It looks like I'm to my last resort here. Basically I got infected somehow (I assume torrents), and I tried Spybot and Ad-aware with no luck. Of note were the symptoms of pop-ups, page redirects, and seemingly slow speeds. With my original two programs not doing the trick I began quite a journey of trying to remove everything.
(the following details what steps I have taken, and how I arrived to where I am now. Further down is my present status)
At first it seemed like I was infected with something called Virtumonde, which I was happy to find some solutions to through some searching. I ended up finding Malwarebytes' Anti-Malware and I found quite a lot of goodies on my computer, which I happily deleted. But then came the fun part. Somehow, nothing really seemed to be getting cleaned. I ran Spybot and Mbam repeatedly, cleaned up, and then some time later when I checked again I would still have a couple trojans or viruses lurking around or sometimes as many as 15. I found it interesting that the names of these things weren't the same every time either. Sometimes I would find virtumonde, zlob, one time vundo, other times a lot of something called Trojan.TDSS and .Agent. One time I had some folder created, C:/Avenger, with some malware in it. Every time I would try to scan and clean in safe mode, then in a regular start up, but to no avail. It definitely felt as if I was somehow vulnerable through the internet.
So I eventually found this website, and I started lurking through threads, reading guides, and downloading new software. I've never really used firewalls, anti-virus, or other security programs, because in my years of computing I've never had more than the most minor of infections, and I always felt such software usually complicated things more than helped. Now, though, I have Avast!, Comodo Firewall, SAS, and MBAM either running or at my disposal. And these seemed to have helped, because now when I scan with MBAM and SAS I don't return even 1 result (yet...) after I've done full scans/removes.
My current (apparent) problem: So I thought I was finally okay, but a quick search in google, click of result, and malicious page redirect proved me wrong. I just did a search now to remind myself the problem still exists. I was redirected to some different pages including apartmentfinder, mydealhero, and something else (they seemed to be fighting over where my browser should end up).
I've been dealing with this for days during my free time, and I'm at wits end. This website has been really helpful to me, but I feel I've reached a limit. I'm not sure if I've almost purged everything, or if there is a larger threat remaining. Anyway, any help will be much appreciated.
My Logs
Rooter
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:476937 Mo/Free:583 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
J:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
K:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Mon 05/04/2009|13:07
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
--Locked-- cmdagent.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\WINDOWS\system32\nvraidservice.exe
---------- C:\Program Files\Gigabyte\ET5\GUI.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\SealedMedia\sealmon.exe
---------- C:\Program Files\PowerISO\PWRISOVM.EXE
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
--Locked-- cfp.exe
---------- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\WINDOWS\system32\wbem\unsecapp.exe
---------- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
---------- C:\Program Files\RocketDock\RocketDock.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\NOTEPAD.EXE
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\Hans\Application Data\uTorrent\Matlab 2007b Full Release (no keygen).rar.torrent
C:\DOCUME~1\Hans\Application Data\uTorrent\Minitab 14 + Crack.zip.torrent
1 - "C:\Rooter$\Rooter_1.txt" - Mon 05/04/2009|13:07
----------------------\\ Scan completed at 13:07
OTLI
OTListIt logfile created on: 5/4/2009 1:11:01 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Hans\TDowns
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 204.57 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MICROSOFT
Current User Name: Hans
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Program Files\Gigabyte\ET5\GUI.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\SealedMedia\sealmon.exe ()
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe (GIGABYTE TECHNOLOGY CO., LTD.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Hans\TDowns\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Capture Device Service [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (CBTNDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\CBTNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cmdGuard [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys (COMODO)
DRV - (cmdHlp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (ET5Drv [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\ET5Drv.sys (Microsoft Corporation)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (Inspect [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (itchfltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\itchfltr.sys (Logitech, Inc.)
DRV - (L8042Kbd [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys (Logitech Inc.)
DRV - (LCcfltr [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LCcFltr.Sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys (Logitech Inc.)
DRV - (LUsbFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvatabus [Boot | Running]) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (nvraid [Boot | Running]) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (odysseyIM3 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys (Funk Software, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RT61 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RT61.sys (Ralink Technology Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (V0250Dev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\V0250Dev.sys (Creative Technology Ltd.)
DRV - (wind502u [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wind502u.sys (Envara Inc.)
DRV - (MarkFun_NT [On_Demand | Running]) -- C:\Program Files\Gigabyte\ET5\markfun.w32 (Windows ® 2000 DDK provider)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.6
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.2.3
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.3.11
FF - prefs.js..extensions.enabledItems: {6D898772-AD34-4c16-86BB-9DE787A5DEA0}:1.08
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82}:1.05
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090325
FF - prefs.js..extensions.enabledItems: {B4F5D33D-8602-42A1-9CF7-C179BF5DE8DA}:1.0
FF - prefs.js..extensions.enabledItems: {40104CE3-27EC-42BC-BC88-08DC4D62505C}:1.0
FF - prefs.js..extensions.enabledItems: {23DBE842-01F7-4E18-AF18-C8A1BD9D8CF9}:1.0
FF - prefs.js..extensions.enabledItems: {360BBE0D-A329-4B69-A105-BB5001FF657A}:1.0
FF - prefs.js..extensions.enabledItems: {E4C8AA37-BB6A-42D5-932F-6BB3C93A5A26}:1.0
FF - prefs.js..extensions.enabledItems: {8DC09C02-327A-42B7-99B4-D1778E59D825}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2008/10/07 00:25:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/04 00:02:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 13:50:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/04 00:03:01 | 00,000,000 | ---D | M]
[2008/06/28 15:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Extensions
[2008/06/28 15:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/04 02:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions
[2009/02/21 22:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009/02/15 22:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2008/10/26 17:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2009/03/15 16:33:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009/04/01 16:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/12/03 02:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/01 16:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/02/15 22:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/02/16 20:08:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/04/10 12:35:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\[email protected]
[2008/12/23 14:06:23 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\aim-search.xml
[2009/04/27 13:56:48 | 00,005,600 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\pizzatorrent.xml
[2009/04/27 13:56:48 | 00,001,835 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\weathercom.xml
[2007/07/23 23:11:41 | 00,001,083 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\wikipedia-.xml
[2008/06/23 00:43:24 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\wikipedia-en.xml
[2009/05/04 02:52:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/03 14:25:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{23DBE842-01F7-4E18-AF18-C8A1BD9D8CF9}
[2009/05/03 17:41:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{360BBE0D-A329-4B69-A105-BB5001FF657A}
[2009/05/01 11:37:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{40104CE3-27EC-42BC-BC88-08DC4D62505C}
[2009/05/03 23:38:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8DC09C02-327A-42B7-99B4-D1778E59D825}
[2009/04/28 13:50:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/01 03:14:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B4F5D33D-8602-42A1-9CF7-C179BF5DE8DA}
[2007/10/22 19:22:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/28 05:12:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/05/04 00:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/05/03 14:55:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E4C8AA37-BB6A-42D5-932F-6BB3C93A5A26}
[2009/04/28 13:50:24 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 13:50:24 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/01 07:17:19 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/01 07:17:19 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/01 07:17:19 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/01 07:17:19 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/01 07:17:19 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/01 07:17:19 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/01 07:17:19 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (309699 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123moviedownload.com
O1 - Hosts: 127.0.0.1 www.123moviedownload.com
O1 - Hosts: 127.0.0.1 www.123simsen.com
O1 - Hosts: 10648 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - Reg Error: Key error. File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ă¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h ()
O4 - HKLM..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe ()
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe ()
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe (GIGABYTE TECHNOLOGY CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Hans\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\zivahesu) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\) - C:\WINDOWS\system32 [2009/05/04 12:03:19 | 00,000,000 | ---D | M]
O20 - AppInit_DLLs: (C:\WINDOWS\system32\biwapuyu.dll) - C:\WINDOWS\system32\biwapuyu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\) - c:\windows\system32 [2009/05/04 12:03:19 | 00,000,000 | ---D | M]
O20 - AppInit_DLLs: (C:\WINDOWS\system32\jayoriji.dll) - C:\WINDOWS\system32\jayoriji.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\tikufozi.dll) - c:\windows\system32\tikufozi.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/31 23:11:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\Shell - "" = AutoRun
O33 - MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\Shell - "" = AutoRun
O33 - MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f3566862-523d-11dc-b706-0016e6808c96}\Shell\AutoRun\command - "" = F:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/05/04 13:07:01 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/04 13:00:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/04 13:00:07 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Hans\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/04 12:59:58 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\NTREGOPT.lnk
[2009/05/04 12:59:58 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\ERUNT.lnk
[2009/05/04 12:59:32 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/04 03:53:37 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/04 03:53:37 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/04 03:53:37 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/04 03:53:37 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/04 03:53:37 | 00,001,715 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/04 03:53:36 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/04 03:53:36 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/04 03:53:36 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/04 03:53:36 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/04 03:53:25 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/04 03:53:25 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/04 03:53:23 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/04 03:52:53 | 00,000,824 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\COMODO Internet Security.lnk
[2009/05/04 03:07:13 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Comodo
[2009/05/04 03:07:12 | 00,155,384 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/05/04 03:07:12 | 00,110,992 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/05/04 03:07:12 | 00,080,400 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/05/04 03:07:12 | 00,024,336 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/05/04 03:07:12 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/05/04 02:58:33 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
[2009/05/04 02:58:31 | 00,000,702 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\SpywareBlaster.lnk
[2009/05/04 02:58:30 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/05/04 02:39:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/04 02:27:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/05/04 02:26:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/05/04 02:24:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/04 02:22:49 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v12
[2009/05/04 02:22:45 | 00,007,180 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v12.zip
[2009/05/04 02:20:26 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v13
[2009/05/04 02:20:23 | 00,009,334 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v13.zip
[2009/05/04 02:12:48 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/04 00:19:10 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
[2009/05/04 00:19:08 | 00,000,796 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/04 00:19:07 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/04 00:19:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Application Data\SUPERAntiSpyware.com
[2009/05/03 14:49:40 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/01 17:38:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/01 17:12:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Application Data\Malwarebytes
[2009/05/01 17:12:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/01 17:12:55 | 00,000,714 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 17:12:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/01 17:12:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/01 17:12:52 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Malwarebytes
[2009/05/01 17:10:39 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Hans\Desktop\mbam-setup.exe
[2009/05/01 17:00:34 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/01 17:00:17 | 00,000,000 | ---D | C] -- C:\Program Files\Storm
[2009/05/01 16:59:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2009/05/01 14:10:44 | 00,015,062 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\Process.docx
[2009/05/01 02:55:17 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/01 02:24:17 | 00,000,000 | -H-D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/29 00:10:29 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\DOCUME~1\Hans\Desktop\setup-spybotsd162.exe
[2009/04/21 03:10:45 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/21 03:10:45 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/16 17:31:33 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 17:31:33 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 17:31:33 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 17:31:33 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 17:31:33 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 17:31:33 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 17:31:33 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 17:31:33 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 17:31:33 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 17:31:32 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/04/16 17:31:32 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/04/16 17:31:31 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/04/16 17:31:10 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 17:31:10 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 04:18:21 | 00,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2009/04/14 01:05:14 | 00,001,376 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/13 22:50:26 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/04/13 22:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/13 22:01:04 | 00,000,336 | ---- | C] () -- C:\WINDOWS\tasks\Uniblue SpyEraser.job
[2009/04/13 21:58:09 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Uniblue
[2009/04/13 20:25:11 | 00,000,408 | ---- | C] () -- C:\WINDOWS\Kkozu.dat
[2009/04/13 20:25:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Isarafawinaqafo.bin
[2008/12/03 04:31:55 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/11/15 02:08:11 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/02 23:16:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 23:16:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 23:16:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 23:16:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 23:16:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/09 12:39:40 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll
[2008/04/09 12:10:42 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll
[2007/09/25 21:53:59 | 00,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007/09/12 11:10:40 | 00,000,068 | ---- | C] () -- C:\WINDOWS\eyeQ Screen Saver.ini
[2007/08/26 13:28:03 | 00,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/08/26 13:28:03 | 00,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/08/26 13:28:03 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/08/26 13:28:03 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/08/26 13:28:03 | 00,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/08/26 13:28:03 | 00,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/03/19 18:38:36 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/17 15:32:03 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/10 16:24:47 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/01 22:32:37 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2007/01/31 23:34:07 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll
[2007/01/31 23:26:46 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ycc.dll
[2007/01/31 23:18:47 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/12/13 17:03:14 | 00,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2006/02/28 08:00:00 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/11/15 01:56:50 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/11/05 09:31:14 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2002/10/31 00:35:48 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/03/16 20:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000080.DLL
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/05/04 13:00:07 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Hans\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/04 12:59:58 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\NTREGOPT.lnk
[2009/05/04 12:59:58 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\ERUNT.lnk
[2009/05/04 12:53:24 | 00,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/04 12:53:20 | 00,200,051 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/04 12:53:13 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/04 12:52:35 | 00,000,062 | -HS- | M] () -- C:\DOCUME~1\Hans\Local Settings\desktop.ini
[2009/05/04 12:52:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/04 12:52:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/04 03:53:37 | 00,001,715 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/04 03:53:36 | 00,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/04 03:52:53 | 00,000,824 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\COMODO Internet Security.lnk
[2009/05/04 03:07:12 | 00,155,384 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll
[2009/05/04 03:07:12 | 00,110,992 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/05/04 03:07:12 | 00,080,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/05/04 03:07:12 | 00,024,336 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/05/04 02:58:31 | 00,000,702 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\SpywareBlaster.lnk
[2009/05/04 02:55:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/04 02:40:41 | 00,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/04 02:40:41 | 00,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/04 02:40:41 | 00,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/04 02:39:53 | 00,000,075 | -HS- | M] () -- C:\DOCUME~1\Hans\My Documents\desktop.ini
[2009/05/04 02:38:51 | 00,364,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/04 02:36:52 | 00,002,639 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/04 02:25:56 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/04 02:22:20 | 00,007,180 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v12.zip
[2009/05/04 02:19:18 | 00,009,334 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v13.zip
[2009/05/04 02:04:56 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/04 00:19:08 | 00,000,796 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/03 14:42:26 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/02 18:06:07 | 00,001,376 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/01 17:12:55 | 00,000,714 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 17:10:41 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Hans\Desktop\mbam-setup.exe
[2009/05/01 15:00:00 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Hans.job
[2009/05/01 14:10:44 | 00,015,062 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\Process.docx
[2009/05/01 13:53:04 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\zemuteme
[2009/05/01 02:24:17 | 00,000,867 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ad-Aware.lnk
[2009/04/29 22:50:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/29 09:31:20 | 00,309,699 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/29 08:23:38 | 00,309,770 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090429-082338.backup
[2009/04/29 08:23:38 | 00,309,728 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090429-093120.backup
[2009/04/29 00:11:16 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\DOCUME~1\Hans\Desktop\setup-spybotsd162.exe
[2009/04/28 23:55:10 | 00,058,880 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\tegawula.exe
[2009/04/21 03:10:45 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/21 03:10:45 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/14 04:18:21 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2009/04/14 00:53:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Isarafawinaqafo.bin
[2009/04/13 22:58:51 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Kkozu.dat
[2009/04/13 22:01:04 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpyEraser.job
[2009/04/13 21:04:04 | 00,312,568 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2009/04/13 20:41:30 | 00,312,568 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090413-210404.backup
[2009/04/13 20:12:47 | 00,001,070 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090413-204130.backup
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\DOCUME~1\ALLUSE~1\Application Data\TEMP:5C321E34
< End of report >
OTLI Extras
OTListIt Extras logfile created on: 5/4/2009 1:11:01 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Hans\TDowns
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 204.57 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MICROSOFT
Current User Name: Hans
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed (SightSpeed Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe ()
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\Valve\Steam\steamapps\common\left 4 dead demo\left4dead.exe:*:Enabled:Left 4 Dead Demo ()
C:\Program Files\Valve\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 ()
C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam (Valve Corporation)
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe:*:Enabled:DevSvc (InterVideo Inc.)
C:\Program Files\Valve\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead ()
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@BIOS" = @BIOS
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}" = iTunes
"{57BFC2F4-2A2E-4DC3-A0C0-E53A147631E2}" = Motorola Wireless USB Adapter
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5E9EA5FD-DFD9-44C7-8301-00E371A6D8E1}" = MPLAB Tools v8.10
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{87C85D28-0633-453D-8D29-98C3A1043F6C}" = Folding@home-x86
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{96A083BF-4420-48D9-8264-F8F109ACC536}" = Storm
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A87E25E5-38BA-46AD-A008-1D4FB3D332D3}" = MINITAB 14
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE00FF6D-ECFA-4466-A78C-A7212200ACEA}" = Gigabyte GN-WP01GS
"{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C131E0E1-1715-4D61-901A-5453A46F0800}" = Livestation
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E24A7D40-D12E-4A11-8DEC-7BB21BE4614D}" = Wolfram Notebook Indexer 1.1
"{E613ECA8-7C74-4F7D-98B8-D8C1426A8A2F}" = SealedMedia Unsealer 5.2.25
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FC10C290-6E4D-4C6B-A8B3-33700C21F9E6}" = Mathematica 5.2 for Students
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Video FX Utility" = Advanced Video FX Utility
"AIM_6" = AIM 6
"Anki" = Anki
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"avast!" = avast! Antivirus
"Bruce's Unusual Typing Wizard_is1" = Bruce's Unusual Typing Wizard, Version 1.5.0
"CCleaner" = CCleaner (remove only)
"COMODO Internet Security" = COMODO Internet Security
"Creative Live! Cam Notebook Pro User's Guide English" = Creative Live! Cam Notebook Pro User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.01.03.0405)
"Creative WebCam Center" = Creative WebCam Center
"DMIView" = DMIView
"EasyTune5" = EasyTune5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Face-wizard" = Face-wizard
"ffdshow" = ffdshow
"Finale NotePad 2007" = Finale NotePad 2007
"Finale NotePad 2008" = Finale NotePad 2008
"FitDay_is1" = FitDay PC version 1.0
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GoldenEye Source" = GoldenEye: Source - HalfLife 2 Mod
"GTK 2.0" = GTK+ Runtime 2.12.12 rev a (remove only)
"Hamachi" = Hamachi 1.0.3.0
"i-Cool" = i-Cool
"InstallShield_{5E9EA5FD-DFD9-44C7-8301-00E371A6D8E1}" = MPLAB Tools v8.10
"InstallShield_{A87E25E5-38BA-46AD-A008-1D4FB3D332D3}" = MINITAB 14
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"InstallShield_{FC10C290-6E4D-4C6B-A8B3-33700C21F9E6}" = Mathematica 5.2 for Students
"Karnaugh Map Minimizer" = Karnaugh Map Minimizer 0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2007a" = MATLAB R2007a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKV Minimum Set (LD-Anime) - MatroskaSplitter & VSFilter_is1" = Matroska Pack - Lazy Man's MKV 0.9.9
"Mnemosyne_is1" = Mnemosyne 1.0.1.1
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PICC 9.60PL1" = HI-TECH PICC-Lite V9.60PL1
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"Reflex" = Reflex
"RocketDock_is1" = RocketDock 1.3.5
"Serious Samurize" = Serious Samurize
"SightSpeed" = SightSpeed (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Starcraft" = Starcraft
"Steam" = Steam
"Steam App 13210" = Unreal Tournament 3
"Steam App 15660" = Warhammer 40,000: Dawn of War II - Beta
"Steam App 17510" = Age of Chivalry
"Steam App 17550" = Eternal Silence
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 530" = Left 4 Dead Demo
"SysInfo" = Creative System Information
"SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1" = Uniblue PowerSuite
"The Rosetta Stone" = The Rosetta Stone
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"vixy converter BETA_is1" = vixy converter uninstall
"Wakan" = Wakan 1.67
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! ¤u¨ă¦C
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3483" = Peggle Extreme
"Steam App 380" = Half-Life 2: Episode One
"Steam App 60" = Ricochet
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/1/2008 11:08:30 PM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/14/2008 12:11:06 AM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:44:34 PM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/3/2008 7:16:01 PM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/15/2008 1:47:39 AM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application Steam.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/15/2008 4:57:23 AM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application Steam.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/15/2008 7:27:37 AM | Computer Name = MICROSOFT | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module datacache.dll,
version 0.0.0.0, fault address 0x0000b423.
Error - 11/19/2008 9:08:03 AM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/20/2008 3:33:57 AM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application left4dead.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/20/2008 6:38:00 AM | Computer Name = MICROSOFT | Source = Application Error | ID = 1000
Description = Faulting application ventrilo.exe, version 3.0.4.0, faulting module
unknown, version 0.0.0.0, fault address 0x4b435553.
[ System Events ]
Error - 5/4/2009 1:26:30 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5/4/2009 1:27:28 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 5/4/2009 1:27:39 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5/4/2009 1:28:58 AM | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31
Error - 5/4/2009 1:28:58 AM | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 5/4/2009 1:28:58 AM | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu Tcpip
Error - 5/4/2009 2:05:00 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 5/4/2009 2:09:19 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 5/4/2009 2:09:24 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 5/4/2009 2:10:58 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
I think that's all... hopefully I'm not missing anything here.