I was visiting a site I thought was relatively safe until some fake virus scanner popped up. Since I used Malware removal before reading this site, the program temporary removed the malware (it comes back after the pc resets,) but now the net access doesn't work. Can anyone help? Thanks

ERUNT file:


DDS (Ver_10-03-17.01) - NTFSX64 NETWORK
Run by Ritchie Le at 18:34:42.26 on Sat 08/28/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6142.4559 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
P:\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Power2GoExpress] NA
uRun: [GameShadow] c:\program files (x86)\gameshadow\GameShadow.exe /q
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
uRun: [EA Core] "c:\program files (x86)\electronic arts\eadm\Core.exe" -silent
uRun: [Google Update] "c:\users\ritchie le\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [igndlm.exe] c:\program files (x86)\download manager\DLM.exe /windowsstart /startifwork
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [RegistryMechanic] c:\program files (x86)\registry mechanic\RMTray.exe /H
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [VolPanel] "c:\program files (x86)\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] "c:\program files (x86)\poweriso\PWRISOVM.EXE"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [MaxMenuMgr] "c:\program files (x86)\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [RoxWatchTray] "c:\program files (x86)\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [FreeAgentTheaterTrayIcon] "c:\program files (x86)\seagate\freeagent_theater\agrregationstatus\StxMediaMenuMgr.exe"
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SSDMonitor] "c:\program files (x86)\common files\pc tools\smonitor\SSDMonitor.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /install /silent
StartupFolder: c:\users\ritchi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\users\ritchi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\ritchi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\sonici~1.lnk - c:\users\ritchie le\appdata\local\temp\vies4037\Setup.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files (x86)\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton internet security\engine\16.8.0.41\CoIEPlg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-10-8 53488]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1008000.029\SymEFA64.sys [2010-2-2 402992]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\nisx64\1008000.029\BHDrvx64.sys [2010-2-2 334384]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1008000.029\cchpx64.sys [2010-2-2 583296]
S1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100805.004\IDSviA64.sys [2010-8-5 463408]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
S2 FreeAgentTheater Service;Seagate FreeAgent Theater;c:\program files (x86)\seagate\freeagent_theater\sync\MediaAggreService.exe [2009-7-9 169256]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-6-5 136176]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2008-9-9 198240]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-2 117640]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\common files\pc tools\smonitor\StartManSvc.exe [2010-5-3 632792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-9-20 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2009-6-17 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-6-17 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\MT6Licensing.exe [2009-6-17 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 132656]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-2-26 1038088]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nisx64\1008000.029\symndisv.sys [2010-2-2 56880]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-5-6 639512]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-6-1 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-28 23:24:15 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-27 20:49:11 0 d-----r- c:\program files (x86)\Sx
2010-08-23 00:59:10 0 d-----w- c:\program files (x86)\NAMCO BANDAI Games
2010-08-22 06:10:14 0 d-----w- c:\users\ritchie le\Tracing
2010-08-22 06:09:18 0 d-----w- c:\program files (x86)\Microsoft
2010-08-22 06:09:05 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-08-22 06:04:19 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-08-22 06:00:18 0 d-----w- c:\program files (x86)\Fake Webcam
2010-08-22 06:00:18 0 d-----w- c:\program files (x86)\common files\fwc
2010-08-22 05:58:51 0 d-----w- c:\program files (x86)\Webcam Simulator2
2010-08-22 05:37:18 0 d-----w- c:\program files (x86)\common files\wcs
2010-08-22 05:37:17 0 d-----w- c:\program files (x86)\Webcam Simulator
2010-08-22 05:24:28 0 d-----w- c:\program files (x86)\Sarm Software
2010-08-20 02:21:15 0 d-----w- C:\fishes
2010-08-17 14:41:29 0 d-----w- C:\nes
2010-08-13 11:00:57 0 d-----w- c:\programdata\LightScribe
2010-08-13 10:42:26 0 d-----w- c:\program files (x86)\Nero
2010-08-13 10:42:07 0 d-----w- c:\programdata\Nero
2010-08-12 03:43:13 0 d-----w- c:\programdata\AIM
2010-08-12 03:43:11 0 d-----w- c:\program files (x86)\AIM
2010-08-12 03:43:10 0 d-----w- c:\program files (x86)\common files\Software Update Utility
2010-08-12 03:43:09 0 d-----w- c:\program files (x86)\common files\AOL
2010-08-12 03:43:02 361 ---ha-w- C:\IPH.PH
2010-08-11 08:47:16 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-08-10 19:50:53 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-10 19:50:49 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-10 19:50:49 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-10 19:50:45 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-10 19:50:43 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-10 19:50:43 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-10 19:50:17 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-10 19:50:15 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-02 19:36:32 11584512 ----a-w- c:\windows\syswow64\shell32.dll

==================== Find3M ====================

2010-08-28 21:05:00 108418 ----a-w- c:\programdata\nvModes.dat
2010-07-27 02:34:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-04 03:51:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-04 03:51:05 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-04 03:51:05 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-30 18:28:25 136931926 ----a-w- c:\users\ritchie le\TS3CAP_767618.exe
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-18 01:22:52 15803792 ----a-w- c:\users\ritchie le\oly_updater_win.exe
2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:38:10 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-06 02:24:10 245760 ----a-w- C:\Project1.exe
2009-11-18 21:00:03 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-14 03:30:36 22 --sha-w- c:\windows\sminst\HPCD.sys
2010-05-08 21:15:50 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-09-09 19:59:53 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:36:16.29 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

uTorrent <--Your downloading files from an unknown source and most contain malware, I am going to ask you to remove this program via Programs and Features in the Control Panel.



Do this first...Important

Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking

Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect

Please do not proceed until the TeaTimer is disabled




Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in



netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

OTL.text

OTL logfile created on: 9/4/2010 3:51:27 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = P:\
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 68.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.53 Gb Total Space | 32.38 Gb Free Space | 5.52% Space Free | Partition Type: NTFS
Drive D: | 9.65 Gb Total Space | 0.90 Gb Free Space | 9.37% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 698.64 Gb Total Space | 470.96 Gb Free Space | 67.41% Space Free | Partition Type: NTFS
Drive O: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 7.64 Gb Total Space | 0.57 Gb Free Space | 7.51% Space Free | Partition Type: FAT32

Computer Name: RITCHIELE-PC
Current User Name: Ritchie Le
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - P:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\GameShadow\GameShadow.exe (GameShadow Ltd)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Registry Mechanic\RMTray.exe (PC Tools )
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Seagate\FreeAgent_Theater\Sync\MediaSync.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\FreeAgent_Theater\Sync\MediaAggreService.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\FreeAgent_Theater\AgrregationStatus\stxmediamenumgr.exe (Seagate LLC)
PRC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)


========== Modules (SafeList) ==========

MOD - P:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (PnkBstrA) -- C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
SRV - (FreeAgentTheater Service) -- C:\Program Files (x86)\Seagate\FreeAgent_Theater\Sync\MediaAggreService.exe (Seagate Technology LLC)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (FreeAgentGoNext Service) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100810.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100810.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100805.004\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 14:21:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/12/03 16:51:12 | 000,000,799 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] .Theater [2010/02/09 11:00:30 | 000,000,000 | ---D | M]
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [FreeAgentTheaterTrayIcon] C:\Program Files (x86)\Seagate\FreeAgent_Theater\AgrregationStatus\StxMediaMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [GameShadow] C:\Program Files (x86)\GameShadow\GameShadow.exe (GameShadow Ltd)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe (PC Tools )
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Ritchie Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Ritchie Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ritchie Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sonic INSTALLit! Setup.lnk = C:\Users\Ritchie Le\AppData\Local\Temp\VIES4037\Setup.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/10 19:44:32 | 000,000,063 | ---- | M] () - M:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/02/12 12:53:42 | 000,000,277 | R--- | M] () - O:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/03/23 12:19:08 | 000,000,090 | ---- | M] () - P:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{02acaa09-23bf-11df-8de7-002215824eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{02acaa09-23bf-11df-8de7-002215824eb6}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{138f4c80-903c-11df-89e8-002215824eb6}\Shell\AutoRun\command - "" = L:\SecureII\Windows\SecureII.exe -- File not found
O33 - MountPoints2\{3483ee23-a9aa-11df-a0df-002215824eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{3483ee23-a9aa-11df-a0df-002215824eb6}\Shell\AutoRun\command - "" = M:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{8ec610fc-1c0a-11df-80b8-002215824eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{8ec610fc-1c0a-11df-80b8-002215824eb6}\Shell\AutoRun\command - "" = M:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{90aee13f-a63d-11df-bdcf-002215824eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{90aee13f-a63d-11df-bdcf-002215824eb6}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{d453025d-40f0-11de-a51f-002215824eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{d453025d-40f0-11de-a51f-002215824eb6}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
O33 - MountPoints2\{d453025e-40f0-11de-a51f-002215824eb6}\Shell\AutoRun\command - "" = C:\Windows\SysWow64\setupSNK.exe -- [2008/01/20 19:46:42 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{d7dbf3fa-4003-11df-91af-002215824eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{d7dbf3fa-4003-11df-91af-002215824eb6}\Shell\AutoRun\command - "" = L:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{e4e632fe-2333-11df-9515-002215824eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{e4e632fe-2333-11df-9515-002215824eb6}\Shell\AutoRun\command - "" = M:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{f8d6377c-1699-11df-aa0c-002215824eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{f8d6377c-1699-11df-aa0c-002215824eb6}\Shell\AutoRun\command - "" = M:\WD SmartWare.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Installer.exe -- File not found
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/03 23:18:30 | 000,000,000 | ---D | C] -- C:\Users\Ritchie Le\AppData\Roaming\U3
[2010/08/28 18:33:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/28 18:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/28 16:24:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/28 16:24:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/28 07:18:44 | 000,000,000 | ---D | C] -- C:\Users\Ritchie Le\Desktop\antispytools
[2010/08/27 22:56:14 | 000,000,000 | ---D | C] -- C:\Users\Ritchie Le\AppData\Local\fpabwfhak
[2010/08/27 13:49:11 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Sd
[2010/08/27 10:52:56 | 000,000,000 | ---D | C] -- C:\Users\Ritchie Le\Desktop\quadratic
[2010/08/22 18:53:06 | 000,000,000 | ---D | C] -- C:\Users\Ritchie Le\AppData\Local\Warhammer Mark of Chaos
[2010/08/22 18:30:10 | 000,000,000 | ---D | C] -- C:\Users\Ritchie Le\Documents\Warhammer Mark of Chaos
[2010/08/22 17:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAMCO BANDAI Games
[2010/08/21 23:10:14 | 000,000,000 | ---D | C] -- C:\Users\Ritchie Le\Tracing
[2010/08/21 23:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/08/21 23:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/08/21 23:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/08/21 23:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/08/21 23:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\fwc
[2010/08/21 23:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fake Webcam
[2010/08/21 22:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webcam Simulator2
[2010/08/21 22:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\wcs
[2010/08/21 22:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webcam Simulator
[2010/08/21 22:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sarm Software
[2010/08/19 19:21:15 | 000,000,000 | ---D | C] -- C:\fishes
[2010/08/17 07:41:29 | 000,000,000 | ---D | C] -- C:\nes
[2010/08/13 04:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/08/13 04:00:51 | 000,000,000 | ---D | C] -- C:\Users\Ritchie Le\AppData\Roaming\Nero
[2010/08/13 03:42:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/08/13 03:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/08/13 03:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010/08/11 20:43:22 | 000,000,000 | ---D | C] -- C:\Users\Ritchie Le\AppData\Roaming\acccore
[2010/08/11 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\Ritchie Le\AppData\Local\AOL
[2010/08/11 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\Ritchie Le\AppData\Local\AIM
[2010/08/11 20:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2010/08/11 20:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2010/08/11 20:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/08/11 20:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2010/08/10 12:50:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/10 12:50:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/10 12:50:17 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/10 12:50:15 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/10 12:49:43 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/10 12:49:40 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/10 12:49:39 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/10 12:49:39 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/10 12:49:39 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/10 12:49:39 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/10 12:49:39 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/10 12:49:39 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/10 12:49:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/10 12:49:39 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/10 12:49:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/10 12:49:38 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/10 12:49:38 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/10 12:49:38 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/10 12:49:38 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/10 12:49:38 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/10 12:49:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/10 12:49:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/10 12:49:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/10 12:49:38 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/10 12:49:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/10 12:49:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/10 12:49:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2009/12/15 09:13:17 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Ritchie Le\AppData\Roaming\pcouffin.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ritchie Le\AppData\Local\*.tmp files -> C:\Users\Ritchie Le\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/04 15:51:32 | 004,194,304 | -HS- | M] () -- C:\Users\Ritchie Le\NTUSER.DAT
[2010/09/04 15:47:32 | 000,108,418 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/04 15:47:31 | 000,108,418 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/04 15:46:23 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/04 15:46:21 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/04 15:46:21 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/04 15:46:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/04 15:46:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/04 15:35:26 | 000,524,288 | -HS- | M] () -- C:\Users\Ritchie Le\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms
[2010/09/04 15:35:26 | 000,065,536 | -HS- | M] () -- C:\Users\Ritchie Le\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/09/04 15:35:17 | 003,766,885 | -H-- | M] () -- C:\Users\Ritchie Le\AppData\Local\IconCache.db
[2010/09/04 00:02:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/03 23:29:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1159794330-3273136719-1120586707-1003UA.job
[2010/09/03 21:19:08 | 000,979,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/03 21:19:08 | 000,798,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/03 21:19:08 | 000,179,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/02 16:55:19 | 000,001,356 | ---- | M] () -- C:\Users\Ritchie Le\AppData\Local\d3d9caps.dat
[2010/09/02 16:52:30 | 000,000,592 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Ritchie Le.job
[2010/09/02 13:17:32 | 000,072,564 | ---- | M] () -- C:\Users\Ritchie Le\Desktop\Soc 2 Syllabus.htm
[2010/09/01 18:00:00 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010/09/01 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/08/31 12:29:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1159794330-3273136719-1120586707-1003Core.job
[2010/08/30 20:00:00 | 000,000,568 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Ritchie Le.job
[2010/08/28 18:32:45 | 000,000,945 | ---- | M] () -- C:\Users\Ritchie Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/28 18:32:41 | 000,000,765 | ---- | M] () -- C:\Users\Ritchie Le\Desktop\NTREGOPT.lnk
[2010/08/28 18:32:41 | 000,000,746 | ---- | M] () -- C:\Users\Ritchie Le\Desktop\ERUNT.lnk
[2010/08/28 16:24:19 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/28 07:18:22 | 000,049,152 | ---- | M] () -- C:\Users\Ritchie Le\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/27 10:53:26 | 002,687,133 | ---- | M] () -- C:\Users\Ritchie Le\Desktop\quadratic.zip
[2010/08/27 02:36:16 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2010/08/23 19:24:06 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\GameShadow.lnk
[2010/08/22 17:59:10 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\Warhammer® Mark of Chaos™.lnk
[2010/08/22 04:03:01 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/08/21 23:00:19 | 000,000,843 | ---- | M] () -- C:\Users\Ritchie Le\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam (No Preview Mode).lnk
[2010/08/21 23:00:19 | 000,000,833 | ---- | M] () -- C:\Users\Ritchie Le\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam.lnk
[2010/08/21 23:00:19 | 000,000,819 | ---- | M] () -- C:\Users\Ritchie Le\Desktop\Fake Webcam (No Preview Mode).lnk
[2010/08/21 23:00:19 | 000,000,809 | ---- | M] () -- C:\Users\Ritchie Le\Desktop\Fake Webcam.lnk
[2010/08/21 22:58:51 | 000,000,822 | ---- | M] () -- C:\Users\Ritchie Le\Application Data\Microsoft\Internet Explorer\Quick Launch\Webcam Simulator.lnk
[2010/08/21 22:58:51 | 000,000,798 | ---- | M] () -- C:\Users\Ritchie Le\Desktop\Webcam Simulator.lnk
[2010/08/21 22:24:33 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\Sarmsoft Web Camera.lnk
[2010/08/21 10:18:04 | 001,748,895 | ---- | M] () -- C:\Users\Ritchie Le\Documents\iPod_classic_160GB_User_Guide.pdf
[2010/08/20 12:29:36 | 000,002,069 | ---- | M] () -- C:\Users\Ritchie Le\Desktop\Google Chrome.lnk
[2010/08/20 12:29:36 | 000,002,031 | ---- | M] () -- C:\Users\Ritchie Le\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/18 08:57:58 | 000,000,156 | ---- | M] () -- C:\Users\Ritchie Le\AppData\Roaming\default.rss
[2010/08/17 07:56:57 | 000,010,213 | ---- | M] () -- C:\Users\Ritchie Le\Desktop\Zombatar_1.jpg
[2010/08/13 03:46:52 | 000,002,583 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/08/11 20:43:17 | 000,000,361 | -H-- | M] () -- C:\IPH.PH
[2010/08/11 20:43:12 | 000,001,776 | ---- | M] () -- C:\Users\Ritchie Le\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/08/11 20:43:12 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/08/11 20:40:06 | 000,076,160 | ---- | M] () -- C:\Users\Ritchie Le\Desktop\photo.jpg
[2010/08/11 08:04:24 | 003,078,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ritchie Le\AppData\Local\*.tmp files -> C:\Users\Ritchie Le\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/02 13:20:22 | 000,072,564 | ---- | C] () -- C:\Users\Ritchie Le\Desktop\Soc 2 Syllabus.htm
[2010/08/28 18:32:45 | 000,000,945 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/28 18:32:41 | 000,000,765 | ---- | C] () -- C:\Users\Ritchie Le\Desktop\NTREGOPT.lnk
[2010/08/28 18:32:41 | 000,000,746 | ---- | C] () -- C:\Users\Ritchie Le\Desktop\ERUNT.lnk
[2010/08/28 16:24:19 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 10:53:25 | 002,687,133 | ---- | C] () -- C:\Users\Ritchie Le\Desktop\quadratic.zip
[2010/08/22 17:59:10 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\Warhammer® Mark of Chaos™.lnk
[2010/08/21 23:00:19 | 000,000,843 | ---- | C] () -- C:\Users\Ritchie Le\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam (No Preview Mode).lnk
[2010/08/21 23:00:19 | 000,000,833 | ---- | C] () -- C:\Users\Ritchie Le\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam.lnk
[2010/08/21 23:00:19 | 000,000,819 | ---- | C] () -- C:\Users\Ritchie Le\Desktop\Fake Webcam (No Preview Mode).lnk
[2010/08/21 23:00:19 | 000,000,809 | ---- | C] () -- C:\Users\Ritchie Le\Desktop\Fake Webcam.lnk
[2010/08/21 22:37:18 | 000,000,822 | ---- | C] () -- C:\Users\Ritchie Le\Application Data\Microsoft\Internet Explorer\Quick Launch\Webcam Simulator.lnk
[2010/08/21 22:37:18 | 000,000,798 | ---- | C] () -- C:\Users\Ritchie Le\Desktop\Webcam Simulator.lnk
[2010/08/21 22:24:33 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\Sarmsoft Web Camera.lnk
[2010/08/21 10:18:04 | 001,748,895 | ---- | C] () -- C:\Users\Ritchie Le\Documents\iPod_classic_160GB_User_Guide.pdf
[2010/08/18 08:06:49 | 000,000,156 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Roaming\default.rss
[2010/08/17 07:56:57 | 000,010,213 | ---- | C] () -- C:\Users\Ritchie Le\Desktop\Zombatar_1.jpg
[2010/08/13 03:46:52 | 000,002,583 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/08/11 20:43:54 | 000,076,160 | ---- | C] () -- C:\Users\Ritchie Le\Desktop\photo.jpg
[2010/08/11 20:43:12 | 000,001,776 | ---- | C] () -- C:\Users\Ritchie Le\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/08/11 20:43:12 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/08/11 20:43:02 | 000,000,361 | -H-- | C] () -- C:\IPH.PH
[2010/05/10 22:09:26 | 000,431,498 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_vcredistMSI2D32.txt
[2010/05/10 22:09:24 | 000,011,398 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_vcredistUI2D32.txt
[2010/04/11 02:05:08 | 000,000,718 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Roaming\myMPQ.ini
[2010/04/05 17:30:02 | 000,381,442 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_vcredistMSI28B9.txt
[2010/04/05 17:30:02 | 000,011,138 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_vcredistUI28B9.txt
[2010/03/27 23:44:38 | 000,461,154 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_vcredistMSI0839.txt
[2010/03/27 23:44:37 | 000,011,408 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_vcredistUI0839.txt
[2009/12/17 17:02:52 | 000,001,668 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2009/12/15 09:15:16 | 000,000,034 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Roaming\pcouffin.log
[2009/12/15 09:13:17 | 000,099,384 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Roaming\inst.exe
[2009/12/15 09:13:17 | 000,007,859 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Roaming\pcouffin.cat
[2009/12/15 09:13:16 | 000,001,167 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Roaming\pcouffin.inf
[2009/11/29 10:34:37 | 000,368,964 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_vcredistMSI27E3.txt
[2009/11/29 10:34:37 | 000,011,490 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_vcredistUI27E3.txt
[2009/11/20 05:46:13 | 009,064,004 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\VSMsiLog0BF5.txt
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/09/20 16:39:07 | 003,846,606 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\VSMsiLog618E.txt
[2009/09/18 18:43:28 | 010,672,808 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\VSMsiLog2476.txt
[2009/09/18 18:39:44 | 000,099,495 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_depcheck_VB_EXP_90.txt
[2009/09/18 18:39:36 | 000,274,760 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_install_vb_xcor_90.txt
[2009/09/18 18:39:36 | 000,000,002 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_error_vb_xcor_90.txt
[2009/09/12 19:44:49 | 010,300,612 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\VSMsiLog7E9F.txt
[2009/09/12 19:44:28 | 005,362,968 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_WinSDK_Build_x64_MSI7E5A.txt
[2009/09/12 19:37:22 | 000,118,417 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_depcheck_VC_EXP_90.txt
[2009/09/12 19:37:16 | 000,322,592 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_install_vc_xcor_90.txt
[2009/09/12 19:37:16 | 000,016,266 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\uxeventlog.txt
[2009/09/12 19:37:16 | 000,000,002 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_error_vc_xcor_90.txt
[2009/09/02 14:52:23 | 000,399,242 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_SharedManagementObjects_MSI1178.txt
[2009/09/02 14:52:20 | 000,183,990 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_SQLSysClrTypes_msi116F.txt
[2009/09/02 14:52:18 | 000,325,572 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_SQLCEToolsForVS2007_MSI1168.txt
[2009/09/02 14:52:15 | 000,403,636 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_SSCERuntime_MSI115E.txt
[2009/09/02 14:50:07 | 009,855,296 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\VSMsiLog0FBC.txt
[2009/09/02 14:50:04 | 000,204,352 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI0FB3.txt
[2009/09/02 14:50:03 | 000,224,128 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_WinSDK_ExpTools_x64_MSI0FAF.txt
[2009/09/02 14:49:56 | 001,215,308 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_ExpRemoteDbg_x64_MSI0F98.txt
[2009/09/02 14:49:46 | 000,437,048 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_VC_Red_MSI0F78.txt
[2009/09/02 14:40:14 | 000,318,894 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_depcheck_VCS_EXP_90.txt
[2009/09/02 14:40:10 | 000,914,390 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_install_vcs_xcor_90.txt
[2009/09/02 14:40:10 | 000,000,002 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\dd_error_vcs_xcor_90.txt
[2009/06/03 21:25:02 | 000,001,356 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\d3d9caps.dat
[2009/06/01 10:28:12 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/01 10:27:33 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/13 19:42:16 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\Writer.ini
[2009/05/13 10:01:04 | 000,049,152 | ---- | C] () -- C:\Users\Ritchie Le\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/11 10:45:12 | 000,108,418 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/11 10:45:06 | 000,108,418 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/11 07:53:37 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini
[2009/01/14 02:47:24 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/01/14 02:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/01/14 02:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/01/14 02:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/01/14 02:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/01/14 02:47:24 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/01/14 02:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/01/14 02:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/01/14 02:47:24 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2008/10/17 01:33:50 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/09 12:28:21 | 000,918,680 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/09/09 12:13:12 | 000,001,617 | ---- | C] () -- C:\Windows\SysWow64\AudioDrv.ini
[2008/09/09 12:12:59 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/09/09 12:12:59 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/09/09 12:07:09 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/09/09 12:07:09 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 19:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/12/05 15:40:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2005/07/15 11:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2005/07/15 11:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2005/07/15 11:35:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[1998/03/21 22:24:35 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\mssrina.dll

========== LOP Check ==========

[2010/08/11 20:43:33 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\acccore
[2010/07/13 16:12:47 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\Amazon
[2009/09/17 16:05:50 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\Any Audio Converter
[2010/03/06 13:28:56 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\com.adobe.ExMan
[2009/07/11 08:59:03 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\DriverCure
[2009/09/07 05:29:30 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\fltk.org
[2009/06/30 08:25:48 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\gtk-2.0
[2010/02/19 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\iWin
[2010/02/08 10:52:05 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\Leadertech
[2010/01/28 07:26:00 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\LucasArts
[2009/05/14 20:01:57 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\muvee Technologies
[2010/05/10 22:13:04 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\OpenOffice.org
[2010/03/27 23:44:57 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\runic games
[2010/09/04 15:32:59 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\uTorrent
[2010/03/19 17:17:29 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\Vso
[2009/05/13 08:34:19 | 000,000,000 | ---D | M] -- C:\Users\Ritchie Le\AppData\Roaming\WinBatch
[2010/08/27 02:36:16 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2010/09/01 18:00:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/09/01 18:00:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2010/08/22 04:03:01 | 000,000,450 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2010/09/04 15:42:07 | 000,032,586 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2010/06/05 19:24:10 | 000,245,760 | ---- | M] (ABC) -- C:\Project1.exe


< MD5 for: AGP440.SYS >
[2008/01/20 19:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\WINDOWS\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 19:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\WINDOWS\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 19:45:58 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 00:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2008/11/03 17:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2008/11/03 18:10:08 | 000,406,040 | ---- | M] (Intel Corporation) MD5=5979854E6FDA990107E3170327022117 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/07/12 09:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\hp\drivers\Intel_RAID\iastor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 19:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 19:50:06 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\SysWOW64\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\SysWOW64\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 00:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 19:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 19:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 19:48:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\SysWOW64\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\SysWOW64\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 00:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 19:48:13 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SysWOW64\msvbvm60.dll
[2009/04/10 23:28:24 | 000,172,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SysWOW64\scrrun.dll
[2010/03/05 07:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SysWOW64\vbscript.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Ritchie Le\Documents\Overlord:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ritchie Le\Documents\GHOSTBUSTERS (tm):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ritchie Le\Documents\GardenDefense:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ritchie Le\Documents\DAModder:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6468C896
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

Extra.text

OTL Extras logfile created on: 9/4/2010 3:51:27 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = P:\
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 68.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.53 Gb Total Space | 32.38 Gb Free Space | 5.52% Space Free | Partition Type: NTFS
Drive D: | 9.65 Gb Total Space | 0.90 Gb Free Space | 9.37% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 698.64 Gb Total Space | 470.96 Gb Free Space | 67.41% Space Free | Partition Type: NTFS
Drive O: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 7.64 Gb Total Space | 0.57 Gb Free Space | 7.51% Space Free | Partition Type: FAT32

Computer Name: RITCHIELE-PC
Current User Name: Ritchie Le
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 92 5F 6C E0 E0 E2 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E2BEA62-EEFB-40FC-A6B2-802577C5947A}" = lport=27013 | protocol=17 | dir=in | name=cs13 |
"{1FD8039E-F1F3-49AA-9B34-C39763743B83}" = lport=27050 | protocol=6 | dir=in | name=counterstrike5 |
"{240DE705-52A0-4611-94E7-552123AE67D9}" = lport=27006 | protocol=17 | dir=in | name=cs6 |
"{2DECEEC8-B4CA-4627-A81C-33DE486ADEFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3104F288-DF62-425A-964D-93D43D51ADC3}" = lport=27008 | protocol=17 | dir=in | name=cs8 |
"{53208A4F-7C00-449D-BB8F-0CC9D02AFC6E}" = lport=27014 | protocol=17 | dir=in | name=cs14 |
"{617E4E0E-9A00-45D5-91D3-8DF9308BAC0C}" = lport=27012 | protocol=17 | dir=in | name=cs12 |
"{74F6AF0E-F339-4C19-800F-091EEB870F1C}" = lport=27011 | protocol=17 | dir=in | name=cs11 |
"{75B7484F-F522-458C-A6D3-2F5F79455DCD}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{76443157-893F-4952-A704-E5BDCE79A8CA}" = lport=4380 | protocol=17 | dir=in | name=counterstrike6 |
"{7EE95EF2-C32D-44BD-8A62-0712AE60D0FF}" = lport=27003 | protocol=17 | dir=in | name=cs3 |
"{824766AC-703F-4DE4-AAC7-3F30DD798C06}" = lport=27004 | protocol=17 | dir=in | name=cs4 |
"{855F4FC2-0DE9-41CA-A25B-025090E61C2B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8EE5B334-A39E-4417-90B8-000B78223EBF}" = lport=27015 | protocol=17 | dir=in | name=counterstrike2 |
"{8F12EB69-E6E6-46F2-A36A-CF77C4DC50DC}" = lport=27014 | protocol=6 | dir=in | name=counterstrike |
"{937C9C14-DF22-414D-8FB2-662762AED71D}" = lport=27030 | protocol=17 | dir=in | name=counterstrike3 |
"{991580B5-0AAA-4701-A2D3-4ACE9F9F03F2}" = lport=27007 | protocol=17 | dir=in | name=cs7 |
"{9BB79BA6-E3EB-46B6-A6B6-0F4B95165CDB}" = lport=27000 | protocol=17 | dir=in | name=counterstrike |
"{9D252292-2C7D-4527-9C28-0FE89450412B}" = lport=27010 | protocol=17 | dir=in | name=cs10 |
"{BFDD2304-4917-4616-8789-F5F6B10536D6}" = lport=27002 | protocol=17 | dir=in | name=cs2 |
"{C12629DE-0497-4621-AF6C-9BC5269063A7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C99BDDC9-D65B-4A9C-A123-99D757CFF000}" = lport=27005 | protocol=17 | dir=in | name=cs5 |
"{D738E4D9-3D39-4936-B850-695E5AC0AFF6}" = lport=27009 | protocol=17 | dir=in | name=cs9 |
"{FAEE023F-8C55-4829-B14B-58EF8A39E790}" = lport=27001 | protocol=17 | dir=in | name=cs1 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020ACB74-1CB3-4EAB-BFF9-231119389B7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe |
"{0491D386-8809-4516-9557-CC587ADAD982}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{080F8FC2-C727-4E91-B685-326656CD4163}" = protocol=17 | dir=in | app=c:\program files (x86)\gameshadow\gsdownload.exe |
"{087F5603-C5CD-4CA0-A2D4-E1253162CB8D}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{09307135-DA19-4545-8AFB-C113F1399489}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |
"{098405DC-FA9C-4B7A-9405-371B23829824}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{0C96B132-9A93-459C-9850-EAF3903B8B16}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{0E3E8432-756E-4E1A-8CCC-E4F7EB9F6011}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{0F40041A-40B5-4240-8235-B37A16552406}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loom\loom.exe |
"{10764641-F979-48AD-8228-8A8EC235E14D}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{16453560-8E6F-4D15-BD17-2FB1ED841767}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{165582BC-78E3-4DD5-954E-06A278AB8368}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{1AE4A5FF-F958-407E-8542-07ACBC66B842}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1AF0DC67-7C76-48DF-86D6-8D9F51DA8A89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{1B5CD650-E5B0-46D3-8B2B-B2562743F4C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe |
"{1B82D9DC-5590-48C0-84BC-0BAD54F0A1FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{1E1C1485-5182-48EA-BFEA-EB6DD1D3EF13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |
"{1E41EC2B-FB2A-40E0-9F63-73735E2CC0BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\help.htm |
"{210067A4-D598-4D50-A0CF-EF5D99C6F2CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{24ADE1D1-6669-4476-8F9F-D73F716F0C73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{2967D795-512F-4C15-A23D-FD0812A743CD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{2C4586C2-3AB8-41F2-8C9B-06E8913970E0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{2C7926ED-E817-4033-8FD2-C74A17DE1477}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{2D295FDC-2F98-4322-9FCB-9E29AF605CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{2EE0EA26-E6EC-40CA-8B56-0A99D198905F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{2F95F3C4-7BC0-40FE-BC40-55F559247510}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{330F723A-5724-42DA-A0E6-A8B3EC5AA328}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{34891E6D-236E-43EB-8242-3C698105A427}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{35E84497-5F54-43C6-A833-8B88B9AFB409}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{394356C4-7E83-471C-945D-446CE82D746F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{3CA5D6C9-9498-4343-A981-5F7EFC93B30B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{3CF7EAEB-558C-44D9-AF55-7CDCE29A5115}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |
"{3FBE322A-B184-48CB-9A2D-151065E91518}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{41D7DD66-DF10-444B-8708-C3AEFF09CE1B}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{46BBCC60-F568-4FAF-87A8-74C9D167E861}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe |
"{46CC16BA-77F9-4034-A97E-AB07E7C273A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{4A8B8F6D-2DED-41FA-9054-338FCCEB7B89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty armored princess - demo\kb.exe |
"{4AE63F6F-F8BA-4C44-81D4-BA484B203190}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{4BC12D82-DEFA-40C4-9CB3-E1F9D8F6C3BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\doomsaber\counter-strike source\hl2.exe |
"{4CC554D3-C552-4FE3-B087-62A85D192AE7}" = protocol=6 | dir=in | app=c:\program files (x86)\gameshadow\gameshadow.exe |
"{4D29A139-D16C-48BD-AA60-E34D34DD7F1E}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4F0991DB-B7B0-42A9-A848-2EE6CD09AB16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe |
"{4F85934C-6D5F-4156-B683-19EA2CA3E76F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{4F983D29-C993-451C-A7A7-2BBD203D748F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{5396A2EB-B2E6-4BC7-A888-FB26F780E696}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator demo\avp.exe |
"{540DF118-3636-4298-AC7B-F1585FFFA2DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe |
"{5E070BCC-B95C-40E3-BB8E-64042F77CE86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm |
"{5E1DBA25-4E5D-4AE1-AAB6-897EA2B0602A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{63F06993-C128-49EA-A1FC-ECC01A11EE1F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{64618DD4-C961-4BC9-9AA2-8F4EBE89E0CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{65114DC2-72DC-40AB-BFE4-B1E0175C5B24}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{67CB8A42-E80D-4249-A9AF-585701145A59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{68C5E5C1-1892-4C87-8FF0-0E787483317C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{69BDEC09-6D29-4E72-AC85-7B91A4C845F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\help.htm |
"{6E05AED5-2431-4FD5-8EB4-58B1E1666B24}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6F7D8439-D35C-4448-B2D1-B65FA0B045A5}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{71B3965F-09AF-4097-87F8-EC1F50EE45F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{75556F42-9D02-4B97-ABE9-DB8279B28E83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator demo\avp.exe |
"{79728EA7-40CF-4DED-8625-6C9111EC29FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{7BD71AB1-B921-4090-81EC-1423529B021F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{7E1EFC79-9312-4B0D-9ABD-102DA7B564D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{85B5C6E6-2524-4537-8700-6042A16AD29A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{89C24342-A1CE-4EAC-8656-78441602AFA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\doomsaber\counterstrike source beta\hl2.exe |
"{8A4FA6A6-A7A6-451F-AB7B-0687BB8BD494}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{8C4B9C00-A48C-44AA-83DD-BC7787A3259F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age origins character creator\daoriginslauncher.exe |
"{904F208D-C305-4323-BFB5-9ADFE6A117BC}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{90B9E564-F7BF-49DA-9DE8-9F6312AE08F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{962C1637-4507-4BF4-B43C-10730C4DC9DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm |
"{97455AAC-4653-4BB6-9444-0DC7647CB604}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{97783AA5-6635-435D-99C0-4B2A98E14C93}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{9A858AF8-4BF0-4B9D-A7FC-B3022DAA5D65}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9BCF5E9E-D523-417A-892F-86972566B155}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{9D6222D3-FD7D-4DFB-879A-D2F15B1808E2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9F25AFAF-7539-48BE-85AB-12F87B75C8A9}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A0B4BB97-6A56-4B97-9354-B5C859F04A2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A3143F1C-2EB3-42A7-B0BD-459662C115BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\doomsaber\counter-strike source\hl2.exe |
"{A3FB118B-5A2F-4F23-84D7-9AF7A27C6E30}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{A7859A62-0F14-4A36-BCF5-24CB50D3FA77}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age origins character creator\daoriginslauncher.exe |
"{A838922D-9416-4524-895E-A24B6EEA5D37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{AC198548-F07D-484F-8A8C-F295F307B92F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{AEE0D967-AE75-44B4-B24E-410F419B1AFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{AFDBBDD6-4E7E-4B2F-A5DB-7122C6604C5E}" = protocol=17 | dir=in | app=c:\program files (x86)\gameshadow\gameshadow.exe |
"{B05B43B2-C4B2-4E2D-9A23-FBA5129A31B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe |
"{B4B3B731-31C8-4202-AD93-B771893897CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{B88B0CE2-72E8-4C5D-A278-39A318B26297}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{B95CBDF8-3A4F-4CD7-8AE2-A283AD88BF83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe |
"{BA070E03-6A49-4659-BD3D-2C06347F6A5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{BB98DA34-5C2A-4A2E-9E4F-A290C1F2D009}" = protocol=6 | dir=in | app=c:\program files (x86)\gameshadow\gsdownload.exe |
"{BC7D7F66-3426-48D1-8FB2-0A4280813409}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{BCA78748-E41A-471D-8C6A-015FB15EB3A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{BF1388D5-E78C-4803-A4EA-D32A9A87D79C}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{C0B92392-8ABA-433A-99EE-E7D64A07415D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{C0FC5AFF-79A0-4C78-94E0-213A4CC1F7AE}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C2CC1094-B2C7-45DA-A17F-F7D778B5AAE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe |
"{C44E4F73-FE08-42F4-B9A8-70D8F8D1E028}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C5127BC5-7099-467F-8FDE-BD34D8EA0F04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\doomsaber\counterstrike source beta\hl2.exe |
"{C61DE64A-A866-4459-BE55-17A0D9E09394}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C6F3D477-1C1E-4E90-8DF0-D27EF9A05535}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |
"{CA3E74A8-0970-4241-BA60-6B27CD991D89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{CD9CE1B1-74C3-40B4-AA4E-67A31D4A5760}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loom\loom.exe |
"{D058248C-6658-476E-A896-1AA1BC92E34A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{D1770B8E-2A89-4F33-9ED9-2287E5D24CC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torched\editor.exe |
"{D491DE04-9B45-4B3A-91EC-1F3047188B2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |
"{D4AC3DEF-70FA-4AEE-8858-77759EA9CA35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty armored princess - demo\kb.exe |
"{D61DD462-86EE-4CEF-94A3-1670D8B9A48B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{D9053DB7-ABFA-4C71-BD62-7F70304CB381}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |
"{D9E1ED52-B70C-494D-A970-63E6685BFF8B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA47383A-BEB4-46D0-8136-D2B7CFB73027}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{E1E7A88C-FEB5-4309-BBD6-0E201F7580AE}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{E311F7E3-BD5E-4280-82F0-66526824363F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torched\editor.exe |
"{E431ABFB-F792-44E6-B951-F30CF6D05E79}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{E47696C0-BE88-4DA5-9DEF-018C3122BA6C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{E50834A7-1678-481E-938C-9808F13BA53E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{E5C3F0C8-4832-493D-B797-957DCE8C441E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{EB662DB2-B214-48B7-B123-278A11CFC81B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{EECB5F68-DFEB-4201-BEBC-E9D29185FE70}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{EF11133B-46AC-4C91-9468-B0AA837D5C8B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F6BD0C48-D6D1-4F37-BC02-C806DF53323B}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{FE1280F1-E37E-4263-A07C-93E35087E33B}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"TCP Query User{2D5679C4-D43F-49A7-A071-9E24159EBEDA}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{5AFCEB0F-370B-441A-A700-560370A28523}C:\program files (x86)\namco bandai games\warhammer mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\namco bandai games\warhammer mark of chaos\warhammer.exe |
"TCP Query User{70347A6E-050B-42C5-B51F-606975C55300}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{997AD6F3-C1CD-464C-BE5F-8EC234F1FAD2}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{42ABB691-44DB-4A08-AEBB-C2975F3732BE}C:\program files (x86)\namco bandai games\warhammer mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\namco bandai games\warhammer mark of chaos\warhammer.exe |
"UDP Query User{691F03CC-74DC-4956-962C-B43186230A28}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{846857A2-4459-472F-9DA4-320286BBD4DE}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{B740A6E1-42DC-4490-ADAC-CEB69B720284}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B85B1A3C-E404-44E5-A0E1-C4D0438A49C1}" = Adobe Photoshop Lightroom 2.5 64-bit
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13086F8B-2AA9-4488-BC9C-BB6B912A5524}" = muvee autoProducer 6.1
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26ED4308-E0A5-4AE2-A1BC-7A55BC7DD32C}" = The Silver Lining
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29DBCB14-49ED-4906-A440-CBC27B761051}" = Roxio MyDVD 9 Studio
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35341DF2-7260-44AA-990E-7649C9D3065F}" = Sarmsoft Web Camera
"{3538A04C-DECC-406A-B306-14E07A2F3A74}" = Seagate FreeAgent Theater PC Software
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters (TM): The Video Game
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{42B80790-B68D-40D1-A5A0-531A7DD27D9E}" = Vanguard: Saga of Heroes
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = The Sims™ 3 Create a Pattern Tool
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer Mark of Chaos
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{625304B0-2976-473B-AD81-5CA376093F03}" = Xingtone Ringtone Maker
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6C17A317-0A32-4110-A733-C2CBE46FF405}" = Seagate Thumbnail Creator
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1143087}" = Garden Defense
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DEBE760-F2D0-11DD-6784-0195548618BE}" = GameShadow V3.1
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB50B88D-1ADB-465A-A08B-DAF9841B6A2A}" = Sound Blaster X-Fi
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD624CE2-CAD5-421C-B845-F29F4A8BA57B}" = World of Goo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Dragon Age: Origins Character Creator
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{fc5a1e66-b305-4e5e-8ade-9bb7a47f9dbe}" = Nero 9
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM_7" = AIM 7
"ALchemy" = Creative ALchemy
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Any Audio Converter_is1" = Any Audio Converter 2.0.3
"AudioCS" = Creative Audio Control Panel
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"COH" = City of Villains/City of Heroes (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative Diagnostics
"Download Manager" = Download Manager 2.3.10
"Duke Nukem 3D HRP" = Duke Nukem 3D HRP V 4.0 (321)
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Fake Webcam_is1" = Fake Webcam 6.1.3
"FreeStar Free Video Converter" = FreeStar Free Video Converter 8.0.7
"Guild Wars" = Guild Wars
"Host OpenAL" = Host OpenAL
"InstallShield_{35341DF2-7260-44AA-990E-7649C9D3065F}" = Sarmsoft Web Camera
"InstallShield_{3538A04C-DECC-406A-B306-14E07A2F3A74}" = Seagate FreeAgent Theater PC Software
"InstallShield_{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters (TM): The Video Game
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Neo Steam" = Neo Steam : The Shattered Continent
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PowerISO" = PowerISO
"PrettyIconMaker_is1" = PrettyIconMaker 1.5
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Registry Mechanic_is1" = Registry Mechanic 9.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"sp40994" = sp40994
"sp40995" = sp40995
"sp43111" = sp43111
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Station Launcher" = Station Launcher
"Steam App 11450" = Overlord
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12710" = Overlord - Raising Hell
"Steam App 12810" = Overlord II
"Steam App 16810" = Sid Meier's Civilization IV: Colonization
"Steam App 17460" = Mass Effect
"Steam App 18110" = Shattered Horizon
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
"Steam App 31180" = Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay
"Steam App 31190" = Tales of Monkey Island: Chapter 3 - Lair of the Leviathan
"Steam App 31200" = Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood
"Steam App 31210" = Tales of Monkey Island: Chapter 5 - Rise of the Pirate God
"Steam App 3190" = King's Bounty: Armored Princess - Demo
"Steam App 32310" = Indiana Jones and the Last Crusade
"Steam App 32340" = LOOM
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 32410" = Lucidity
"Steam App 34200" = Aliens vs Predator Demo
"Steam App 35700" = Trine
"Steam App 3592" = Plants Vs Zombies Demo
"Steam App 3830" = Psychonauts
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 3990" = Sid Meier's Civilization IV: Warlords
"Steam App 400" = Portal
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41500" = Torchlight
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 6010" = Indiana Jones and the Fate of Atlantis
"Steam App 6040" = The Dig
"Steam App 630" = Alien Swarm
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 8980" = Borderlands
"SystemRequirementsLab" = System Requirements Lab
"Tomb Raider: Legend" = Tomb Raider: Legend 1.1
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VLC media player" = VLC media player 1.0.5
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"WaveStudio 7" = Creative WaveStudio 7
"Webcam Simulator_is1" = Webcam Simulator 6.3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/4/2010 6:41:41 PM | Computer Name = RitchieLe-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/4/2010 6:41:41 PM | Computer Name = RitchieLe-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/4/2010 6:41:41 PM | Computer Name = RitchieLe-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 9/4/2010 6:42:06 PM | Computer Name = RitchieLe-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/4/2010 6:42:06 PM | Computer Name = RitchieLe-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/4/2010 6:47:20 PM | Computer Name = RitchieLe-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/4/2010 6:49:04 PM | Computer Name = RitchieLe-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 9/4/2010 6:49:04 PM | Computer Name = RitchieLe-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 9/4/2010 6:49:05 PM | Computer Name = RitchieLe-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero Recode\Recode.exe.Manifest".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 9/4/2010 6:49:05 PM | Computer Name = RitchieLe-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero Recode\Recode.exe.Manifest".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

[ Media Center Events ]
Error - 10/22/2009 1:26:26 PM | Computer Name = RitchieLe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/4/2010 6:38:13 PM | Computer Name = RitchieLe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/4/2010 6:38:40 PM | Computer Name = RitchieLe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/4/2010 6:39:06 PM | Computer Name = RitchieLe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/4/2010 6:39:34 PM | Computer Name = RitchieLe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/4/2010 6:40:00 PM | Computer Name = RitchieLe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/4/2010 6:40:26 PM | Computer Name = RitchieLe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/4/2010 6:40:53 PM | Computer Name = RitchieLe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/4/2010 6:41:19 PM | Computer Name = RitchieLe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/4/2010 6:41:46 PM | Computer Name = RitchieLe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/4/2010 6:42:06 PM | Computer Name = RitchieLe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >

Hi,

GameShadow <--This could be a problem, did you install it ?


Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )







Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

I installed Gameshadow but it appears to have errors recently.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4546

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/4/2010 8:11:37 PM
mbam-log-2010-09-04 (20-11-37).txt

Scan type: Quick scan
Objects scanned: 146678
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Post a new DDS log please and let me know how things are running now ?

Below is my DDS log:



DDS (Ver_10-03-17.01) - NTFSX64
Run by Ritchie Le at 10:04:38.61 on Sun 09/05/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6142.4126 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Seagate\FreeAgent_Theater\Sync\MediaAggreService.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Seagate\FreeAgent_Theater\Sync\MediaSync.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\GameShadow\GameShadow.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Registry Mechanic\RMTray.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Seagate\FreeAgent_Theater\AgrregationStatus\stxmediamenumgr.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ritchie Le\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Power2GoExpress] NA
uRun: [GameShadow] c:\program files (x86)\gameshadow\GameShadow.exe /q
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
uRun: [EA Core] "c:\program files (x86)\electronic arts\eadm\Core.exe" -silent
uRun: [Google Update] "c:\users\ritchie le\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [igndlm.exe] c:\program files (x86)\download manager\DLM.exe /windowsstart /startifwork
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [RegistryMechanic] c:\program files (x86)\registry mechanic\RMTray.exe /H
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [VolPanel] "c:\program files (x86)\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] "c:\program files (x86)\poweriso\PWRISOVM.EXE"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [MaxMenuMgr] "c:\program files (x86)\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [RoxWatchTray] "c:\program files (x86)\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [FreeAgentTheaterTrayIcon] "c:\program files (x86)\seagate\freeagent_theater\agrregationstatus\StxMediaMenuMgr.exe"
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SSDMonitor] "c:\program files (x86)\common files\pc tools\smonitor\SSDMonitor.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\ritchi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\users\ritchi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\ritchi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\sonici~1.lnk - c:\users\ritchie le\appdata\local\temp\vies4037\Setup.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files (x86)\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton internet security\engine\16.8.0.41\CoIEPlg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-10-8 53488]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1008000.029\SymEFA64.sys [2010-2-2 402992]
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\nisx64\1008000.029\BHDrvx64.sys [2010-2-2 334384]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1008000.029\cchpx64.sys [2010-2-2 583296]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100805.004\IDSviA64.sys [2010-8-5 463408]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 FreeAgentTheater Service;Seagate FreeAgent Theater;c:\program files (x86)\seagate\freeagent_theater\sync\MediaAggreService.exe [2009-7-9 169256]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2008-9-9 198240]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-2 117640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\common files\pc tools\smonitor\StartManSvc.exe [2010-5-3 632792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-9-20 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 132656]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-5-6 639512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-6-5 136176]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2009-6-17 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-6-17 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\MT6Licensing.exe [2009-6-17 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-2-26 1038088]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nisx64\1008000.029\symndisv.sys [2010-2-2 56880]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-6-1 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-09-05 02:55:13 0 d-----w- C:\_OTL
2010-08-28 23:24:15 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-27 20:49:11 0 d-----r- c:\program files (x86)\Sd
2010-08-23 00:59:10 0 d-----w- c:\program files (x86)\NAMCO BANDAI Games
2010-08-22 06:10:14 0 d-----w- c:\users\ritchie le\Tracing
2010-08-22 06:09:18 0 d-----w- c:\program files (x86)\Microsoft
2010-08-22 06:09:05 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-08-22 06:04:19 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-08-22 06:00:18 0 d-----w- c:\program files (x86)\Fake Webcam
2010-08-22 06:00:18 0 d-----w- c:\program files (x86)\common files\fwc
2010-08-22 05:58:51 0 d-----w- c:\program files (x86)\Webcam Simulator2
2010-08-22 05:37:18 0 d-----w- c:\program files (x86)\common files\wcs
2010-08-22 05:37:17 0 d-----w- c:\program files (x86)\Webcam Simulator
2010-08-22 05:24:28 0 d-----w- c:\program files (x86)\Sarm Software
2010-08-20 02:21:15 0 d-----w- C:\fishes
2010-08-17 14:41:29 0 d-----w- C:\nes
2010-08-13 11:00:57 0 d-----w- c:\programdata\LightScribe
2010-08-13 10:42:26 0 d-----w- c:\program files (x86)\Nero
2010-08-13 10:42:07 0 d-----w- c:\programdata\Nero
2010-08-12 03:43:13 0 d-----w- c:\programdata\AIM
2010-08-12 03:43:11 0 d-----w- c:\program files (x86)\AIM
2010-08-12 03:43:10 0 d-----w- c:\program files (x86)\common files\Software Update Utility
2010-08-12 03:43:09 0 d-----w- c:\program files (x86)\common files\AOL
2010-08-12 03:43:02 361 ---ha-w- C:\IPH.PH
2010-08-11 08:47:16 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-08-10 19:50:53 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-10 19:50:49 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-10 19:50:49 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-10 19:50:45 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-10 19:50:43 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-10 19:50:43 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-10 19:50:17 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-10 19:50:15 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe

==================== Find3M ====================

2010-09-05 17:00:46 108418 ----a-w- c:\programdata\nvModes.dat
2010-07-27 02:34:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-04 03:51:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-04 03:51:05 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-04 03:51:05 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-30 18:28:25 136931926 ----a-w- c:\users\ritchie le\TS3CAP_767618.exe
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-18 01:22:52 15803792 ----a-w- c:\users\ritchie le\oly_updater_win.exe
2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:38:10 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2009-11-18 21:00:03 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-14 03:30:36 22 --sha-w- c:\windows\sminst\HPCD.sys
2010-05-08 21:15:50 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-09-09 19:59:53 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:06:31.71 ===============




My computer is workin' fine right now. lt did loaded the net a little slow yesterday, but that could be because the computer did not go online for a week, therefore the temp net files were deleted.

It looks like it is moving alright

Great :bigthumb:

I will leave this thread open for you for about 4 days or so, if you still have issues than post back and we can dig deeper if need be.


How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

WinPatrol (www.winpatrol.com/download.html) Keep this fine program activated to block a lot of threats

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



Safe Surfn
Ken

Since issue appears resolved this topic will be closed