.sys (Windows ® 2000 DDK provider)
DRV - (L8042Kbd [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (lirsgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys ()
DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RivaTuner32 [On_Demand | Running]) -- C:\Program Files\RivaTuner v2.06\RivaTuner32.sys ()
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS (Realtek Semiconductor Corporation )
DRV - (RTLE8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SQTECH9051 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Capt9051.sys (Service & Quality Technology.)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VComm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VComm.sys (IVT Corporation)
DRV - (VcommMgr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys (IVT Corporation)
DRV - (VHidMinidrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\VHIDMini.sys (IVT Corporation)
DRV - (vmkbd [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetAdapter [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys (VMware, Inc.)
DRV - (VMnetBridge [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetuserif [Auto | Running]) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMparport [Auto | Running]) -- C:\WINDOWS\system32\Drivers\VMparport.sys (VMware, Inc.)
DRV - (vmx86 [Auto | Running]) -- C:\WINDOWS\system32\Drivers\vmx86.sys (VMware, Inc.)
DRV - (vstor2 [Auto | Running]) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)
DRV - (vstor2-ws60 [Auto | Running]) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (WinRing0_1_1_1 [On_Demand | Stopped]) -- D:\Overclocking\RealTemp_2.24\WinRing0.sys (OpenLibSys.org)
DRV - (WinUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys (Microsoft Corporation)
DRV - (xusb21 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV - (zumbus [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-448539723-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1003\S-1-5-21-448539723-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1003\S-1-5-21-448539723-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-448539723-1383384898-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...soft:{language}
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-448539723-1383384898-839522115-1004\S-1-5-21-448539723-1383384898-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {fc6339b8-9581-4fc7-b824-dffcb091fcb7}:1.99.090126
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2008/12/07 09:11:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/14 11:53:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 11:09:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 11:09:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/01/07 18:54:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS

[2008/06/28 20:32:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tbuch\Application Data\mozilla\Extensions
[2008/06/28 20:32:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tbuch\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/29 07:17:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tbuch\Application Data\mozilla\Firefox\Profiles\7a0600pa.default\extensions
[2009/01/23 21:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tbuch\Application Data\mozilla\Firefox\Profiles\7a0600pa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/19 22:34:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tbuch\Application Data\mozilla\Firefox\Profiles\7a0600pa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/02/06 19:50:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tbuch\Application Data\mozilla\Firefox\Profiles\7a0600pa.default\extensions\{fc6339b8-9581-4fc7-b824-dffcb091fcb7}
[2009/01/09 23:42:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tbuch\Application Data\mozilla\Firefox\Profiles\7a0600pa.default\extensions\[email protected]
[2008/06/24 22:38:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tbuch\Application Data\mozilla\Firefox\Profiles\7a0600pa.default\extensions\[email protected]
[2009/03/29 07:55:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 11:09:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/21 19:36:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/02/17 16:51:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/09/07 10:43:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/09/12 17:27:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/14 11:53:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 11:09:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 11:09:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/06 19:22:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/06 19:22:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/06 19:22:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/06 19:22:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/06 19:22:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/06 19:22:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/06 19:22:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (226635 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7952 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {8CD65678-31E4-428D-B0EB-6BAB03928073} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FCF4DA1D-0DBE-4659-96A1-F4CDACEBA250} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun (BL)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-448539723-1383384898-839522115-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-448539723-1383384898-839522115-1003..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMonitor.exe (BWMONITOR.COM)
O4 - HKU\S-1-5-21-448539723-1383384898-839522115-1003..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (Creative Technology Ltd)
O4 - HKU\S-1-5-21-448539723-1383384898-839522115-1003..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (DT Soft Ltd.)
O4 - HKU\S-1-5-21-448539723-1383384898-839522115-1003..\Run: [Google Update] "C:\Documents and Settings\tbuch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-448539723-1383384898-839522115-1003..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-448539723-1383384898-839522115-1003..\Run: [Steam] "d:\games\steam\steam.exe" -silent (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Jenn\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Jenn\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-448539723-1383384898-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-448539723-1383384898-839522115-1003\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-448539723-1383384898-839522115-1004\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft...tail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{2ACD2125-F215-4C31-A211-1FDEA917042F}\\NameServer = 66.181.240.11,66.181.240.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{E9AC945F-04C5-4F9A-B4CF-F96EC502E9E8}\\NameServer = 162.42.195.17,162.42.195.18
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\efcBsPGv: DllName - efcBsPGv.dll - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnMgFVn) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - E:\autorun.inf () - [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/03/29 07:15:45 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/29 07:15:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/29 07:14:36 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\tbuch\Desktop\NTREGOPT.lnk
[2009/03/29 07:14:36 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\tbuch\Desktop\ERUNT.lnk
[2009/03/29 07:14:34 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/29 07:07:45 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\tbuch\Desktop\Rooter.exe
[2009/03/29 07:07:37 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tbuch\Desktop\OTListIt2.exe
[2009/03/29 07:02:59 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/03/28 20:21:19 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/03/28 20:06:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tbuch\Application Data\Malwarebytes
[2009/03/28 20:06:29 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/28 20:06:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/28 20:06:27 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/28 20:06:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/28 20:06:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/28 20:05:04 | 02,936,721 | ---- | C] () -- C:\Documents and Settings\tbuch\Desktop\fx.exe
[2009/03/28 20:04:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tbuch\My Documents\Downloads
[2009/03/28 20:04:32 | 00,002,244 | ---- | C] () -- C:\Documents and Settings\tbuch\Desktop\Google Chrome.lnk
[2009/03/28 20:00:05 | 00,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1383384898-839522115-1003.job
[2009/03/28 19:59:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tbuch\Local Settings\Application Data\Deployment
[2009/03/28 07:27:13 | 00,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TotalMedia Theatre 3.lnk
[2009/03/28 07:26:59 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/03/21 23:13:37 | 00,001,528 | ---- | C] () -- C:\Documents and Settings\tbuch\Templates\Startup\HotSync Manager.lnk
[2009/03/21 23:13:09 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Handheld
[2009/03/20 20:12:48 | 00,073,728 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\MMCEDT3.exe
[2009/03/18 10:08:10 | 00,103,744 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2009/03/16 14:36:33 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/11 03:00:24 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 23:36:41 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2009/03/08 14:57:13 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\tbuch\My Documents\cc_20090308_145712.reg
[2009/03/08 14:56:09 | 00,022,774 | ---- | C] () -- C:\Documents and Settings\tbuch\My Documents\cc_20090308_145608.reg
[2009/03/08 08:26:08 | 01,428,902 | ---- | C] () -- C:\Documents and Settings\tbuch\My Documents\cc_20090308_082604.reg
[2009/03/08 08:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/03/06 21:06:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tbuch\My Documents\APDAbm
[2009/03/06 21:03:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tbuch\Local Settings\Application Data\ArcSoft
[2009/03/06 21:01:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tbuch\Application Data\ArcSoft
[2009/03/06 20:53:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/03/06 20:53:42 | 00,393,216 | ---- | C] (Sample Corporation) -- C:\WINDOWS\System32\MSLUP60.dll
[2009/03/06 20:53:42 | 00,249,856 | ---- | C] (Sample Corporation) -- C:\WINDOWS\System32\MSLURT.dll
[2009/03/06 20:53:42 | 00,245,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2009/03/06 20:53:42 | 00,069,632 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\MMCEDT.exe
[2009/03/06 20:53:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/03/06 20:44:52 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\tbuch\My Documents\PDVD_MediaDisc.PlayList
[2009/03/06 20:44:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tbuch\My Documents\AnyDVDHD
[2009/03/06 20:43:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/03/06 20:43:52 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/03/06 20:39:11 | 00,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2009/03/06 20:39:08 | 00,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2009/03/06 19:28:43 | 00,000,361 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/03/06 19:28:40 | 00,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2009/03/06 19:28:40 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Vb6stkit.dll
[2009/03/06 19:28:40 | 00,102,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6KO.DLL
[2009/03/06 19:28:40 | 00,016,384 | ---- | C] (CST) -- C:\WINDOWS\System32\lgfwunis.exe
[2009/03/06 19:28:40 | 00,000,000 | ---D | C] -- C:\Program Files\lg_fwupdate
[2009/03/06 19:26:59 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2009/02/28 16:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\MP3+G Toolz .NET 4

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/03/29 07:54:50 | 00,000,361 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2009/03/29 07:54:48 | 00,211,251 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/29 07:14:36 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\tbuch\Desktop\NTREGOPT.lnk
[2009/03/29 07:14:36 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\tbuch\Desktop\ERUNT.lnk
[2009/03/29 07:07:47 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\tbuch\Desktop\Rooter.exe
[2009/03/29 07:07:39 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tbuch\Desktop\OTListIt2.exe
[2009/03/29 07:01:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/29 07:01:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/29 07:01:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/03/29 07:01:31 | 00,224,752 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2009/03/29 07:01:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/03/28 21:21:32 | 00,054,832 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2009/03/28 21:21:32 | 00,054,832 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2009/03/28 21:21:32 | 00,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2009/03/28 20:21:19 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/03/28 20:17:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/28 20:06:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/28 20:06:11 | 02,936,721 | ---- | M] () -- C:\Documents and Settings\tbuch\Desktop\fx.exe
[2009/03/28 20:04:32 | 00,002,244 | ---- | M] () -- C:\Documents and Settings\tbuch\Desktop\Google Chrome.lnk
[2009/03/28 20:00:06 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1383384898-839522115-1003.job
[2009/03/28 07:27:13 | 00,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TotalMedia Theatre 3.lnk
[2009/03/27 09:16:13 | 34,485,554 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/27 09:16:13 | 00,068,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 23:57:36 | 04,765,782 | -H-- | M] () -- C:\Documents and Settings\tbuch\Local Settings\Application Data\IconCache.db
[2009/03/24 23:08:16 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/24 21:13:39 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\tbuch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/22 22:42:49 | 00,001,710 | -H-- | M] () -- C:\Documents and Settings\tbuch\My Documents\Default.rdp
[2009/03/22 19:02:43 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\tbuch\Local Settings\Application Data\PUTTY.RND
[2009/03/21 23:13:37 | 00,001,528 | ---- | M] () -- C:\Documents and Settings\tbuch\Templates\Startup\HotSync Manager.lnk
[2009/03/21 08:53:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/20 20:12:48 | 00,073,728 | ---- | M] (ArcSoft Inc.) -- C:\WINDOWS\System32\MMCEDT3.exe
[2009/03/18 10:08:10 | 00,103,744 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2009/03/13 22:39:58 | 00,000,457 | ---- | M] () -- C:\Documents and Settings\tbuch\Desktop\Shortcut to video on Tom's Computer (192.168.1.7).lnk
[2009/03/13 06:31:15 | 00,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2009/03/11 06:13:07 | 00,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/03/11 06:05:15 | 01,472,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 03:00:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/08 14:57:15 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\tbuch\My Documents\cc_20090308_145712.reg
[2009/03/08 14:56:59 | 00,022,774 | ---- | M] () -- C:\Documents and Settings\tbuch\My Documents\cc_20090308_145608.reg
[2009/03/08 08:26:22 | 01,428,902 | ---- | M] () -- C:\Documents and Settings\tbuch\My Documents\cc_20090308_082604.reg
[2009/03/06 20:46:37 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\tbuch\My Documents\PDVD_MediaDisc.PlayList

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:FDDEFF38CDDEDE30
< End of report >

OTListIt Extras logfile created on: 3/29/2009 8:32:11 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\tbuch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 118.59 Gb Free Space | 25.46% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 50.33 Gb Free Space | 10.81% Space Free | Partition Type: NTFS
Drive E: | 128.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1397.26 Gb Total Space | 1231.21 Gb Free Space | 88.12% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAD
Current User Name: tbuch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 (IniCom Networks, Inc.)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 (IniCom Networks, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Computer, Inc.)
C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe File not found
C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe File not found
C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe File not found
D:\Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire (Ironclad Games)
D:\Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 (Firaxis Games)
D:\Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords (Firaxis Games)
D:\Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss (Firaxis Games)
D:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword (Firaxis Games)
D:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss (Firaxis Games)
D:\Games\DarkCrusade\DarkCrusade.exe:*:Enabled:DarkCrusade (THQ Canada Inc.)
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil (IVT Corporation)
D:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 (Crytek GmbH)
D:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 (Crytek GmbH)
D:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) File not found
D:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) File not found
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
D:\Games\Steam\SteamApps\g0del\team fortress 2\hl2.exe:*:Enabled:hl2 ()
D:\Games\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main (Obsidian Entertainment, Inc.)
D:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD (Obsidian Entertainment, Inc.)
D:\Games\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater (Obsidian Entertainment, Inc.)
D:\Games\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server (Obsidian Entertainment, Inc.)
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM ()
C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC (mIRC Co. Ltd.)
D:\Games\Steam\SteamApps\common\silverfall demo\Silverfall.exe:*:Enabled:Silverfall File not found
C:\Program Files\NX Client for Windows\nxclient.exe:*:Enabled:nxclient ()
C:\Program Files\NX Client for Windows\bin\nxssh.exe:*:Enabled:nxssh ()
C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server (TightVNC Group)
D:\Games\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:*:Enabled:TmForever File not found
D:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game (BioWare)
D:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher (BioWare)
D:\Games\Bionic Commando Rearmed\bcr.exe:*:Enabled:Bionic Commando Rearmed ()
C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager (Electronic Arts)
D:\Games\Steam\steam.exe:*:Enabled:Steam (Valve Corporation)
C:\Program Files\Midnight Force\KDX\KDXClient.exe:*:Enabled:KDXClient ()
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe (Hewlett-Packard)
C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA ()
C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB ()
D:\Games\Steam\SteamApps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2 File not found
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
D:\Games\Steam\SteamApps\common\silverfall\MC_GAME_LINK.htm:*:Enabled:Silverfall ()
D:\Games\Steam\SteamApps\common\silverfall\Register\register.htm:*:Enabled:Silverfall ()
D:\Games\Steam\SteamApps\common\beyond good and evil\CheckApplication.exe:*:Enabled:Beyond Good and Evil (Ubisoft)
D:\Games\Steam\SteamApps\common\trackmania united\TmForever.exe:*:Enabled:TrackMania United Forever ()
D:\Games\Steam\SteamApps\common\trackmania united\TmForeverLauncher.exe:*:Enabled:TrackMania United Forever ()
D:\Games\Steam\SteamApps\common\sacred gold\Sacred.exe:*:Enabled:Sacred Gold (studio II Software)
D:\Games\Steam\SteamApps\common\luxor 2\Luxor2.exe:*:Enabled:Luxor 2 ()
D:\Games\Steam\SteamApps\common\grand theft auto 3\gta3.exe:*:Enabled:Grand Theft Auto 3 ()
D:\Games\Steam\SteamApps\common\reaxxion\Reaxxion.exe:*:Enabled:Reaxxion ()
D:\Games\Steam\SteamApps\common\grand theft auto san andreas\gta-sa.exe:*:Enabled:Grand Theft Auto: San Andreas ()
D:\Games\Steam\SteamApps\common\silverfall\silverfall.exe:*:Enabled:Silverfall: Earth Awakening ()
D:\Games\Steam\SteamApps\common\silverfall\GameSetup.exe:*:Enabled:Silverfall: Earth Awakening ()
D:\Games\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme ()
D:\Games\Steam\SteamApps\common\titan quest\help.htm:*:Enabled:Titan Quest ()
D:\Games\Steam\SteamApps\common\titan quest immortal throne\Tqit.exe:*:Enabled:Titan Quest: Immortal Throne ()
D:\Games\Steam\SteamApps\common\titan quest immortal throne\help.htm:*:Enabled:Titan Quest: Immortal Throne ()
D:\Games\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock ()
D:\Games\Steam\SteamApps\common\xcom ufo defense\dosbox.exe:*:Enabled:X-COM: UFO Defense (DOSBox Team)
D:\Games\Steam\SteamApps\common\aquaria\Aquaria.exe:*:Enabled:Aquaria (Bit Blot)
D:\Games\Steam\SteamApps\common\x-com terror from the deep\runme.exe:*:Enabled:X-COM: Terror from the Deep ()
D:\Games\Steam\SteamApps\common\x3 terran conflict\X3TC.exe:*:Enabled:X3: Terran Conflict (EGOSOFT)
D:\Games\Steam\SteamApps\common\unreal tournament 2004\System\UT2004.exe:*:Enabled:Unreal Tournament 2004 ()
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server (Intuit Inc.)
D:\Games\Steam\SteamApps\common\defense grid demo\DefenseGridDemo.exe:*:Enabled:Defense Grid: The Awakening Demo ()
D:\Games\Steam\SteamApps\common\mount and blade\runme.exe:*:Enabled:Mount and Blade ()
D:\Games\Steam\SteamApps\common\empire total war demo\Empire.exe:*:Enabled:Empire: Total War Demo (The Creative Assembly Ltd)
D:\Games\Steam\SteamApps\common\puzzle quest galactrix\Galactrix.exe:*:Enabled:Puzzle Quest: Galactrix ()
D:\Games\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2 (THQ Canada Inc.)
D:\Games\Steam\SteamApps\common\unreal tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 ()
D:\Games\Steam\SteamApps\common\assassins creed\AssassinsCreed_Game.exe:*:Enabled:Assassin's Creed (Ubisoft)
D:\Games\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead ()
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{067FFF2F-0F1C-43DB-827B-F9BC4735F1BC}" = D2500
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Hi-Def Suite
"{23170F69-40C1-2701-0457-000001000000}" = 7-Zip 4.57
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{32F27FAA-60D1-4EC3-8502-51AEC72BF50F}" = DarkCrusade
"{35095169-C59A-4571-A361-2117E04B7AFD}" = DJ_SF_03_D2500_ProductContext
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3E5721E5-BA31-46AD-8B35-065924D38E91}" = D2500_Help
"{47469A08-A1A4-48AB-89BB-AFEEFA9AD4F7}" = Quake Live Mozilla Plugin
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{59C6EFB0-7A6F-4FC2-98C5-31A9DB93014A}" = DJ_SF_03_D2500_Software
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75633187-A6F5-4FD5-AB3F-0530802A2D5B}" = The Dark Knight Photo Editor
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.9
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8CA53298-AB86-49C7-8040-D5E7BA2F703A}" = NVIDIA PhysX Particle Fluid Demo
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}" = CDisplay
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}" = BlueSoleil
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}" = Adobe Photoshop Lightroom 2.2
"{A6DE1AAE-B147-4B08-A61C-BA471D86AC4D}" = DB VGA Cam
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4134B0B-EA9B-4835-A77A-60BEE6277101}" = Lightroom
"{DB219559-1F78-4343-9A6E-C2E987AD47A3}" = Bionic Commando Rearmed
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DD763351-DE1C-4EA7-986D-A6EC8AF76434}" = TurboTax 2008 waziper
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F50A4470-7A45-4A5A-97F8-806990B736C2}" = MP3+G Toolz
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FED34B00-1DA2-4F4C-A3EC-A5F5893F5D86}" = Float32 2.0
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"{FF940279-F775-4FA8-98CD-9F0B36FCEA60}_is1" = Frets on Fire MFH Mod v3.005
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AIMars" = Kids Cam Sticker Factory
"Album Art Downloader XUI" = Album Art Downloader XUI 0.14
"AnyDVD" = AnyDVD
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"ATITool" = ATITool Overclocking Utility
"AudioCS" = Creative Audio Control Panel
"Autopano Pro" = Autopano Pro
"AVG8Uninstall" = AVG Free 8.0
"AviSynth" = AviSynth 2.5
"Bandwidth Monitor" = Bandwidth Monitor 3.4 build 749
"CCleaner" = CCleaner (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Diablo II" = Diablo II
"DreamAqua" = Dream Aquarium
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"foobar2000" = foobar2000 v0.9.5.1
"Fraps" = Fraps (remove only)
"Galactic Civilizations II" = Galactic Civilizations II
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.12.1 rev b (remove only)
"HaaliMkx" = Haali Media Splitter
"Handbrake" = Handbrake 0.9.2
"HashTab" = HashTab 2.1.1
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"huey_is1" = huey 1.0.5
"ImgBurn" = ImgBurn
"Impulse" = Impulse
"InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallShield_{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.5.1
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"LameACM" = Lame ACM MP3 Codec
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 2.2.0
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MySpaceIM" = MySpaceIM
"Natural Mod" = Natural Mod
"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1
"NVIDIA Drivers" = NVIDIA Drivers
"nxclient_is1" = NX Client for Windows 3.2.0-13
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OpenAL" = OpenAL
"Operation Optimization_is1" = Operation Optimization v1.1.1
"Picasa2" = Picasa 2
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"QuickSFV" = QuickSFV (Remove only)
"QuicktimeAlt_is1" = QuickTime Alternative 2.4.0
"RealAlt_is1" = Real Alternative 1.7.5
"RivaTuner" = RivaTuner v2.06
"Sins of a Solar Empire" = Sins of a Solar Empire
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Stardock Central" = Stardock Central
"Steam App 10620" = Empire: Total War Demo
"Steam App 11910" = Lumines Demo
"Steam App 12100" = Grand Theft Auto 3
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12320" = Sacred Gold
"Steam App 12500" = Puzzle Quest
"Steam App 13210" = Unreal Tournament 3
"Steam App 13230" = Unreal Tournament 2004
"Steam App 15100" = Assassin's Creed
"Steam App 15130" = Beyond Good and Evil
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 15920" = Luxor 2
"Steam App 15950" = Reaxxion
"Steam App 18510" = Defense Grid: The Awakening Demo
"Steam App 220" = Half-Life 2
"Steam App 22100" = Mount and Blade
"Steam App 23500" = Puzzle Quest: Galactrix
"Steam App 24420" = Aquaria
"Steam App 3483" = Peggle Extreme
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 4420" = Silverfall
"Steam App 4470" = Silverfall: Earth Awakening
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 7200" = TrackMania United Forever
"Steam App 7650" = X-COM: Terror from the Deep
"Steam App 7670" = Bioshock
"Steam App 7760" = X-Com: UFO Defense
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Tag&Rename_is1" = Tag&Rename 3.4.5
"TightVNC_is1" = TightVNC 1.3.9
"Tribes 2" = Tribes 2
"TurboTax 2008" = TurboTax 2008
"Tweak UI 2.10" = Tweak UI
"uberOptions" = uberOptions 4.40.3
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v2.2.0
"UT3 CBP3 Vol 1" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 1
"UT3 CBP3 Vol 2" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 2
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wget-1.10.1_is1" = GnuWin32: Wget version 1.10.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"X Plugin Manager" = X Plugin Manager 2.20 BETA 4
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"XNeat" = XNeat Windows Manager
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Google Chrome" = Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448539723-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2008 2:01:21 PM | Computer Name = DAD | Source = Application Error | ID = 1000
Description = Faulting application masseffect.exe, version 1.1.14660.0, faulting
module unknown, version 0.0.0.0, fault address 0x07a5f9e0.

Error - 8/23/2008 2:07:35 PM | Computer Name = DAD | Source = Application Error | ID = 1000
Description = Faulting application hueytray.exe, version 1.0.5.0, faulting module
hueytray.exe, version 1.0.5.0, fault address 0x00005185.

Error - 8/24/2008 7:25:25 PM | Computer Name = DAD | Source = Application Error | ID = 1000
Description = Faulting application masseffect.exe, version 1.1.14660.0, faulting
module unknown, version 0.0.0.0, fault address 0x079cf9e0.

Error - 8/24/2008 8:18:45 PM | Computer Name = DAD | Source = Application Error | ID = 1000
Description = Faulting application masseffect.exe, version 1.1.14660.0, faulting
module unknown, version 0.0.0.0, fault address 0x06c5f9e0.

Error - 8/24/2008 8:18:48 PM | Computer Name = DAD | Source = Application Error | ID = 1001
Description = Fault bucket 863810455.

Error - 8/30/2008 12:51:47 PM | Computer Name = DAD | Source = MsiInstaller | ID = 1013
Description = Product: AGEIA PhysX v7.11.13 -- Installation terminated

Error - 8/31/2008 2:17:35 AM | Computer Name = DAD | Source = Application Error | ID = 1000
Description = Faulting application masseffect.exe, version 1.1.14660.0, faulting
module unknown, version 0.0.0.0, fault address 0x12d3ba90.

Error - 9/1/2008 4:09:11 PM | Computer Name = DAD | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
xul.dll, version 1.9.0.3105, fault address 0x0047ffe9.

Error - 9/9/2008 10:11:43 PM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 10.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2008 10:11:49 PM | Computer Name = DAD | Source = Application Hang | ID = 1001
Description = Fault bucket 546671484.

[ System Events ]
Error - 3/29/2009 12:24:35 AM | Computer Name = DAD | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 3/29/2009 12:24:35 AM | Computer Name = DAD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD archlp ATITool AvgLdx86 AvgMfx86 ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Error - 3/29/2009 12:25:28 AM | Computer Name = DAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/29/2009 12:25:36 AM | Computer Name = DAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/29/2009 12:28:08 AM | Computer Name = DAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/29/2009 2:57:29 AM | Computer Name = DAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/29/2009 2:59:16 AM | Computer Name = DAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/29/2009 3:00:16 AM | Computer Name = DAD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
archlp ATITool AvgLdx86 AvgMfx86 ElbyCDIO Fips intelppm SASDIFSV SASKUTIL

Error - 3/29/2009 10:00:19 AM | Computer Name = DAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/29/2009 10:03:35 AM | Computer Name = DAD | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >