Solved Hkey registry issues

langsa · 2010/06/28

[Resolved] Hkey registry issues

Hi, my name is Samantha. I downloaded Spyware Doctor, being unaware that it only scans for problems, and that you must pay for the full version in order to remove them. It found many problems, but only an isolated few are out of my usual reach. Instead of buying Spyware Doctor in full and allowing it to remove the trojans in my hkey registry, is it possible to remove the following threats manually?

Here is a screenshot of the list of hkey trojan problems Spyware Doctor detected:

Here is the DDS.txt log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by langsa at 18:41:07.60 on Mon 06/28/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\SLsvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\Hpservice.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Users\langsa\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ThreatFire\TFGui.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\System32\mobsync.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wuauclt.exe
C:\Users\langsa\dds.scr
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Bioscrypt
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\svchost.exe -k HPService

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\langsa\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RegistryMechanic] c:\program files\registry mechanic\rmtray.exe /S
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe "
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\program files\hewlett-packard\hp webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\hp webcam" updatewithcreateonce "software\cyberlink\hp webcam\1.0 "
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe "
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: DeviceNP - DeviceNP.dll
AppInit_DLLs: c:\windows\system32\apshook.dll c:\windows\system32\avgrsstx.dll c:\windows\system32\APSHook.dll APSHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

================= FIREFOX ===================

FF - ProfilePath - c:\users\langsa\appdata\roaming\mozilla\firefox\profiles\5gidxkas.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\langsa\appdata\roaming\mozilla\firefox\profiles\5gidxkas.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\langsa\appdata\roaming\mozilla\firefox\profiles\5gidxkas.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\langsa\appdata\roaming\mozilla\firefox\profiles\5gidxkas.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\FFExternalAlert.dll
FF - component: c:\users\langsa\appdata\roaming\mozilla\firefox\profiles\5gidxkas.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ksolo\npAVX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\langsa\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\langsa\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\langsa\documents\sparkplay media\sparkplayer (beta)\npSparkPlayerNS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R? 0213001251130747mcinstcleanup;McAfee Application Installer Cleanup (0213001251130747)
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? DAMDrv;DAMDrv
R? FLCDLOCK;HP ProtectTools Device Locking / Auditing
R? FontCache;Windows Font Cache Service
R? gupdate;Google Update Service (gupdate)
R? HP ProtectTools Service;HP ProtectTools Service
R? npggsvc;nProtect GameGuard Service
R? RoxMediaDB10;RoxMediaDB10
R? sdCoreService;PC Tools Security Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? accoca;ActivClient Middleware Service
S? ASBroker;Logon Session Broker
S? ASChannel;Local Communication Channel
S? ATService;AuthenTec Fingerprint Service
S? avg9emc;AVG Free E-mail Scanner
S? avg9wd;AVG Free WatchDog
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? AvgTdiX;AVG Free8 Network Redirector
S? Browser Defender Update Service;Browser Defender Update Service
S? btwl2cap;Bluetooth L2CAP Service
S? HpFkCryptService;Drive Encryption Service
S? HPFSService;File Sanitizer for HP ProtectTools
S? hpsrv;HP Service
S? NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
S? PCTCore;PCTools KDS
S? PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service
S? pdfcDispatcher;PDF Document Manager
S? regi;regi
S? RsvLock;RsvLock
S? SafeBoot;SafeBoot
S? SbAlg;SbAlg
S? SbFsLock;SbFsLock
S? sdAuxService;PC Tools Auxiliary Service
S? TfFsMon;TfFsMon
S? TfNetMon;TfNetMon
S? TfSysMon;TfSysMon
S? ThreatFire;ThreatFire

=============== Created Last 30 ================

2010-06-28 22:34:18 525824 ----a-w- c:\users\langsa\dds.scr
2010-06-28 21:52:54 64030 ----a-w- c:\users\langsa\trojan hkey issues.png
2010-06-28 21:35:29 15374248 ----a-w- c:\users\langsa\sdstart.exe
2010-06-28 21:07:31 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-06-28 21:05:23 40448 ----a-w- c:\windows\system32\winrs.exe
2010-06-28 21:05:23 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-06-28 21:05:23 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-06-28 21:05:11 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2010-06-28 21:05:11 10240 ----a-w- c:\windows\system32\winrssrv.dll
2010-06-28 21:04:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2010-06-28 21:04:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2010-06-28 21:04:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2010-06-28 21:04:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2010-06-28 21:04:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2010-06-28 21:04:53 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2010-06-28 21:04:05 4675 ----a-w- c:\windows\system32\wsmanconfig_schema.xml
2010-06-28 21:04:05 2426 ----a-w- c:\windows\system32\WsmTxt.xsl
2010-06-28 21:04:05 201184 ----a-w- c:\windows\system32\winrm.vbs
2010-06-28 21:03:55 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2010-06-28 21:03:55 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2010-06-28 21:03:54 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2010-06-28 21:03:54 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2010-06-28 21:03:54 241152 ----a-w- c:\windows\system32\winrscmd.dll
2010-06-28 21:03:52 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-06-28 18:15:32 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-28 18:15:31 882 ----a-w- c:\windows\RegSDImport.xml
2010-06-28 18:15:31 879 ----a-w- c:\windows\RegISSImport.xml
2010-06-28 18:15:30 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-28 18:15:30 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-06-28 18:15:30 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-28 18:15:30 131 ----a-w- c:\windows\IDB.zip
2010-06-28 18:15:30 1152444 ----a-w- c:\windows\UDB.zip
2010-06-28 18:10:46 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-06-28 18:10:46 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-28 18:10:46 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-06-28 18:10:00 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-28 18:10:00 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-06-28 18:10:00 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-06-28 18:10:00 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-28 18:08:56 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-06-28 18:08:56 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-28 18:08:29 0 d-----w- c:\users\langsa\appdata\roaming\PC Tools
2010-06-28 18:08:29 0 d-----w- c:\program files\Spyware Doctor
2010-06-28 17:59:19 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-06-28 17:59:19 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-06-28 17:59:19 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-06-28 17:59:17 0 d-----w- c:\programdata\PC Tools
2010-06-28 17:59:17 0 d-----w- c:\program files\ThreatFire
2010-06-28 17:48:41 262144 ---ha-w- c:\users\langsa\S-1-5-21-2841127670-2781909849-4267527183-1004.rrr.LOG1
2010-06-28 17:48:41 0 ---ha-w- c:\users\langsa\S-1-5-21-2841127670-2781909849-4267527183-1004.rrr.LOG2
2010-06-24 22:01:08 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 22:01:08 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 22:01:08 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 22:01:08 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 22:01:08 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 23:42:03 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 23:42:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-21 04:16:52 922400 ----a-w- c:\users\langsa\jre-6u20-windows-i586-iftw-rv.exe
2010-06-21 03:18:21 6294825 ----a-w- c:\users\langsa\lugia's theme
2010-06-21 00:15:14 0 d-----w- c:\users\langsa\JavaRa
2010-06-20 23:55:05 71798 ----a-w- c:\users\langsa\JavaRa.zip
2010-06-20 13:00:27 6547 ----a-w- C:\WirelessDiagLog.csv
2010-06-19 16:13:37 18810765 ----a-w- c:\users\langsa\YouTube - Ultrasound.flv
2010-06-19 04:45:08 0 d-----w- c:\users\langsa\appdata\roaming\Intel
2010-06-19 04:40:57 0 d-----w- c:\program files\Cisco
2010-06-19 04:40:51 0 d-----w- c:\program files\common files\Intel
2010-06-19 04:40:48 0 d-----w- c:\programdata\Intel
2010-06-18 20:18:21 1125284 ----a-w- c:\users\langsa\100_3333.JPG
2010-06-18 20:18:16 762531 ----a-w- c:\users\langsa\100_3331.JPG
2010-06-15 22:34:44 2672312 ----a-w- c:\users\langsa\esetsmartinstaller_enu.exe
2010-06-15 22:09:37 1847 ------w- c:\windows\hpwmdl23.dat.temp
2010-06-15 21:48:41 0 d-----w- c:\programdata\HP Product Assistant
2010-06-15 21:43:36 0 d-----w- c:\windows\hpoj6500e709
2010-06-15 21:27:54 0 d-----w- c:\program files\common files\HP
2010-06-15 21:27:52 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-06-15 21:26:14 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-06-15 21:26:05 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2010-06-15 21:25:40 966656 ----a-w- c:\windows\system32\hpwtiop4.dll
2010-06-15 21:25:40 741376 ----a-w- c:\windows\system32\hpwwiax5.dll
2010-06-15 21:25:40 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2010-06-15 21:25:40 294912 ----a-w- c:\windows\system32\hpovst11.dll
2010-06-15 21:22:00 186624 ----a-w- c:\windows\hpwins23.dat
2010-06-15 21:21:31 0 d-----w- c:\programdata\HP
2010-06-15 20:53:34 15416 ----a-w- c:\windows\system32\HPMDPCoInst10.dll
2010-06-15 20:53:24 26168 ----a-w- c:\windows\system32\SETBCDF.tmp
2010-06-15 20:53:18 15416 ----a-w- c:\windows\system32\SETC9BD.tmp
2010-06-15 20:53:12 33848 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2010-06-15 17:45:41 96082 ----a-w- c:\users\langsa\harrison hotness2.jpg
2010-06-14 02:56:49 0 d-----w- c:\users\langsa\appdata\roaming\Facebook
2010-06-14 02:56:22 1990728 ----a-w- c:\users\langsa\Install_Facebook_Plug-In_1.0.3.exe
2010-06-14 02:48:27 18459 ----a-w- c:\users\langsa\sha-sha2.jpg
2010-06-14 02:40:45 14016 ----a-w- c:\users\langsa\sha-sha.jpg
2010-06-14 01:26:29 125603 ----a-w- c:\users\langsa\viper-snake-zoom.jpg
2010-06-14 01:14:05 239455 ----a-w- c:\users\langsa\heavens_orion_nebula.png
2010-06-13 04:38:43 100010 ----a-w- c:\users\langsa\Helix-nebula.jpg
2010-06-13 04:38:11 125298 ----a-w- c:\users\langsa\Orion_Nebula_1200.jpg
2010-06-13 04:35:17 230024 ----a-w- c:\users\langsa\orion-full-825x2011.jpg
2010-06-12 15:52:12 4066743 ----a-w- c:\users\langsa\PVPGurl-If_You_Could_Be_Nyhm_Nation_Gigi_and_Demineon.mp3
2010-06-12 01:00:17 21799978 ----a-w- c:\users\langsa\YouTube - octopus steals my video camera and swims off with it (while it's Recording).flv
2010-06-11 04:45:07 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-09 14:49:31 75349 ----a-w- c:\users\langsa\fffffffuuuuu firefox.png
2010-06-08 21:30:43 30512 ----a-w- c:\users\langsa\fffffffuuuuu.gif
2010-06-06 03:01:39 314897 ----a-w- c:\users\langsa\Trilobabe sm.jpg
2010-06-04 18:06:29 0 d-----w- c:\users\langsa\devrydocuments
2010-06-04 18:01:35 16065852 ----a-w- c:\users\langsa\devrydocuments.zip
2010-06-04 03:59:41 28202 ----a-w- c:\users\langsa\YTMND Fads - Soundpack - SoundPack DB2.mp3
2010-06-04 03:05:43 0 d-----w- c:\programdata\Messenger Plus!
2010-06-04 03:04:24 0 d-----w- c:\program files\Messenger Plus! Live
2010-06-04 03:02:50 4852120 ----a-w- c:\users\langsa\MsgPlusLive-484.exe

==================== Find3M ====================

2010-06-28 21:32:22 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-28 21:32:22 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-28 21:32:16 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-15 20:53:28 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2010-06-02 13:57:44 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-28 02:32:58 245936 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-28 02:31:32 165160 ----a-w- c:\windows\system32\SETE313.tmp
2010-05-28 02:31:28 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2010-05-28 02:31:26 173352 ----a-w- c:\windows\system32\SETE9E9.tmp
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 05:42:28 1185512 ----a-w- c:\users\langsa\kSolo_Install1_2_1_41FF.exe
2010-05-01 05:32:35 53248 ----a-w- c:\users\langsa\lametritonus_en.dll
2010-05-01 05:32:34 162304 ----a-w- c:\users\langsa\lame_enc_en.dll
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-22 00:44:29 818200 ----a-w- c:\users\langsa\RealPlayerSPGold.exe
2010-04-05 17:01:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-05 14:42:42 675840 ----a-w- c:\windows\system32\NETw5c32.dll
2009-11-01 05:50:58 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-16 12:56:57 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-02 19:20:48 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-09-02 19:20:48 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-09-02 19:20:48 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-09-02 19:20:48 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-10-23 20:21:11 245760 --sha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat
2009-09-27 04:53:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092720090928\index.dat
2009-09-27 04:52:57 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-06-22 09:29:30 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 19:34:07.21 ===============

And here is the Attach.txt log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2009 6:43:08 AM
System Uptime: 6/27/2010 8:58:01 PM (23 hours ago)

Motherboard: Hewlett-Packard | | 3074

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
7-Zip 4.65
AAC Decoder
AbiWord 2.6.8
AbiWord Tools Plugins
ActivClient 6.1 x86
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe ConnectNow Add-in
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AtualizaÃ§Ã£o do produto Microsoft Office Excel 2007 Help (KB963678)
AtualizaÃ§Ã£o do produto Microsoft Office Outlook 2007 Help (KB963677)
AtualizaÃ§Ã£o do produto Microsoft Office Powerpoint 2007 Help (KB963669)
AtualizaÃ§Ã£o do produto Microsoft Office Word 2007 Help (KB963665)
Audacity 1.3.10 (Unicode)
AuthenTec Fingerprint System
AutoUpdate
AVATAR Interactive Desktop
AVG Free 9.0
BIOS Configuration for HP ProtectTools
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Defender 2.0.6.15
BufferChm
CamStudio
CamStudio Lossless Codec v1.4
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Credential Manager for HP ProtectTools
Debut Video Capture Software
Destination Component
Device Access Manager for HP ProtectTools
DeviceDiscovery
DFX for Windows Media Player
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocMgr
DocProc
Drive Encryption for HP ProtectTools
ESET Online Scanner v3
ESU for Microsoft Vista SP1
Fable - The Lost Chapters
Facebook Plug-In
Fax
File Sanitizer For HP ProtectTools
GIMP 2.6.8
Google Chrome
Google Earth
Google Gmail Notifier
Google Update Helper
GPBaseService2
Guitar and Drum Trainer v4
H.264 Decoder
Halo Combat Evolved
Halo Server
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP 3D DriveGuard
HP Active Support Library
HP Common Access Service Library
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Help and Support
HP Imaging Device Functions 12.0
HP Integrated Module with Bluetooth wireless technology
HP JavaCard for HP ProtectTools
HP Mobile Broadband Setup Utility
HP Officejet 6500 E709 Series
HP Product Detection
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons
HP QuickLook 2
HP Smart Web Printing
HP Software Setup 5.00.A.9
HP Solution Center 12.0
HP Total Care Advisor
HP Update
HP User Guides 0136
HP Wallpaper
HP Webcam
HP Webcam Driver
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
InterVideo WinDVD 8
iPhone Configuration Utility
Java Auto Updater
Java(TM) 6 Update 20
kSolo Recorder
LightScribe System Software
Livestream Procaster
Macromedia Fireworks MX 2004
Malwarebytes' Anti-Malware
MarketResearch
Marvell Miniport Driver
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Halo Custom Edition
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007 Help ActualizaciÃ³n (KB963678)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Outlook 2007 Help ActualizaciÃ³n (KB963677)
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help ActualizaciÃ³n (KB963669)
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word 2007 Help ActualizaciÃ³n (KB963665)
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mise Ã jour Microsoft Office Excel 2007 Help (KB963678)
Mise Ã jour Microsoft Office Outlook 2007 Help (KB963677)
Mise Ã jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise Ã jour Microsoft Office Word 2007 Help (KB963665)
MKV Splitter
Mozilla Firefox (3.6.2)
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
Network
NirSoft BlueScreenView
OCR Software by I.R.I.S. 12.0
PDF Complete
Portal
Prism Video Converter
ProductContext
pugclean 1.0
QuickTime
RealPlayer
RealUpgrade 1.0
Registry Mechanic 9.0
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Business
Roxio Creator Business v10
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD
Scan
SecondLife (remove only)
SecondLifeBetaViewer (remove only)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB982135)
Shop for HP Supplies
Skins
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
SoundMAX
Sparkplayer (Beta)
SPOREâ„¢
Spyware Doctor 7.0
Status
Steam
SUPER © Version 2010.bld.37 (Jan 2, 2010)
Synaptics Pointing Device Driver
System Requirements Lab
ThreatFire
Toolbox
TrayApp
Unity Web Player
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb983486)
VC80CRTRedist - 8.0.50727.4053
VideoPad Video Editor
VirtualCloneDrive
Vista Default Settings
Visual C++ 8.0 Runtime Setup Package
WebReg
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WolfQuest

==== End Of File ===========================

broni · 2010/06/28

I strongly suggest, you uninstall Registry Mechanic.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

==================================================================

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

RESTART COMPUTER

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

langsa · 2010/06/29

I ran MalwareBytes as you asked, but it came up blank:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/29/2010 3:16:39 PM
mbam-log-2010-06-29 (15-16-39).txt

Scan type: Quick scan
Objects scanned: 136379
Time elapsed: 1 hour(s), 16 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I tried to run GMER twice, but both times my machine froze and my screen appeared all pixelated. This has happened before, multiple times. It looks like this:

I'm going to uninstall Registry Mechanic, and continue to try to run GMER, unless you think it unwise.

langsa · 2010/06/29

I eventually got GMER to work, but I had to do it in Safe Mode. Here are the results:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-29 21:47:51
Windows 6.0.6002 Service Pack 2
Running: 3jgh10x5.exe; Driver: C:\Users\langsa\AppData\Local\Temp\kwryrpod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x892E02D6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x892E04C8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x892DFF44]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x892E06D0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 209 828BA96C 8 Bytes [D6, 02, 2E, 89, C8, 04, 2E, ...]
.text ntkrnlpa.exe!KeSetEvent + 621 828BAD84 4 Bytes [44, FF, 2D, 89]
.text ntkrnlpa.exe!KeSetEvent + 6E5 828BAE48 4 Bytes [D0, 06, 2E, 89]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74757817] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747AA86D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7475BB22] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7474F695] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747575E9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7474E7CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74788395] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7475DA60] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7474FFFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7474FF61] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747471CF] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [747DCAE2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7477C8D8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7474D968] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [74746853] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7474687E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1692] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74752AD1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e90c248
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0x1E 0xF0 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x24 0x61 0x8D 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD8 0xF5 0x05 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0x1E 0xF0 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x24 0x61 0x8D 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD8 0xF5 0x05 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0x1E 0xF0 0x6C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x24 0x61 0x8D 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD8 0xF5 0x05 0x25 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00247e90c248 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0x1E 0xF0 0x6C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x24 0x61 0x8D 0x2F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD8 0xF5 0x05 0x25 ...

---- EOF - GMER 1.0.15 ----

I got rid of Daemon Tools some time ago. I wonder why it's still causing issues?

broni · 2010/06/29

Probably some leftovers.
Don't worry too much about it.
Also, don't take Spyware Doctor too seriously, especially when it comes to registry entries.
So far, things look good, but we'll keep checking.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

langsa · 2010/06/29

My machine froze and did the pixelated screen maneuver when I tried to run ComboFix normally. So I ran it in Safe Mode, as an administrator, but ComboFix's command prompt screen still gave me messages about not being able to perform certain functions. Let me know if I should try to run it again in normal Windows. Here's the log as it turned out in Safe Mode:

ComboFix 10-06-29.03 - langsa 06/29/2010 23:40:42.2.2 - x86 NETWORK
Microsoft® Windows Vistaâ„¢ Business 6.0.6002.2.1252.1.1033.18.2041.1593 [GMT -4:00]
Running from: c:\users\langsa\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\langsa\7z465.exe
c:\users\langsa\abiword-plugins-tools-2.6.8.exe
c:\users\langsa\dds.scr
c:\users\langsa\esetsmartinstaller_enu.exe
c:\users\langsa\GmailInstaller.exe
c:\users\langsa\googletalk-setup.exe
c:\users\langsa\GrandChase_Install.exe
c:\users\langsa\kSolo_Install1_2_1_41FF.exe
c:\users\langsa\lame_enc_en.dll
c:\users\langsa\lametritonus_en.dll
c:\users\langsa\Second_Life_1-23-5-136262_Setup.exe
c:\users\langsa\SetupVirtualCloneDrive5440.exe
c:\users\langsa\Super_Chuck_Norris_Bros._Demo.exe
c:\users\langsa\SUPERsetup.exe
c:\users\langsa\tg74pluginsetup.exe
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-30 03:51 . 2010-06-30 03:51 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-30 03:51 . 2010-06-30 03:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-30 03:51 . 2010-06-30 03:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-30 03:38 . 2010-06-30 03:39 -------- d-----w- C:\32788R22FWJFW
2010-06-29 18:42 . 2010-06-29 18:43 293376 ----a-w- c:\users\langsa\3jgh10x5.exe
2010-06-29 18:29 . 2010-06-29 18:30 34651584 ----a-w- c:\users\langsa\sp48843.exe
2010-06-29 18:23 . 2009-02-06 10:32 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-06-29 18:20 . 2010-06-29 18:21 13960488 ----a-w- c:\users\langsa\Synaptics_v14_0_3_C_XP32_Vista32_Win7-32_Signed_default.exe
2010-06-29 04:36 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-06-29 04:36 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-06-29 04:11 . 2010-06-29 04:11 -------- d-----w- C:\d0e0f61f2b73e93308
2010-06-28 21:35 . 2010-06-28 21:42 15374248 ----a-w- c:\users\langsa\sdstart.exe
2010-06-28 21:07 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-06-28 21:05 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-06-28 21:05 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-06-28 21:05 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2010-06-28 21:05 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2010-06-28 21:05 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2010-06-28 21:04 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2010-06-28 21:04 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2010-06-28 21:04 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2010-06-28 21:04 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2010-06-28 21:04 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2010-06-28 21:04 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2010-06-28 21:04 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2010-06-28 21:03 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2010-06-28 21:03 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2010-06-28 21:03 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2010-06-28 21:03 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2010-06-28 21:03 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2010-06-28 21:03 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-06-28 18:15 . 2010-01-27 17:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-28 18:15 . 2010-01-22 12:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-28 18:15 . 2010-01-22 12:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-28 18:15 . 2010-01-22 12:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-06-28 18:15 . 2009-10-28 04:36 1152444 ----a-w- c:\windows\UDB.zip
2010-06-28 18:15 . 2008-11-26 15:08 131 ----a-w- c:\windows\IDB.zip
2010-06-28 18:10 . 2010-02-05 13:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-06-28 18:10 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-28 18:10 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-28 18:10 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-28 18:08 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-28 18:08 . 2010-06-28 22:48 -------- d-----w- c:\program files\Spyware Doctor
2010-06-28 18:08 . 2010-06-28 18:08 -------- d-----w- c:\users\langsa\AppData\Roaming\PC Tools
2010-06-28 17:59 . 2010-01-14 20:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-06-28 17:59 . 2010-01-14 20:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-06-28 17:59 . 2010-01-14 20:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-06-28 17:59 . 2010-06-28 18:08 -------- d-----w- c:\programdata\PC Tools
2010-06-28 17:59 . 2010-06-28 17:59 -------- d-----w- c:\program files\ThreatFire
2010-06-24 22:01 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 22:01 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 22:01 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 22:01 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 22:01 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 23:42 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 23:42 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 04:16 . 2010-06-21 04:17 922400 ----a-w- c:\users\langsa\jre-6u20-windows-i586-iftw-rv.exe
2010-06-21 00:15 . 2010-06-21 00:15 -------- d-----w- c:\users\langsa\JavaRa
2010-06-20 23:55 . 2010-06-20 23:55 71798 ----a-w- c:\users\langsa\JavaRa.zip
2010-06-19 04:50 . 2010-06-19 05:21 -------- d-----w- c:\users\langsa\AppData\Roaming\Hewlett-Packard
2010-06-19 04:45 . 2010-06-19 04:45 -------- d-----w- c:\users\langsa\AppData\Roaming\Intel
2010-06-19 04:40 . 2010-06-19 04:40 -------- d-----w- c:\program files\Cisco
2010-06-19 04:40 . 2010-06-19 04:40 -------- d-----w- c:\program files\Common Files\Intel
2010-06-19 04:40 . 2010-06-19 04:40 -------- d-----w- c:\programdata\Intel
2010-06-17 03:02 . 2010-06-17 03:02 -------- d-----w- c:\users\langsa\AppData\Local\Cyberlink
2010-06-15 21:48 . 2010-06-15 21:48 -------- d-----w- c:\programdata\HP Product Assistant
2010-06-15 21:43 . 2010-06-15 21:43 -------- d-----w- c:\windows\hpoj6500e709
2010-06-15 21:37 . 2008-08-12 14:58 314880 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp082.dll
2010-06-15 21:27 . 2010-06-15 21:27 -------- d-----w- c:\program files\Common Files\HP
2010-06-15 21:27 . 2010-06-15 21:27 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-06-15 21:26 . 2008-08-22 12:24 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-06-15 21:26 . 2008-08-12 14:58 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2010-06-15 21:25 . 2008-10-06 19:11 741376 ----a-w- c:\windows\system32\hpwwiax5.dll
2010-06-15 21:25 . 2008-10-06 19:11 966656 ----a-w- c:\windows\system32\hpwtiop4.dll
2010-06-15 21:25 . 2007-07-09 18:13 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2010-06-15 21:25 . 2007-07-06 18:48 294912 ----a-w- c:\windows\system32\hpovst11.dll
2010-06-15 21:22 . 2010-06-15 22:11 186624 ----a-w- c:\windows\hpwins23.dat
2010-06-15 21:21 . 2010-06-15 22:02 -------- d-----w- c:\programdata\HP
2010-06-15 20:53 . 2010-06-15 20:53 15416 ----a-w- c:\windows\system32\HPMDPCoInst10.dll
2010-06-15 20:53 . 2010-06-15 20:53 33848 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2010-06-14 02:56 . 2010-06-14 02:56 50354 ----a-w- c:\users\langsa\AppData\Roaming\Facebook\uninstall.exe
2010-06-14 02:56 . 2010-06-14 02:56 -------- d-----w- c:\users\langsa\AppData\Roaming\Facebook
2010-06-14 02:56 . 2010-06-14 02:56 1990728 ----a-w- c:\users\langsa\Install_Facebook_Plug-In_1.0.3.exe
2010-06-12 04:01 . 2010-06-29 19:00 0 ----a-w- c:\users\langsa\AppData\Local\prvlcl.dat
2010-06-11 04:45 . 2010-06-11 04:44 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\langsa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-06-04 18:06 . 2010-06-08 22:21 -------- d-----w- c:\users\langsa\devrydocuments
2010-06-04 18:01 . 2010-06-04 18:08 16065852 ----a-w- c:\users\langsa\devrydocuments.zip
2010-06-04 03:05 . 2010-06-04 03:23 -------- d-----w- c:\programdata\Messenger Plus!
2010-06-04 03:04 . 2010-06-18 17:53 -------- d-----w- c:\program files\Messenger Plus! Live
2010-06-04 03:02 . 2010-06-04 03:03 4852120 ----a-w- c:\users\langsa\MsgPlusLive-484.exe
2010-06-02 13:57 . 2010-06-02 13:57 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 13:57 . 2010-06-02 13:57 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 00:18 . 2009-12-14 14:49 1356 ----a-w- c:\users\langsa\AppData\Local\d3d9caps.dat
2010-06-29 19:26 . 2009-08-08 10:41 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-29 18:31 . 2010-06-29 18:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-29 18:13 . 2010-06-29 18:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-29 17:52 . 2009-12-14 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 18:16 . 2010-03-25 20:51 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-28 17:15 . 2010-03-25 21:12 -------- d-----w- c:\users\langsa\AppData\Roaming\Registry Mechanic
2010-06-25 22:04 . 2009-06-22 09:57 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 04:09 . 2009-06-22 09:51 -------- d-----w- c:\programdata\PDFC
2010-06-20 12:47 . 2009-06-22 09:53 -------- d-----w- c:\programdata\Microsoft Help
2010-06-19 04:51 . 2009-06-22 09:16 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-19 04:40 . 2009-06-22 09:15 -------- d-----w- c:\program files\Intel
2010-06-15 21:47 . 2009-06-22 10:05 -------- d-----w- c:\program files\HP
2010-06-15 20:53 . 2008-08-27 16:52 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2010-06-15 20:53 . 2009-07-08 18:48 26168 ----a-w- c:\windows\system32\hpservice.exe
2010-06-15 20:53 . 2009-07-08 18:48 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-06-10 22:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 21:19 . 2009-08-16 22:52 -------- d-----w- c:\program files\Google
2010-06-09 04:40 . 2009-11-20 05:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 13:57 . 2009-08-24 16:20 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 13:57 . 2009-08-24 16:20 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 02:31 . 2010-05-28 02:31 165160 ----a-w- c:\windows\system32\SETE313.tmp
2010-05-28 02:31 . 2010-05-28 02:31 165160 ----a-w- c:\windows\system32\SET2FC9.tmp
2010-05-28 02:31 . 2010-05-28 02:31 173352 ----a-w- c:\windows\system32\SETE9E9.tmp
2010-05-28 02:31 . 2010-05-28 02:31 173352 ----a-w- c:\windows\system32\SET5729.tmp
2010-05-26 19:24 . 2010-04-23 18:32 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-26 17:06 . 2010-06-08 21:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-08 21:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 17:07 . 2010-02-12 03:31 -------- d-----w- c:\program files\Steam
2010-05-17 02:13 . 2010-02-12 03:31 -------- d-----w- c:\program files\Common Files\Steam
2010-05-14 21:41 . 2010-05-07 21:08 -------- d-----w- c:\programdata\NCH Software
2010-05-07 21:19 . 2010-05-07 21:07 -------- d-----w- c:\users\langsa\AppData\Roaming\NCH Software
2010-05-07 21:16 . 2010-05-07 21:16 -------- d-----w- c:\programdata\NCH Swift Sound
2010-05-07 21:16 . 2010-05-07 21:16 -------- d-----w- c:\program files\NCH Swift Sound
2010-05-07 21:08 . 2010-05-07 21:07 -------- d-----w- c:\program files\NCH Software
2010-05-07 17:22 . 2010-05-07 17:22 -------- d-----w- c:\users\langsa\AppData\Roaming\com.oskoui-oskoui.avatar
2010-05-07 17:22 . 2010-05-07 17:22 -------- d-----w- c:\program files\AVATAR Interactive Desktop
2010-05-07 17:11 . 2010-05-07 17:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-07 17:09 . 2010-05-07 17:16 38784 ----a-w- c:\users\langsa\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-04 05:59 . 2010-06-08 21:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-08 21:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-08 21:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-08 21:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-08 21:24 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 05:43 . 2010-05-01 05:43 -------- d-----w- c:\program files\kSolo
2010-04-29 19:39 . 2009-12-14 16:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-12-14 16:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:13 . 2010-05-26 14:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-22 00:50 . 2010-04-22 00:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-22 00:50 . 2010-04-22 00:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-22 00:50 . 2010-04-22 00:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-22 00:50 . 2010-04-22 00:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-22 00:50 . 2010-04-22 00:50 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-22 00:50 . 2010-04-22 00:50 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-22 00:50 . 2010-03-09 22:38 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-22 00:50 . 2010-03-09 22:38 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-22 00:44 . 2010-04-22 00:43 818200 ----a-w- c:\users\langsa\RealPlayerSPGold.exe
2010-04-16 16:43 . 2010-06-23 23:42 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 23:42 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 23:42 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 23:42 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-15 22:49 . 2010-03-05 22:42 1335048 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-04-15 22:05 . 2010-03-30 22:04 439816 ----a-w- c:\users\langsa\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-04-08 20:48 . 2010-03-12 19:35 17160 ----a-w- c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-04-06 21:52 . 2010-04-23 18:32 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_Launch.exe
2010-04-05 17:01 . 2010-06-08 21:24 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-05 14:42 . 2010-04-05 14:42 6630912 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
2010-04-05 14:42 . 2009-03-31 09:26 675840 ----a-w- c:\windows\system32\NETw5c32.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 10:06 . 2010-03-03 04:02 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-03-03 04:02 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-03-03 04:02 216064 --sh--r- c:\windows\System32\nbDX.dll
2009-06-22 09:29 . 2009-06-22 09:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-09 2393376]
"Google Update "= "c:\users\langsa\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-13 133104]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]
"accrdsub "= "c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"PTHOSTTR "= "c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-12 355896]
"CognizanceTS "= "c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"PDF Complete "= "c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"HP Mobile Broadband "= "c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"WirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"File Sanitizer "= "c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-01-14 11223040]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"HPCam_Menu "= "c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"VirtualCloneDrive "= "c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-22 202256]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" [X]

c:\users\langsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
[2010-4-19 503808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-1 789032]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-08-06 22:23 69632 ----a-w- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):f3,d5,07,15,81,25,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-13 216200]
R1 RsvLock;RsvLock; [x]
R2 0213001251130747mcinstcleanup;McAfee Application Installer Cleanup (0213001251130747);c:\users\langsa\AppData\Local\Temp\021300~1.EXE [x]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-03 1185016]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-13 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 135664]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-10-01 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-01-14 77824]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 26168]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-08 777240]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-03-11 29736]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2008-08-06 32256]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2008-08-06 349432]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-02-12 45056]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-15 3042652]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-02 242896]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-04-05 6630912]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Bioscrypt REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
ipripsvc REG_MULTI_SZ iprip
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-09 23:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 23:27]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 23:27]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2841127670-2781909849-4267527183-1004Core.job
- c:\users\langsa\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-13 02:35]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2841127670-2781909849-4267527183-1004UA.job
- c:\users\langsa\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-13 02:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\FFExternalAlert.dll
FF - component: c:\users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\langsa\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\langsa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\langsa\Documents\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 23:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath "= "c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThreatFire]
"AlternateImagePath "=" "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2841127670-2781909849-4267527183-1004\Software\SecuROM\License information*]
"datasecu "=hex:42,ef,06,a8,1a,ee,d3,26,25,f0,e3,3a,f6,1a,70,4c,fc,98,91,5e,6d,
5c,bd,ab,b1,09,fc,b9,19,2b,c9,f2,1c,bb,0d,43,9b,7b,b0,54,71,7a,ec,2b,af,47,\
"rkeysecu "=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2010-06-29 23:54:03
ComboFix-quarantined-files.txt 2010-06-30 03:54
ComboFix2.txt 2009-12-16 13:05

Pre-Run: 65,898,696,704 bytes free
Post-Run: 65,803,849,728 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - EAB96DA454415B2A5DC12B6F8F6CA0B2

broni · 2010/06/29

Yes, please try to re-run it in normal mode.

langsa · 2010/06/30

I tried twice more to run it in normal mode, and both times the computer froze and the screen pixelated. Cursed thing!

broni · 2010/06/30

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

===============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

langsa · 2010/07/02

Kaspersky found nothing, but here's the report anyway:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, July 2, 2010
Operating system: Microsoft Windows Vista Business Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, July 02, 2010 00:04:19
Records in database: 4259650
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 248590
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 07:48:34

No threats found. Scanned area is clean.

Selected area has been scanned.

langsa · 2010/07/02

Here is part one of the OTL.txt file:
OTL logfile created on: 7/2/2010 9:17:11 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\langsa\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.05 Gb Total Space | 60.56 Gb Free Space | 43.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.83 Gb Free Space | 18.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021.00 Mb Total Space | 987.59 Mb Free Space | 96.73% Space Free | Partition Type: FAT32
Drive G: | 11.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LANGSA-PC
Current User Name: langsa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/02 08:45:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\langsa\Desktop\OTL.exe
PRC - [2010/06/15 18:55:32 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\langsa\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/02 09:57:46 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 09:57:44 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 09:57:43 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 09:56:52 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 09:56:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/21 20:47:07 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/01 12:58:43 | 001,038,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe
PRC - [2010/03/26 15:56:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/13 12:35:04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 12:34:25 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/19 16:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2010/01/13 18:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/06/17 07:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/18 18:28:04 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/01 23:21:32 | 002,329,128 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/03/01 23:21:32 | 000,789,032 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/03/01 23:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/02/17 12:13:14 | 000,079,416 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/02/12 02:13:34 | 000,355,896 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2009/01/28 00:21:48 | 000,075,024 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2009/01/14 17:01:48 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/01/14 17:01:12 | 011,223,040 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008/12/16 12:37:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/16 12:37:36 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/03 16:33:12 | 001,185,016 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/10/01 18:01:14 | 000,256,544 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/08/26 10:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/08/08 10:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/07/15 08:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/11/27 20:42:14 | 000,185,896 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/11/27 20:42:12 | 000,093,736 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/11/27 20:40:42 | 000,298,536 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe

========== Modules (SafeList) ==========

MOD - [2010/07/02 08:45:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\langsa\Desktop\OTL.exe
MOD - [2010/03/13 12:35:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/01/14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/01/28 00:15:04 | 000,076,560 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008/01/20 22:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (sdCoreService)
SRV - File not found [Auto | Stopped] -- -- (sdAuxService)
SRV - File not found [Auto | Stopped] -- -- (0213001251130747mcinstcleanup) McAfee Application Installer Cleanup (0213001251130747)
SRV - [2010/05/13 17:08:18 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/13 12:35:04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/13 12:34:25 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/19 17:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/01/19 16:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/10/15 19:49:00 | 003,042,652 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/08 00:19:46 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009/04/11 02:28:18 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/03/01 23:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/02/12 02:01:06 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Stopped] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/01/28 00:15:16 | 000,186,640 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2009/01/28 00:15:10 | 000,149,776 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009/01/14 17:01:48 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008/12/16 12:37:46 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/10/03 16:33:12 | 001,185,016 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/10/01 18:01:14 | 000,256,544 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/08/26 10:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/08/08 10:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/08/06 18:24:40 | 000,349,432 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2008/07/15 08:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2008/04/08 07:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/27 20:42:14 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/06/15 16:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/06/15 16:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/06/02 09:57:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 09:57:43 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/05 10:42:44 | 006,630,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/13 12:34:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/14 16:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 16:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/01/14 16:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/12/17 18:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/08/09 17:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/02 11:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/18 18:32:58 | 000,381,440 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/03/11 04:36:52 | 000,109,608 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/03/11 04:36:52 | 000,084,008 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/03/11 04:36:52 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/03/11 04:36:52 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/02/19 07:17:00 | 000,095,760 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/02/06 06:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/03 09:29:00 | 004,303,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/02/03 09:29:00 | 004,303,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/12/04 08:34:52 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/11/23 16:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/10/29 11:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/01 18:02:04 | 000,051,408 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/10/01 18:02:02 | 000,012,960 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/10/01 18:02:00 | 000,012,528 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/10/01 18:01:58 | 000,109,216 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/08/06 17:43:30 | 000,032,256 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2008/01/20 22:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:47 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/20 22:23:47 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/20 22:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:47 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/20 22:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: notreal.ccoptions@environmentalchemistry.com:1.2.1
FF - prefs.js..extensions.enabledItems: facebookfilter@chocolatesoftware.com:2.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: facebook-email-links@efinke.com:1.0
FF - prefs.js..extensions.enabledItems: s.alfa@idev.com:1.0
FF - prefs.js..extensions.enabledItems: betterfacebook@mattkruse.com:2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:0.19.3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/09 00:39:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/21 20:50:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/06/15 17:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/21 20:49:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/11 00:45:07 | 000,000,000 | ---D | M]

[2010/05/02 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Extensions
[2010/05/02 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/01 22:42:06 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions
[2010/02/15 05:42:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
[2010/05/05 13:19:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/08 21:24:45 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2010/04/08 18:30:17 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/07/01 22:41:31 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2010/04/13 00:27:01 | 000,000,000 | ---D | M] (Castle Age Toolbar) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}
[2009/11/21 19:30:22 | 000,000,000 | ---D | M] (Vivox Voice Plugin) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{ABAD4342-3FDA-4ccf-80AC-B6D0EECACA07}
[2010/05/08 21:24:47 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010/05/08 21:24:46 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\betterfacebook@mattkruse.com
[2010/05/08 21:24:46 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\facebook-email-links@efinke.com
[2010/06/19 00:16:12 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\facebookfilter@chocolatesoftware.com
[2010/03/08 19:47:43 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\lookingforgroupboom@lookingforgroup.com
[2009/10/13 17:01:47 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\notreal.ccoptions@environmentalchemistry.com
[2010/05/08 21:24:46 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\s.alfa@idev.com
[2010/05/25 13:07:46 | 000,001,565 | ---- | M] () -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\searchplugins\gmailto.xml
[2010/05/25 13:08:27 | 000,004,140 | ---- | M] () -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\searchplugins\youtube.xml
[2010/06/30 00:08:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 00:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/11 00:44:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/06/29 23:32:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - c:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper: C:\Users\langsa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\langsa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/18 19:59:05 | 000,000,228 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/07/05 19:05:52 | 001,019,904 | R--- | M] (Microsoft Corporation) - G:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell - " " = AutoRun
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell\AutoRun\command - " " = G:\autorun.exe -- [2005/07/05 19:05:52 | 001,019,904 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell\directx\command - " " = DirectX9\dxsetup.exe
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell\setup\command - " " = G:\setup.exe -- [2005/07/15 15:19:47 | 000,253,952 | R--- | M] (Microsoft Game Studios )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

langsa · 2010/07/02

Here's part 2 of the OTL.txt file:

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 22:35:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.CSCD - C:\windows\System32\camcodec.dll (RenderSoft Software)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IYUV - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/02 08:46:05 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\langsa\Desktop\OTL.exe
[2010/07/01 21:35:39 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\Elluminate
[2010/07/01 20:59:06 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\MyScribe
[2010/07/01 20:31:00 | 000,000,000 | -HSD | C] -- C:\Users\langsa\Documents\cache
[2010/07/01 20:31:00 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\webex
[2010/07/01 20:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2010/07/01 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\langsa\Desktop\DeVry
[2010/07/01 17:28:45 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\langsa\OTL.exe
[2010/06/30 21:27:59 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\langsa\Desktop\TFC.exe
[2010/06/30 11:28:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/30 11:21:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/06/30 00:26:11 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\AVG9
[2010/06/29 23:54:05 | 000,000,000 | ---D | C] -- C:\windows\temp
[2010/06/29 23:53:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/29 14:29:22 | 034,651,584 | ---- | C] (Hewlett-Packard Company ) -- C:\Users\langsa\sp48843.exe
[2010/06/29 14:23:08 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\windows\System32\SynTPCo4.dll
[2010/06/29 14:20:40 | 013,960,488 | ---- | C] (Synaptics Incorporated) -- C:\Users\langsa\Synaptics_v14_0_3_C_XP32_Vista32_Win7-32_Signed_default.exe
[2010/06/29 00:11:28 | 000,000,000 | ---D | C] -- C:\d0e0f61f2b73e93308
[2010/06/28 17:35:29 | 015,374,248 | ---- | C] (PC Tools ) -- C:\Users\langsa\sdstart.exe
[2010/06/28 17:22:14 | 000,000,000 | ---D | C] -- C:\windows\System32\WindowsPowerShell
[2010/06/28 14:15:30 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll
[2010/06/28 14:15:30 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDRes.dll
[2010/06/28 14:15:30 | 000,149,456 | ---- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll
[2010/06/28 14:10:46 | 000,233,136 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctgntdi.sys
[2010/06/28 14:10:46 | 000,100,136 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctwfpfilter.sys
[2010/06/28 14:10:00 | 000,218,592 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
[2010/06/28 14:10:00 | 000,088,040 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\PCTAppEvent.sys
[2010/06/28 14:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/28 13:59:19 | 000,059,664 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\TfSysMon.sys
[2010/06/28 13:59:19 | 000,051,984 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\TfFsMon.sys
[2010/06/28 13:59:19 | 000,033,552 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\TfNetMon.sys
[2010/06/28 13:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/06/28 13:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/21 00:16:52 | 000,922,400 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\langsa\jre-6u20-windows-i586-iftw-rv.exe
[2010/06/20 20:15:14 | 000,000,000 | ---D | C] -- C:\Users\langsa\JavaRa
[2010/06/19 00:50:51 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\Hewlett-Packard
[2010/06/19 00:45:08 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\Intel
[2010/06/19 00:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2010/06/19 00:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/06/19 00:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010/06/16 23:02:21 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Local\Cyberlink
[2010/06/15 17:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/06/15 17:43:36 | 000,000,000 | ---D | C] -- C:\windows\hpoj6500e709
[2010/06/15 17:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/06/15 17:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/06/15 17:24:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/15 17:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/06/13 22:56:49 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\Facebook
[2010/06/13 22:56:22 | 001,990,728 | ---- | C] (Facebook, Inc.) -- C:\Users\langsa\Install_Facebook_Plug-In_1.0.3.exe
[2010/06/03 23:10:29 | 000,000,000 | ---D | C] -- C:\Users\langsa\Documents\My Chat Logs
[2010/06/03 23:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/06/03 23:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/06/03 23:02:50 | 004,852,120 | ---- | C] (Yuna Software) -- C:\Users\langsa\MsgPlusLive-484.exe
[2010/05/27 22:31:26 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\windows\System32\SynCOM.dll
[2010/05/12 18:04:21 | 000,000,000 | ---D | C] -- C:\5decf481de6b3c24e1c079b24d31
[2010/05/07 17:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/05/07 17:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/05/07 17:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2010/05/07 17:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/05/07 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\NCH Software
[2010/05/07 13:22:29 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\com.oskoui-oskoui.avatar
[2010/05/07 13:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/05/07 13:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/07 13:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/07 13:09:09 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Local\Adobe
[2010/05/07 02:53:39 | 000,000,000 | ---D | C] -- C:\Users\langsa\Pics
[2010/05/01 01:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\kSolo
[2010/04/27 18:05:49 | 000,000,000 | ---D | C] -- C:\Users\langsa\Documents\RP Characters
[2010/04/26 18:48:11 | 000,000,000 | ---D | C] -- C:\Users\langsa\Documents\GSnap
[2010/04/26 18:19:45 | 000,000,000 | ---D | C] -- C:\MTV_OUTPUT
[2010/04/21 20:54:32 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\Apple Computer
[2010/04/21 20:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/04/21 20:43:24 | 000,818,200 | ---- | C] (RealNetworks, Inc.) -- C:\Users\langsa\RealPlayerSPGold.exe
[2010/04/06 23:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/08/07 10:56:03 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009/08/07 10:56:02 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[1 C:\Users\langsa\Documents\*.tmp files -> C:\Users\langsa\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/02 09:44:14 | 004,456,448 | ---- | M] () -- C:\Users\langsa\NTUSER.DAT
[2010/07/02 09:43:04 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/02 09:17:14 | 061,580,418 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010/07/02 09:10:37 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/02 09:09:53 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/02 09:09:53 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/02 09:09:52 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/02 09:09:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/02 09:09:33 | 2141,343,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/02 08:45:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\langsa\Desktop\OTL.exe
[2010/07/02 08:01:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2841127670-2781909849-4267527183-1004UA.job
[2010/07/02 00:01:13 | 000,000,000 | ---- | M] () -- C:\Users\langsa\AppData\Local\prvlcl.dat
[2010/07/01 22:57:59 | 000,001,356 | ---- | M] () -- C:\Users\langsa\AppData\Local\d3d9caps.dat
[2010/07/01 22:54:41 | 000,000,723 | ---- | M] () -- C:\Users\langsa\Desktop\DeVry.lnk
[2010/07/01 22:52:21 | 000,000,310 | ---- | M] () -- C:\Users\langsa\Public - Shortcut (2).lnk
[2010/07/01 22:52:17 | 000,000,310 | ---- | M] () -- C:\Users\langsa\Public - Shortcut.lnk
[2010/07/01 19:48:54 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2841127670-2781909849-4267527183-1004Core.job
[2010/07/01 17:28:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\langsa\OTL.exe
[2010/06/30 21:54:18 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010/06/30 21:53:47 | 000,524,288 | -HS- | M] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TMContainer00000000000000000001.regtrans-ms
[2010/06/30 21:53:47 | 000,065,536 | -HS- | M] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TM.blf
[2010/06/30 21:28:29 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\langsa\Desktop\TFC.exe
[2010/06/30 11:46:14 | 000,023,552 | ---- | M] () -- C:\Users\langsa\Samantha%20Lang's%20General%20Resume.doc
[2010/06/30 11:21:09 | 003,724,428 | R--- | M] () -- C:\Users\langsa\Desktop\ComboFix.exe
[2010/06/29 23:51:26 | 000,000,215 | ---- | M] () -- C:\windows\system.ini
[2010/06/29 23:32:10 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/06/29 19:26:56 | 001,306,448 | ---- | M] () -- C:\Users\langsa\100_3342.JPG
[2010/06/29 14:43:46 | 000,293,376 | ---- | M] () -- C:\Users\langsa\3jgh10x5.exe
[2010/06/29 14:31:11 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/06/29 14:21:07 | 013,960,488 | ---- | M] (Synaptics Incorporated) -- C:\Users\langsa\Synaptics_v14_0_3_C_XP32_Vista32_Win7-32_Signed_default.exe
[2010/06/29 14:13:19 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/06/29 13:43:01 | 000,645,810 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/06/29 13:43:00 | 000,763,574 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/06/29 13:43:00 | 000,120,908 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/29 00:03:30 | 000,002,009 | ---- | M] () -- C:\Users\langsa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/06/29 00:03:29 | 000,002,047 | ---- | M] () -- C:\Users\langsa\Desktop\Google Chrome.lnk
[2010/06/28 23:39:15 | 000,524,288 | -HS- | M] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TMContainer00000000000000000002.regtrans-ms
[2010/06/28 23:21:21 | 004,456,448 | -HS- | M] () -- C:\Users\langsa\ntuser.dat.rmbak
[2010/06/28 23:21:21 | 000,524,288 | -HS- | M] () -- C:\Users\langsa\NTUSER.DAT{6af937d1-9d44-11de-b656-00247e90c248}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 23:21:21 | 000,065,536 | -HS- | M] () -- C:\Users\langsa\NTUSER.DAT{6af937d1-9d44-11de-b656-00247e90c248}.TM.blf
[2010/06/28 17:53:05 | 000,064,030 | ---- | M] () -- C:\Users\langsa\trojan hkey issues.png
[2010/06/28 17:42:12 | 015,374,248 | ---- | M] (PC Tools ) -- C:\Users\langsa\sdstart.exe
[2010/06/28 13:59:22 | 000,000,767 | ---- | M] () -- C:\Users\langsa\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2010/06/28 13:59:21 | 000,000,743 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2010/06/23 21:53:17 | 000,075,349 | ---- | M] () -- C:\Users\langsa\fffffffuuuuu firefox.png
[2010/06/20 23:18:38 | 006,294,825 | ---- | M] () -- C:\Users\langsa\lugia's theme
[2010/06/20 19:55:27 | 000,071,798 | ---- | M] () -- C:\Users\langsa\JavaRa.zip
[2010/06/20 09:34:30 | 000,006,547 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010/06/19 12:13:57 | 018,810,765 | ---- | M] () -- C:\Users\langsa\YouTube - Ultrasound.flv
[2010/06/18 19:21:00 | 000,762,531 | ---- | M] () -- C:\Users\langsa\100_3331.JPG
[2010/06/18 18:34:07 | 001,125,284 | ---- | M] () -- C:\Users\langsa\100_3333.JPG
[2010/06/15 18:11:47 | 000,186,624 | ---- | M] () -- C:\windows\hpwins23.dat
[2010/06/15 17:59:06 | 000,000,254 | ---- | M] () -- C:\windows\win.ini
[2010/06/15 17:50:35 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/06/15 13:46:11 | 000,096,082 | ---- | M] () -- C:\Users\langsa\harrison hotness2.jpg
[2010/06/13 23:00:23 | 000,018,459 | ---- | M] () -- C:\Users\langsa\sha-sha2.jpg
[2010/06/13 22:58:55 | 000,014,016 | ---- | M] () -- C:\Users\langsa\sha-sha.jpg
[2010/06/13 22:56:35 | 001,990,728 | ---- | M] (Facebook, Inc.) -- C:\Users\langsa\Install_Facebook_Plug-In_1.0.3.exe
[2010/06/13 21:26:40 | 000,125,603 | ---- | M] () -- C:\Users\langsa\viper-snake-zoom.jpg
[2010/06/13 21:15:57 | 000,239,455 | ---- | M] () -- C:\Users\langsa\heavens_orion_nebula.png
[2010/06/13 00:38:49 | 000,100,010 | ---- | M] () -- C:\Users\langsa\Helix-nebula.jpg
[2010/06/13 00:38:20 | 000,125,298 | ---- | M] () -- C:\Users\langsa\Orion_Nebula_1200.jpg
[2010/06/13 00:35:30 | 000,230,024 | ---- | M] () -- C:\Users\langsa\orion-full-825x2011.jpg
[2010/06/12 11:52:41 | 004,066,743 | ---- | M] () -- C:\Users\langsa\PVPGurl-If_You_Could_Be_Nyhm_Nation_Gigi_and_Demineon.mp3
[2010/06/11 21:01:15 | 021,799,978 | ---- | M] () -- C:\Users\langsa\YouTube - octopus steals my video camera and swims off with it (while it's Recording).flv
[2010/06/10 17:29:10 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/06/09 00:41:20 | 000,421,408 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/08 17:32:25 | 000,030,512 | ---- | M] () -- C:\Users\langsa\fffffffuuuuu.gif
[2010/06/05 23:02:14 | 000,314,897 | ---- | M] () -- C:\Users\langsa\Trilobabe sm.jpg
[2010/06/04 15:02:10 | 000,014,336 | ---- | M] () -- C:\Users\langsa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 14:08:44 | 016,065,852 | ---- | M] () -- C:\Users\langsa\devrydocuments.zip
[2010/06/03 23:59:48 | 000,028,202 | ---- | M] () -- C:\Users\langsa\YTMND Fads - Soundpack - SoundPack DB2.mp3
[2010/06/03 23:03:05 | 004,852,120 | ---- | M] (Yuna Software) -- C:\Users\langsa\MsgPlusLive-484.exe
[2010/06/02 09:57:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2010/06/02 09:57:43 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2010/05/28 21:41:34 | 000,149,354 | ---- | M] () -- C:\Users\langsa\The_Ninja_Turtles_on_NES_by_ksama487.jpg
[2010/05/28 20:07:49 | 000,248,584 | ---- | M] () -- C:\Users\langsa\Sea_Slug_by_greyanimebeast.jpg
[2010/05/27 23:45:10 | 000,125,338 | ---- | M] () -- C:\Users\langsa\NAS1-JL_large.jpg
[2010/05/26 10:31:07 | 000,392,551 | ---- | M] () -- C:\Users\langsa\Just_touch_me_by_Janots13.jpg
[2010/05/24 17:11:35 | 000,162,288 | ---- | M] () -- C:\Users\langsa\53025103.jpg
[2010/05/24 16:53:10 | 000,057,850 | ---- | M] () -- C:\Users\langsa\whenigrowup.jpg
[2010/05/24 16:28:38 | 000,023,487 | ---- | M] () -- C:\Users\langsa\2vlmuc0.jpg
[2010/05/21 21:13:04 | 116,287,474 | ---- | M] () -- C:\Users\langsa\pita dog.avi
[2010/05/13 17:11:16 | 000,000,213 | ---- | M] () -- C:\Users\langsa\Desktop\Portal.url
[2010/05/12 22:41:35 | 000,097,632 | ---- | M] () -- C:\Users\langsa\harrison's kitty.jpg
[2010/05/11 13:29:29 | 000,156,161 | ---- | M] () -- C:\Users\langsa\fullmetalalchemist107pa.jpg
[2010/05/07 17:16:19 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\NCH Toolbox.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/04/29 00:09:53 | 000,079,347 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 6.jpg
[2010/04/29 00:06:24 | 000,033,904 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 5.jpg
[2010/04/29 00:00:42 | 000,013,066 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 4.jpg
[2010/04/28 23:58:47 | 000,017,380 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 3.jpg
[2010/04/28 23:54:45 | 000,166,463 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 1.jpg
[2010/04/28 23:50:37 | 000,147,222 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 2.jpg
[2010/04/28 23:33:56 | 000,035,621 | ---- | M] () -- C:\Users\langsa\Llorne sea slug - cruisin.jpg
[2010/04/28 23:32:51 | 000,181,198 | ---- | M] () -- C:\Users\langsa\Llorne sea slug - oh hai there.jpg
[2010/04/27 17:16:09 | 000,026,706 | ---- | M] () -- C:\Users\langsa\sword ref.jpg
[2010/04/27 16:26:25 | 000,063,802 | ---- | M] () -- C:\Users\langsa\uniform-reference.gif
[2010/04/27 16:24:16 | 000,379,564 | ---- | M] () -- C:\Users\langsa\umeda.jpg
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\windows\PEV.exe
[2010/04/21 20:50:10 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/04/21 20:47:19 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\windows\System32\pncrt.dll
[2010/04/21 00:20:03 | 000,078,850 | ---- | M] () -- C:\Users\langsa\n1165720760_30158947_3835.jpg
[2010/04/15 23:53:02 | 000,013,346 | ---- | M] () -- C:\Users\langsa\abel faht.jpg
[2010/04/08 23:47:45 | 000,039,160 | ---- | M] () -- C:\Users\langsa\3CYRP-A1.jpg
[2010/04/08 22:11:23 | 000,056,780 | ---- | M] () -- C:\Users\langsa\kane_puppy.jpg
[2010/04/08 22:01:05 | 000,092,122 | ---- | M] () -- C:\Users\langsa\harrison hotness.jpg
[2010/04/05 00:02:25 | 000,023,892 | ---- | M] () -- C:\Users\langsa\2010-04-01-clash1.jpg
[2010/04/05 00:02:05 | 000,018,486 | ---- | M] () -- C:\Users\langsa\clash-poster-kraken-close.jpg
[2010/04/05 00:00:09 | 000,047,278 | ---- | M] () -- C:\Users\langsa\kracken.jpg
[2010/04/04 23:56:23 | 000,027,578 | ---- | M] () -- C:\Users\langsa\4197085481_faf747bc30_o.jpg
[2010/04/04 23:55:58 | 000,032,766 | ---- | M] () -- C:\Users\langsa\clash-of-the-titans-kraken-575x328.jpg
[2010/04/04 17:25:18 | 001,408,636 | ---- | M] () -- C:\Users\langsa\Documents\fandango_com_fd.pdf
[1 C:\Users\langsa\Documents\*.tmp files -> C:\Users\langsa\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/02 08:36:32 | 000,000,859 | ---- | C] () -- C:\Users\langsa\kaspersky.txt
[2010/07/01 22:54:41 | 000,000,723 | ---- | C] () -- C:\Users\langsa\Desktop\DeVry.lnk
[2010/07/01 22:52:21 | 000,000,310 | ---- | C] () -- C:\Users\langsa\Public - Shortcut (2).lnk
[2010/07/01 22:52:17 | 000,000,310 | ---- | C] () -- C:\Users\langsa\Public - Shortcut.lnk
[2010/06/30 11:24:27 | 000,023,552 | ---- | C] () -- C:\Users\langsa\Samantha%20Lang's%20General%20Resume.doc
[2010/06/30 00:11:26 | 2141,343,744 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/29 22:27:17 | 003,724,428 | R--- | C] () -- C:\Users\langsa\Desktop\ComboFix.exe
[2010/06/29 19:41:04 | 001,306,448 | ---- | C] () -- C:\Users\langsa\100_3342.JPG
[2010/06/29 14:42:22 | 000,293,376 | ---- | C] () -- C:\Users\langsa\3jgh10x5.exe
[2010/06/29 14:31:11 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/06/29 14:13:19 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/06/29 00:37:34 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/06/28 23:35:23 | 000,524,288 | -HS- | C] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TMContainer00000000000000000002.regtrans-ms
[2010/06/28 23:35:23 | 000,524,288 | -HS- | C] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 23:35:23 | 000,065,536 | -HS- | C] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TM.blf
[2010/06/28 23:07:32 | 000,010,471 | ---- | C] () -- C:\Users\langsa\Attach.txt
[2010/06/28 17:52:54 | 000,064,030 | ---- | C] () -- C:\Users\langsa\trojan hkey issues.png
[2010/06/28 17:04:05 | 000,201,184 | ---- | C] () -- C:\windows\System32\winrm.vbs
[2010/06/28 17:04:05 | 000,004,675 | ---- | C] () -- C:\windows\System32\wsmanconfig_schema.xml
[2010/06/28 17:04:05 | 000,002,426 | ---- | C] () -- C:\windows\System32\WsmTxt.xsl
[2010/06/28 14:15:32 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll
[2010/06/28 14:15:31 | 000,000,882 | ---- | C] () -- C:\windows\RegSDImport.xml
[2010/06/28 14:15:31 | 000,000,879 | ---- | C] () -- C:\windows\RegISSImport.xml
[2010/06/28 14:15:30 | 001,152,444 | ---- | C] () -- C:\windows\UDB.zip
[2010/06/28 14:15:30 | 000,000,131 | ---- | C] () -- C:\windows\IDB.zip
[2010/06/28 14:10:46 | 000,007,387 | ---- | C] () -- C:\windows\System32\drivers\pctgntdi.cat
[2010/06/28 14:10:00 | 000,007,412 | ---- | C] () -- C:\windows\System32\drivers\PCTAppEvent.cat
[2010/06/28 14:10:00 | 000,007,383 | ---- | C] () -- C:\windows\System32\drivers\pctcore.cat
[2010/06/28 13:59:22 | 000,000,767 | ---- | C] () -- C:\Users\langsa\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2010/06/28 13:59:21 | 000,000,743 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2010/06/28 13:48:41 | 000,262,144 | -H-- | C] () -- C:\Users\langsa\S-1-5-21-2841127670-2781909849-4267527183-1004.rrr.LOG1
[2010/06/28 13:48:41 | 000,000,000 | -H-- | C] () -- C:\Users\langsa\S-1-5-21-2841127670-2781909849-4267527183-1004.rrr.LOG2
[2010/06/20 23:18:21 | 006,294,825 | ---- | C] () -- C:\Users\langsa\lugia's theme
[2010/06/20 19:55:05 | 000,071,798 | ---- | C] () -- C:\Users\langsa\JavaRa.zip
[2010/06/20 09:00:27 | 000,006,547 | ---- | C] () -- C:\WirelessDiagLog.csv
[2010/06/19 12:13:37 | 018,810,765 | ---- | C] () -- C:\Users\langsa\YouTube - Ultrasound.flv
[2010/06/18 16:18:21 | 001,125,284 | ---- | C] () -- C:\Users\langsa\100_3333.JPG
[2010/06/18 16:18:16 | 000,762,531 | ---- | C] () -- C:\Users\langsa\100_3331.JPG
[2010/06/15 18:09:37 | 000,001,847 | ---- | C] () -- C:\windows\hpwmdl23.dat.temp
[2010/06/15 17:50:35 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/06/15 17:22:01 | 000,001,163 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/15 17:22:00 | 000,186,624 | ---- | C] () -- C:\windows\hpwins23.dat
[2010/06/15 13:45:41 | 000,096,082 | ---- | C] () -- C:\Users\langsa\harrison hotness2.jpg
[2010/06/13 22:48:27 | 000,018,459 | ---- | C] () -- C:\Users\langsa\sha-sha2.jpg
[2010/06/13 22:40:45 | 000,014,016 | ---- | C] () -- C:\Users\langsa\sha-sha.jpg
[2010/06/13 21:26:29 | 000,125,603 | ---- | C] () -- C:\Users\langsa\viper-snake-zoom.jpg
[2010/06/13 21:14:05 | 000,239,455 | ---- | C] () -- C:\Users\langsa\heavens_orion_nebula.png
[2010/06/13 00:38:43 | 000,100,010 | ---- | C] () -- C:\Users\langsa\Helix-nebula.jpg
[2010/06/13 00:38:11 | 000,125,298 | ---- | C] () -- C:\Users\langsa\Orion_Nebula_1200.jpg
[2010/06/13 00:35:17 | 000,230,024 | ---- | C] () -- C:\Users\langsa\orion-full-825x2011.jpg
[2010/06/12 11:52:12 | 004,066,743 | ---- | C] () -- C:\Users\langsa\PVPGurl-If_You_Could_Be_Nyhm_Nation_Gigi_and_Demineon.mp3
[2010/06/12 00:01:43 | 000,000,000 | ---- | C] () -- C:\Users\langsa\AppData\Local\prvlcl.dat
[2010/06/11 21:00:17 | 021,799,978 | ---- | C] () -- C:\Users\langsa\YouTube - octopus steals my video camera and swims off with it (while it's Recording).flv
[2010/06/10 17:29:10 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/06/09 10:49:31 | 000,075,349 | ---- | C] () -- C:\Users\langsa\fffffffuuuuu firefox.png
[2010/06/08 17:30:43 | 000,030,512 | ---- | C] () -- C:\Users\langsa\fffffffuuuuu.gif
[2010/06/05 23:01:39 | 000,314,897 | ---- | C] () -- C:\Users\langsa\Trilobabe sm.jpg
[2010/06/04 14:01:35 | 016,065,852 | ---- | C] () -- C:\Users\langsa\devrydocuments.zip
[2010/06/03 23:59:41 | 000,028,202 | ---- | C] () -- C:\Users\langsa\YTMND Fads - Soundpack - SoundPack DB2.mp3
[2010/05/28 21:40:39 | 000,149,354 | ---- | C] () -- C:\Users\langsa\The_Ninja_Turtles_on_NES_by_ksama487.jpg
[2010/05/28 20:05:41 | 000,248,584 | ---- | C] () -- C:\Users\langsa\Sea_Slug_by_greyanimebeast.jpg
[2010/05/27 23:43:39 | 000,125,338 | ---- | C] () -- C:\Users\langsa\NAS1-JL_large.jpg
[2010/05/26 10:30:41 | 000,392,551 | ---- | C] () -- C:\Users\langsa\Just_touch_me_by_Janots13.jpg
[2010/05/24 17:11:18 | 000,162,288 | ---- | C] () -- C:\Users\langsa\53025103.jpg
[2010/05/24 16:52:55 | 000,057,850 | ---- | C] () -- C:\Users\langsa\whenigrowup.jpg
[2010/05/24 16:28:24 | 000,023,487 | ---- | C] () -- C:\Users\langsa\2vlmuc0.jpg
[2010/05/13 17:11:15 | 000,000,213 | ---- | C] () -- C:\Users\langsa\Desktop\Portal.url
[2010/05/12 22:41:09 | 000,097,632 | ---- | C] () -- C:\Users\langsa\harrison's kitty.jpg
[2010/05/11 13:24:24 | 000,156,161 | ---- | C] () -- C:\Users\langsa\fullmetalalchemist107pa.jpg
[2010/05/07 17:25:45 | 116,287,474 | ---- | C] () -- C:\Users\langsa\pita dog.avi
[2010/05/07 17:16:19 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\NCH Toolbox.lnk
[2010/04/29 00:09:53 | 000,079,347 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 6.jpg
[2010/04/29 00:06:23 | 000,033,904 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 5.jpg
[2010/04/29 00:00:42 | 000,013,066 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 4.jpg
[2010/04/28 23:58:46 | 000,017,380 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 3.jpg
[2010/04/28 23:54:43 | 000,166,463 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 1.jpg
[2010/04/28 23:50:37 | 000,147,222 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 2.jpg
[2010/04/28 23:33:56 | 000,035,621 | ---- | C] () -- C:\Users\langsa\Llorne sea slug - cruisin.jpg
[2010/04/28 23:32:50 | 000,181,198 | ---- | C] () -- C:\Users\langsa\Llorne sea slug - oh hai there.jpg
[2010/04/27 17:16:01 | 000,026,706 | ---- | C] () -- C:\Users\langsa\sword ref.jpg
[2010/04/27 16:55:36 | 000,004,559 | ---- | C] () -- C:\Users\langsa\feila characters.txt
[2010/04/27 16:26:18 | 000,063,802 | ---- | C] () -- C:\Users\langsa\uniform-reference.gif
[2010/04/27 16:23:35 | 000,379,564 | ---- | C] () -- C:\Users\langsa\umeda.jpg
[2010/04/21 20:50:10 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/04/21 00:19:20 | 000,078,850 | ---- | C] () -- C:\Users\langsa\n1165720760_30158947_3835.jpg
[2010/04/15 23:53:01 | 000,013,346 | ---- | C] () -- C:\Users\langsa\abel faht.jpg
[2010/04/08 23:47:35 | 000,039,160 | ---- | C] () -- C:\Users\langsa\3CYRP-A1.jpg
[2010/04/08 22:11:09 | 000,056,780 | ---- | C] () -- C:\Users\langsa\kane_puppy.jpg
[2010/04/08 22:00:23 | 000,092,122 | ---- | C] () -- C:\Users\langsa\harrison hotness.jpg
[2010/04/05 00:02:19 | 000,023,892 | ---- | C] () -- C:\Users\langsa\2010-04-01-clash1.jpg
[2010/04/05 00:01:59 | 000,018,486 | ---- | C] () -- C:\Users\langsa\clash-poster-kraken-close.jpg
[2010/04/05 00:00:03 | 000,047,278 | ---- | C] () -- C:\Users\langsa\kracken.jpg
[2010/04/04 23:56:16 | 000,027,578 | ---- | C] () -- C:\Users\langsa\4197085481_faf747bc30_o.jpg
[2010/04/04 23:55:52 | 000,032,766 | ---- | C] () -- C:\Users\langsa\clash-of-the-titans-kraken-575x328.jpg
[2010/04/04 17:25:13 | 001,408,636 | ---- | C] () -- C:\Users\langsa\Documents\fandango_com_fd.pdf
[2010/03/03 00:02:55 | 000,027,648 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2010/01/06 19:53:39 | 000,162,304 | ---- | C] () -- C:\windows\System32\ztvunrar36.dll
[2010/01/06 19:53:39 | 000,153,088 | ---- | C] () -- C:\windows\System32\UNRAR3.dll
[2010/01/06 19:53:39 | 000,077,312 | ---- | C] () -- C:\windows\System32\ztvunace26.dll
[2010/01/06 19:53:39 | 000,075,264 | ---- | C] () -- C:\windows\System32\unacev2.dll
[2009/11/07 05:06:14 | 000,000,044 | ---- | C] () -- C:\windows\WSST_Screen_Saver.ini
[2009/08/18 14:51:49 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2009/08/12 23:37:12 | 000,000,025 | ---- | C] () -- C:\windows\cdplayer.ini
[2009/08/07 10:56:02 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/08/07 10:56:02 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/08/07 10:56:02 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2009/02/03 07:00:00 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2009/02/03 07:00:00 | 000,011,264 | ---- | C] () -- C:\windows\System32\atimuixx.dll
[2008/10/01 18:01:58 | 000,109,216 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008/08/06 18:19:14 | 000,294,912 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll
[2007/11/27 20:41:06 | 000,114,688 | ---- | C] () -- C:\windows\System32\aicext.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2005/04/03 19:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[1998/05/07 00:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

========== LOP Check ==========

[2009/11/12 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Alien Skin
[2009/12/08 06:09:36 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Audacity
[2010/06/30 00:26:11 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\AVG9
[2010/05/07 13:22:29 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\com.oskoui-oskoui.avatar
[2010/03/14 21:23:08 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\DAEMON Tools Lite
[2010/07/01 21:37:06 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Elluminate
[2010/06/13 22:56:53 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Facebook
[2009/08/08 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\InterVideo
[2010/07/01 21:05:28 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\MyScribe
[2009/09/11 14:50:19 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\PeerNetworking
[2010/06/28 13:15:34 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Registry Mechanic
[2009/09/12 19:06:42 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Renegade Minds
[2009/08/17 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\SecondLife
[2009/08/12 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\SPORE
[2009/12/07 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\SystemRequirementsLab
[2009/11/21 19:30:36 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Vivox
[2010/07/01 20:31:34 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\webex
[2010/06/30 21:54:24 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/08/12 10:45:54 | 000,000,171 | ---- | M] () -- C:\camera.log
[2010/07/02 09:09:33 | 2141,343,744 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/12 10:56:53 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2009/11/07 05:06:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/22 18:57:55 | 000,014,952 | ---- | M] () -- C:\lopR.txt
[2010/06/29 13:52:45 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/11/07 05:06:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/02 09:09:31 | 2455,191,552 | -HS- | M] () -- C:\pagefile.sys
[2009/08/12 10:46:56 | 000,000,082 | ---- | M] () -- C:\SYNTPAD.LOG
[2010/06/20 09:34:30 | 000,006,547 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/08/12 10:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp082.dll
[2006/11/02 08:36:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/02/03 07:02:00 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 22:25:16 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\langsa\Transformers.2.Revenge.of.The.Fallen.CAM.XviD-LTT.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\langsa\pita dog.avi:TOC.WMV
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp1B5B4F1
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:EA029835
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TempFC5A2B2
< End of report >

langsa · 2010/07/02

And here is the Extras.txt file:
OTL Extras logfile created on: 7/2/2010 9:17:11 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\langsa\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.05 Gb Total Space | 60.56 Gb Free Space | 43.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.83 Gb Free Space | 18.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021.00 Mb Total Space | 987.59 Mb Free Space | 96.73% Space Free | Partition Type: FAT32
Drive G: | 11.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LANGSA-PC
Current User Name: langsa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- C:\Users\langsa\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F82D380-2C0F-47D6-88F7-422FBC78FB58}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1768CC0E-FF89-4207-BCBB-A52CD75D89E9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{272488AC-C05B-41E4-8BE0-30F9036E7AFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2F9A0577-D90E-454A-B307-8C3F0F0573D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42A7786B-3B21-417C-95CC-506279214DB0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4CB89C06-4462-400E-9BA1-6C6593209B7B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5494BFE8-F03A-484C-9C91-88E7AEFEA28A}" = lport=138 | protocol=17 | dir=in | app=system |
"{5CFE8AD8-7D58-431C-BF9C-889B84E67246}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6EC2B222-7FDF-4D8B-9C40-E7D0615BD21E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{721FE34C-65DE-44ED-9B15-7C1C0060D19D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{733B1E42-796B-449E-856D-A5E45A40985F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8BCF5D94-C3B9-4D7D-951E-2FFE59E73AED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90C348B3-04C1-4DA9-A220-A8F819F6AC09}" = rport=138 | protocol=17 | dir=out | app=system |
"{94B2AD66-5009-4C91-AD0B-76E5753E24AE}" = lport=445 | protocol=6 | dir=in | app=system |
"{970DCA72-96D9-4458-A1C4-918FF3578122}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3843F7C-A05B-4BB5-86A9-6F390DBAE27A}" = lport=139 | protocol=6 | dir=in | app=system |
"{B6FDBB59-D6D4-49FB-AFE3-50B2BC72FD93}" = rport=139 | protocol=6 | dir=out | app=system |
"{B8AE542C-75BD-407B-82C0-F0C7983BE723}" = lport=137 | protocol=17 | dir=in | app=system |
"{D3F660E1-8612-4754-AFAB-1DF79B0AFD7F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{D7E94A42-7D8F-4F76-AA8E-4AAB3D06C491}" = rport=137 | protocol=17 | dir=out | app=system |
"{EF6B56C5-0307-4E8E-8B4E-A6E07DE48684}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7D5A9D7-828A-4ADD-86CD-3F330A690357}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13B0FBAC-7D8A-4410-A4C4-AD41A7722383}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{171647B1-4D24-4446-8315-051DB59C08E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{291CE987-7F9B-4157-A397-DF841CC9D9B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{29BF0FA3-58DC-4A68-8C39-4290FF3B0309}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{2B173051-B0CA-4EBF-9D26-C2BB4FF6D273}" = protocol=17 | dir=in | app=c:\ntreev usa\grand chase\main.exe |
"{303FC6DD-2ED9-477B-B3F9-BFC66CDE4649}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{4D207CD7-E0AE-41AC-9BB2-EE3FC42AFC85}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{57974A1A-1276-4063-915F-E712EEECB5AE}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{5C76CBCE-8CC1-4BE5-A443-5704F0D4EFEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{73817A29-B388-4972-AC00-7290A3924828}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{754BAB67-2D79-4A87-BCB3-335370A6FEF1}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{7767103F-E530-4EE8-8417-F2D5F0C06F5D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{7DABF0CF-8B46-4740-8C1B-D98E5A21036C}" = protocol=6 | dir=in | app=g:\documents\downloads\age3.exe |
"{8713632F-28B8-4CCE-930A-94E564302292}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A26726E1-42A9-44F5-9867-A5EC99CA0DF0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AB490875-F286-476D-9281-AD3506C0C895}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{AECADFBB-0DB6-4706-9332-5B55161F5759}" = protocol=6 | dir=in | app=c:\ntreev usa\grand chase\main.exe |
"{B301AF92-B384-4DD8-98BC-5E1EE8202315}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B5F5EAB5-8EDC-4957-BF95-AB8B44FDDA4C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{BAD4858C-3E73-4D01-AA08-73888A201585}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{BDE6E59A-6E6D-4A1A-9101-91C8D074D4E1}" = protocol=17 | dir=in | app=g:\documents\downloads\age3.exe |
"{C21F981F-F761-4EEB-8244-8367B9090B33}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C4F21FFE-F3D4-418D-B4AC-CC54CF86CA52}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CE6F5392-5081-45BF-871A-8F0263956C55}" = dir=in | app=e:\setup\hpznui01.exe |
"{D76D8B2A-D880-43EE-88A2-E190AE53F1BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D78E00DB-EE9F-433B-9209-1F18DE01D782}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF1097C6-7E49-4845-AD63-72CD5BBEB98C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F0A8F9AC-C2BF-480A-AC3E-43FADB41177E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{F39F5672-15A2-466A-A5F6-2097B000BE91}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{FD1D56F7-102C-4C49-AC03-175F957847DC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{0FF7E29E-7F6A-4ED5-96A4-87D46F856802}C:\program files\halo combat evolved\halo.exe" = protocol=6 | dir=in | app=c:\program files\halo combat evolved\halo.exe |
"TCP Query User{2FF1B415-FC62-4BB0-9BCD-07818D4FFA11}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{32633896-7047-48DF-A51D-229AF4CB540D}C:\users\langsa\my games\game.exe" = protocol=6 | dir=in | app=c:\users\langsa\my games\game.exe |
"TCP Query User{9105B4CC-431F-45D4-8E28-9D43D0D698DF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9B98BEA6-74FC-461E-94DB-0CD9A92539B4}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{AE37499F-F1C5-41FC-AB36-CACBFFCFA088}C:\users\langsa\appdata\roaming\mozilla\firefox\profiles\5gidxkas.default\extensions\{abad4342-3fda-4ccf-80ac-b6d0eecaca07}\plugins\vivoxvoicemanager.exe" = protocol=6 | dir=in | app=c:\users\langsa\appdata\roaming\mozilla\firefox\profiles\5gidxkas.default\extensions\{abad4342-3fda-4ccf-80ac-b6d0eecaca07}\plugins\vivoxvoicemanager.exe |
"TCP Query User{B1158395-57B0-4F24-94A7-28740D4777A4}C:\users\langsa\documents\my received files\oc11b72.exe" = protocol=6 | dir=in | app=c:\users\langsa\documents\my received files\oc11b72.exe |
"TCP Query User{B3C4702C-3350-4BC4-8C64-16F8811A22BD}C:\program files\microsoft games\halo custom edition\haloce.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo custom edition\haloce.exe |
"TCP Query User{B7F92EF2-5B9C-45D8-A31B-A1E6731141D3}C:\program files\secondlife\secondlife.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\secondlife.exe |
"TCP Query User{DD4A19FE-BC82-4923-9143-2BAAB62EBF00}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{EF7C454B-0F78-4371-8E11-3030A4A5DC2B}C:\program files\secondlife\secondlife.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\secondlife.exe |
"TCP Query User{F70DE6C6-7A82-4A1E-8F0C-28F8B095754B}C:\program files\halo combat evolved\halo.exe" = protocol=6 | dir=in | app=c:\program files\halo combat evolved\halo.exe |
"UDP Query User{30987A6E-211E-42F1-981E-B30B751A1FD9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3C08B329-93E0-41B4-83A1-4D7F7627AE20}C:\program files\secondlife\secondlife.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\secondlife.exe |
"UDP Query User{3E491D0C-F029-4C2D-BFCC-67CE8EC3E914}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{79BFCB2F-8A5A-42B0-9C66-D6D756470CF7}C:\program files\halo combat evolved\halo.exe" = protocol=17 | dir=in | app=c:\program files\halo combat evolved\halo.exe |
"UDP Query User{800138E5-8F9B-42E0-AC02-2C9AF3896457}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{9A8A20E7-EAF7-4428-B10D-D423D2AFA8FB}C:\users\langsa\appdata\roaming\mozilla\firefox\profiles\5gidxkas.default\extensions\{abad4342-3fda-4ccf-80ac-b6d0eecaca07}\plugins\vivoxvoicemanager.exe" = protocol=17 | dir=in | app=c:\users\langsa\appdata\roaming\mozilla\firefox\profiles\5gidxkas.default\extensions\{abad4342-3fda-4ccf-80ac-b6d0eecaca07}\plugins\vivoxvoicemanager.exe |
"UDP Query User{A09BBA0A-8940-4407-A6F0-39177B675011}C:\program files\halo combat evolved\halo.exe" = protocol=17 | dir=in | app=c:\program files\halo combat evolved\halo.exe |
"UDP Query User{B1D13B6A-6ADB-4E12-97A7-2C83BB579154}C:\program files\secondlife\secondlife.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\secondlife.exe |
"UDP Query User{C8817A06-CAD3-4E6E-BC1B-FCEA529A313E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CDDCBE76-5D06-449C-B045-0D1897CD5908}C:\users\langsa\documents\my received files\oc11b72.exe" = protocol=17 | dir=in | app=c:\users\langsa\documents\my received files\oc11b72.exe |
"UDP Query User{E1C9D2B6-A983-458C-97B1-2334E2E7BD61}C:\users\langsa\my games\game.exe" = protocol=17 | dir=in | app=c:\users\langsa\my games\game.exe |
"UDP Query User{FAF251FF-6CBA-4E1D-8AD5-807A72A8B1F0}C:\program files\microsoft games\halo custom edition\haloce.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo custom edition\haloce.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{014EFADF-1AA8-44D0-B889-D39D77302A62}" = Intel(R) PROSet/Wireless WiFi Software
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04818D16-E946-550C-CA5B-5FB3B25CC9D2}" = CCC Help Czech
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06D3BAA7-8C97-4FF6-9F7B-99705BAC2169}" = Credential Manager for HP ProtectTools
"{0845D004-320A-6B28-B8AD-BC147D50271E}" = CCC Help Korean
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0AE73E05-FD6F-417F-B828-82F13307AEEC}" = Catalyst Control Center - Branding
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{10EF53B4-44A3-1428-F051-4689307F27ED}" = CCC Help Russian
"{132F255E-FBE9-2E72-10A5-9DF35B45CEEF}" = ATI Catalyst Install Manager
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AB28342-A6C5-8B7A-2A92-BA2ED2A1E722}" = CCC Help Thai
"{1ACC4560-E7BE-2CCD-555B-C9C39F8940F8}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2928BCFA-AA18-C897-EF98-96DDB81B4CA5}" = CCC Help Polish
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2BDB9DE0-6199-EEA2-81D1-93F1886DD3CB}" = CCC Help Hungarian
"{2CC3B536-0F86-1C4C-9C6E-4524252C343D}" = CCC Help Italian
"{2E2A8A44-39EE-5EE3-6A9D-EAF9BC20B44E}" = CCC Help Chinese Standard
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F7749ED-44A0-4EB1-8D64-C1FB5F73B48B}" = WolfQuest
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31030E4E-8532-4A22-B615-9F7A48F69C36}" = Catalyst Control Center - Branding
"{3266D4DE-9CD0-48AC-9B2D-1D4879DB440F}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3685016F-4277-5680-1990-2521EF3D3801}" = Catalyst Control Center Graphics Full New
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3A5C2134-6755-F59A-91EC-4A2EFEB2EAF4}" = Skins
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA904CF-8B75-41AF-A5D2-F18A511536CA}" = LightScribe System Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43975334-1732-7072-DF06-008794BED1C4}" = CCC Help Japanese
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{485D80AA-AFD9-4FF1-91D4-A44978B99F3D}" = AuthenTec Fingerprint System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A961841-85E4-F441-8C99-17657E860243}" = Catalyst Control Center InstallProxy
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{554245D2-1EB4-4BA4-B74F-043972FAB66E}" = HP ProtectTools Security Manager
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5A88C46B-C38D-48C6-BE6D-BBC92BC30DAA}" = Livestream Procaster
"{5CFA95BC-52A5-6F32-05E4-0F9FCA83F9F0}" = CCC Help French
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B21C4FD-B224-4599-A9BC-F565FDB90301}" = HP JavaCard for HP ProtectTools
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.9
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83DBD41D-ADDF-7C18-98D8-B9232221CDE1}" = ccc-core-static
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{88F09FD2-0C32-A0E0-02DA-66731126032E}" = ccc-utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_PROHYBRIDR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_PROHYBRIDR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_PROHYBRIDR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_PROHYBRIDR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_PROHYBRIDR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_PROHYBRIDR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{5A2F65A4-808F-4A1E-973E-92E17824982D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{A5B6B786-2D6F-4B75-940F-42B32D01D146}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{669EB263-0AFE-4FCB-A068-DB082CA6273C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{042190ED-F17C-4A8D-95D8-87A37B4095BD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{D3064ADE-5D4C-4AA4-8F71-C63D87D4A263}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_PROHYBRIDR_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{902EC7BE-C623-11F3-0B20-A6A1D01A0F99}" = CCC Help Danish
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9505A2A4-2478-CAE8-3860-705A689A50E9}" = Catalyst Control Center Graphics Previews Vista
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{99B39D40-5EA1-440C-BA46-5DE3FA6E8388}" = Catalyst Control Center - Branding
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A70634D4-6C97-6F3D-B1D1-6CD01AAB15A2}" = CCC Help Chinese Traditional
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA8EC7A4-EA02-4A72-B14F-65DA485F74C8}" = ESU for Microsoft Vista SP1
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC0AA40D-8899-449C-A059-548C8AC5FB6D}" = HP User Guides 0136
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC54964A-0886-FFBB-DA5A-21B47BEDD8D9}" = CCC Help Portuguese
"{AE8B9EED-2083-3830-6BAF-D8FF87EFBD2B}" = Catalyst Control Center Localization All
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1259862-9EBF-C8E2-2092-160135C71549}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA69296C-0910-D3B1-70C9-23BFF0C31D90}" = Catalyst Control Center Graphics Full Existing
"{BB662A7E-DFF6-47C9-BBD2-430079EA8E74}" = BIOS Configuration for HP ProtectTools
"{C0FFF484-B2C2-48C5-81F3-5500F196BEE7}" = Guitar and Drum Trainer v4
"{C299012A-DB39-4E9D-B360-75F83A7D5252}" = Catalyst Control Center - Branding
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C4E73218-0B91-12D8-DB06-AE69B985EA55}" = CCC Help Finnish
"{C6FF0A11-1F6C-C902-2644-4FDE8BC45A91}" = CCC Help German
"{CA17EC26-F3D1-2084-D747-A33065D2257E}" = CCC Help Spanish
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB7B419E-7ED5-76E0-8437-DEEFA7D45602}" = CCC Help Turkish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142866A-0DDB-A0D7-CEC3-B2F4D79345CA}" = CCC Help Norwegian
"{D4E1CDA6-A176-B7BB-D0E6-206A2C3F0867}" = CCC Help English
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8A0E646-F4C7-7AF4-1768-A3090F85CDB1}" = CCC Help Greek
"{DA8D7893-2E3A-4E49-7F6B-60DB4E33528F}" = Catalyst Control Center Core Implementation
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E05EB9D2-8559-4821-98AC-3D5DA3242D5B}" = Vista Default Settings
"{E21B4FFE-843B-49D4-81B1-E682ACAAD438}_is1" = Pokemon World Online 1.52
"{E40CE35C-27F5-4EBF-82F9-13238BCA3572}" = HP Wireless Assistant
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E6272A04-665C-4E7D-A6BA-EAF4C6C11B00}" = Drive Encryption for HP ProtectTools
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB091F2E-3B92-1658-6303-9924097B58D6}" = Catalyst Control Center Graphics Light
"7-Zip" = 7-Zip 4.65
"AbiWord2" = AbiWord 2.6.8
"AbiwordToolsPlugins" = AbiWord Tools Plugins
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.10 (Unicode)
"AVG9Uninstall" = AVG Free 9.0
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"Debut" = Debut Video Capture Software
"DFX for Windows Media Player" = DFX for Windows Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"Halo CE" = Microsoft Halo Custom Edition
"Halo Combat Evolved" = Halo Combat Evolved
"Halo Server" = Halo Server
"HijackThis" = HijackThis 2.0.2
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP QuickLook 2_is1" = HP QuickLook 2
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"kSolo" = kSolo Recorder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyScribe" = MyScribe
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"PDF Complete" = PDF Complete
"Prism" = Prism Video Converter
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"pugclean" = pugclean 1.0
"RealPlayer 12.0" = RealPlayer
"SecondLife" = SecondLife (remove only)
"SecondLifeBetaViewer" = SecondLifeBetaViewer (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 400" = Portal
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"ToolBox" = NCH Toolbox
"UnityWebPlayer" = Unity Web Player
"VideoPad" = VideoPad Video Editor
"VirtualCloneDrive" = VirtualCloneDrive
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"Adobe ConnectNow Add-in" = Adobe ConnectNow Add-in
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Sparkplayer (Beta)" = Sparkplayer (Beta)
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2010 8:30:02 PM | Computer Name = langsa-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 7/1/2010 8:30:02 PM | Computer Name = langsa-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 7/1/2010 8:31:59 PM | Computer Name = langsa-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/1/2010 8:31:59 PM | Computer Name = langsa-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/1/2010 11:15:29 PM | Computer Name = langsa-PC | Source = Application Hang | ID = 1002
Description = The program steam.exe version 1.0.843.387 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1a20 Start Time: 01cb19936a62de64 Termination Time: 60000

Error - 7/1/2010 11:36:21 PM | Computer Name = langsa-PC | Source = pctsSvc.exe | ID = 0
Description =

Error - 7/2/2010 2:52:20 AM | Computer Name = langsa-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 7/2/2010 9:10:07 AM | Computer Name = langsa-PC | Source = Application Error | ID = 1000
Description = Faulting application EvtEng.exe, version 13.1.1.1, time stamp 0x4b565595,
faulting module EvtEng.exe, version 13.1.1.1, time stamp 0x4b565595, exception
code 0x40000015, fault offset 0x0007aece, process id 0xe68, application start time
0x01cb19e7e35ba81a.

Error - 7/2/2010 9:10:08 AM | Computer Name = langsa-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/2/2010 9:12:26 AM | Computer Name = langsa-PC | Source = Application Error | ID = 1000
Description = Faulting application QLBCtrl.exe, version 6.4.14.1, time stamp 0x499c218f,
faulting module QLBCtrl.exe, version 6.4.14.1, time stamp 0x499c218f, exception
code 0xc0000005, fault offset 0x00003f84, process id 0x16bc, application start time
0x01cb19e801a6e7da.

[ Credential Manager Events ]
Error - 3/24/2010 3:17:57 PM | Computer Name = langsa-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: langsa@LANGSA-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 3/24/2010 3:17:57 PM | Computer Name = langsa-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
langsa@LANGSA-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 3/24/2010 3:18:20 PM | Computer Name = langsa-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: langsa@LANGSA-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 3/24/2010 3:18:20 PM | Computer Name = langsa-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
langsa@LANGSA-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 3/24/2010 3:18:32 PM | Computer Name = langsa-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: langsa@LANGSA-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 3/24/2010 3:18:32 PM | Computer Name = langsa-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
langsa@LANGSA-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 3/24/2010 4:35:00 PM | Computer Name = langsa-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: langsa@LANGSA-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 3/24/2010 4:35:00 PM | Computer Name = langsa-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
langsa@LANGSA-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 4/2/2010 5:23:04 PM | Computer Name = langsa-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: langsa@LANGSA-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/2/2010 5:23:04 PM | Computer Name = langsa-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
langsa@LANGSA-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

[ OSession Events ]
Error - 10/29/2009 11:20:17 PM | Computer Name = langsa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 59
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/1/2010 8:34:18 PM | Computer Name = langsa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/2/2010 6:15:34 AM | Computer Name = langsa-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 7/2/2010 9:09:44 AM | Computer Name = langsa-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:59:19 AM on 7/2/2010 was unexpected.

Error - 7/2/2010 9:10:09 AM | Computer Name = langsa-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/2/2010 9:10:09 AM | Computer Name = langsa-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/2/2010 9:10:09 AM | Computer Name = langsa-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/2/2010 9:10:11 AM | Computer Name = langsa-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/2/2010 9:10:10 AM | Computer Name = langsa-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 7/2/2010 9:10:12 AM | Computer Name = langsa-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 7/2/2010 9:14:44 AM | Computer Name = langsa-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

< End of report >

Please tell me if you see anything out of the ordinary. Trying desperately to get this cursed thing to run right before college starts.

broni · 2010/07/02

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
SRV - File not found [On_Demand | Stopped] -- -- (sdCoreService)
SRV - File not found [Auto | Stopped] -- -- (sdAuxService)
SRV - File not found [Auto | Stopped] -- -- (0213001251130747mcinstcleanup) McAfee Application Installer Cleanup (0213001251130747)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell - " " = AutoRun
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell\AutoRun\command - " " = G:\autorun.exe -- [2005/07/05 19:05:52 | 001,019,904 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell\directx\command - " " = DirectX9\dxsetup.exe
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell\setup\command - " " = G:\setup.exe -- [2005/07/15 15:19:47 | 000,253,952 | R--- | M] (Microsoft Game Studios )
[2010/06/28 13:15:34 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Registry Mechanic
@Alternate Data Stream - 64 bytes -> C:\Users\langsa\Transformers.2.Revenge.of.The.Fallen.CAM.XviD-LTT.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\langsa\pita dog.avi:TOC.WMV
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:EA029835
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

langsa · 2010/07/03

Here's the OTL Fix log.

All processes killed
========== OTL ==========
Service sdCoreService stopped successfully!
Service sdCoreService deleted successfully!
Service sdAuxService stopped successfully!
Service sdAuxService deleted successfully!
Error: No service named 0213001251130747mcinstcleanup) McAfee Application Installer Cleanup (0213001251130747 was found to stop!
Service\Driver key 0213001251130747mcinstcleanup) McAfee Application Installer Cleanup (0213001251130747 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25efe6f2-330b-11df-a17f-00247e90c248}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25efe6f2-330b-11df-a17f-00247e90c248}\ not found.
File move failed. G:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25efe6f2-330b-11df-a17f-00247e90c248}\ not found.
File DirectX9\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25efe6f2-330b-11df-a17f-00247e90c248}\ not found.
File move failed. G:\setup.exe scheduled to be moved on reboot.
C:\Users\langsa\AppData\Roaming\Registry Mechanic folder moved successfully.
ADS C:\Users\langsa\Transformers.2.Revenge.of.The.Fallen.CAM.XviD-LTT.avi:TOC.WMV deleted successfully.
ADS C:\Users\langsa\pita dog.avi:TOC.WMV deleted successfully.
ADS C:\ProgramData\Temp1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:EA029835 deleted successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TempFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: langsa
->Temp folder emptied: 120117816 bytes
->Temporary Internet Files folder emptied: 3723903 bytes
->Java cache emptied: 11992770 bytes
->FireFox cache emptied: 69705299 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3058 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 227607 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 134774424 bytes

Total Files Cleaned = 325.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: langsa
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.7.0 log created on 07032010_022054

Files\Folders moved on Reboot...
File\Folder G:\autorun.exe not found!
File\Folder G:\setup.exe not found!

Registry entries deleted on Reboot...

broni · 2010/07/03

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Click to expand...

.....

langsa · 2010/07/03

Here's part one of the OTL scan:

OTL logfile created on: 7/3/2010 12:02:03 PM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\langsa\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.05 Gb Total Space | 60.96 Gb Free Space | 44.16% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.83 Gb Free Space | 18.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021.00 Mb Total Space | 987.59 Mb Free Space | 96.73% Space Free | Partition Type: FAT32
Drive G: | 11.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LANGSA-PC
Current User Name: langsa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/02 08:45:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\langsa\Desktop\OTL.exe
PRC - [2010/06/15 18:55:32 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\langsa\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/02 09:57:46 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 09:57:44 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 09:57:43 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 09:56:52 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 09:56:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/21 20:47:07 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/13 12:35:04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 12:34:25 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/19 16:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2010/01/13 18:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/06/17 07:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/18 18:28:04 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/01 23:21:32 | 002,329,128 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/03/01 23:21:32 | 000,789,032 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/03/01 23:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/02/17 12:13:14 | 000,079,416 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/02/12 02:13:34 | 000,355,896 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2009/01/28 00:21:48 | 000,075,024 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2009/01/14 17:01:48 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/01/14 17:01:12 | 011,223,040 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008/12/16 12:37:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/16 12:37:36 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/12/04 11:14:48 | 000,075,016 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/10/03 16:33:12 | 001,185,016 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/10/01 18:01:14 | 000,256,544 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/08/26 10:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/08/08 10:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/07/15 08:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/11/27 20:42:14 | 000,185,896 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/11/27 20:42:12 | 000,093,736 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/11/27 20:40:42 | 000,298,536 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe

========== Modules (SafeList) ==========

MOD - [2010/07/02 08:45:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\langsa\Desktop\OTL.exe
MOD - [2010/03/13 12:35:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/01/14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/01/28 00:15:04 | 000,076,560 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008/01/20 22:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0213001251130747mcinstcleanup) McAfee Application Installer Cleanup (0213001251130747)
SRV - [2010/05/13 17:08:18 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/13 12:35:04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/13 12:34:25 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/19 17:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/01/19 16:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/10/15 19:49:00 | 003,042,652 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/08 00:19:46 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009/04/11 02:28:18 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/03/01 23:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/02/12 02:01:06 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Stopped] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/01/28 00:15:16 | 000,186,640 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2009/01/28 00:15:10 | 000,149,776 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009/01/14 17:01:48 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008/12/16 12:37:46 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/10/03 16:33:12 | 001,185,016 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/10/01 18:01:14 | 000,256,544 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/08/26 10:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/08/08 10:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/08/06 18:24:40 | 000,349,432 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2008/07/15 08:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2008/04/08 07:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/27 20:42:14 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/06/15 16:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/06/15 16:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/06/02 09:57:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 09:57:43 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/05 10:42:44 | 006,630,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/13 12:34:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/14 16:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 16:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/01/14 16:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/12/17 18:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/08/09 17:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/02 11:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/18 18:32:58 | 000,381,440 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/03/11 04:36:52 | 000,109,608 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/03/11 04:36:52 | 000,084,008 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/03/11 04:36:52 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/03/11 04:36:52 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/02/19 07:17:00 | 000,095,760 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/02/06 06:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/03 09:29:00 | 004,303,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/02/03 09:29:00 | 004,303,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/12/04 08:34:52 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/11/23 16:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/10/29 11:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/01 18:02:04 | 000,051,408 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/10/01 18:02:02 | 000,012,960 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/10/01 18:02:00 | 000,012,528 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/10/01 18:01:58 | 000,109,216 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/08/06 17:43:30 | 000,032,256 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2008/01/20 22:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:47 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/20 22:23:47 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/20 22:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:47 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/20 22:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: notreal.ccoptions@environmentalchemistry.com:1.2.1
FF - prefs.js..extensions.enabledItems: facebookfilter@chocolatesoftware.com:2.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: facebook-email-links@efinke.com:1.0
FF - prefs.js..extensions.enabledItems: s.alfa@idev.com:1.0
FF - prefs.js..extensions.enabledItems: betterfacebook@mattkruse.com:2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:0.19.3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/09 00:39:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/21 20:50:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/06/15 17:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/21 20:49:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/11 00:45:07 | 000,000,000 | ---D | M]

[2010/05/02 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Extensions
[2010/05/02 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/02 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions
[2010/02/15 05:42:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
[2010/05/05 13:19:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/08 21:24:45 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2010/04/08 18:30:17 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/07/01 22:41:31 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2010/04/13 00:27:01 | 000,000,000 | ---D | M] (Castle Age Toolbar) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}
[2009/11/21 19:30:22 | 000,000,000 | ---D | M] (Vivox Voice Plugin) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{ABAD4342-3FDA-4ccf-80AC-B6D0EECACA07}
[2010/05/08 21:24:47 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010/05/08 21:24:46 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\betterfacebook@mattkruse.com
[2010/05/08 21:24:46 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\facebook-email-links@efinke.com
[2010/06/19 00:16:12 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\facebookfilter@chocolatesoftware.com
[2010/03/08 19:47:43 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\lookingforgroupboom@lookingforgroup.com
[2009/10/13 17:01:47 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\notreal.ccoptions@environmentalchemistry.com
[2010/05/08 21:24:46 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\s.alfa@idev.com
[2010/05/25 13:07:46 | 000,001,565 | ---- | M] () -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\searchplugins\gmailto.xml
[2010/05/25 13:08:27 | 000,004,140 | ---- | M] () -- C:\Users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\searchplugins\youtube.xml
[2010/06/30 00:08:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 00:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/11 00:44:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/07/03 02:37:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - c:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper: C:\Users\langsa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\langsa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/18 19:59:05 | 000,000,228 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/07/05 19:05:52 | 001,019,904 | R--- | M] (Microsoft Corporation) - G:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell - " " = AutoRun
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell\AutoRun\command - " " = G:\autorun.exe -- [2005/07/05 19:05:52 | 001,019,904 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell\directx\command - " " = DirectX9\dxsetup.exe
O33 - MountPoints2\{25efe6f2-330b-11df-a17f-00247e90c248}\Shell\setup\command - " " = G:\setup.exe -- [2005/07/15 15:19:47 | 000,253,952 | R--- | M] (Microsoft Game Studios )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

langsa · 2010/07/03

Here's part 2:
========== Files/Folders - Created Within 90 Days ==========

[2010/07/03 02:20:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/02 13:12:09 | 000,000,000 | ---D | C] -- C:\Users\langsa\Desktop\Games
[2010/07/02 08:46:05 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\langsa\Desktop\OTL.exe
[2010/07/01 21:35:39 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\Elluminate
[2010/07/01 20:59:06 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\MyScribe
[2010/07/01 20:31:00 | 000,000,000 | -HSD | C] -- C:\Users\langsa\Documents\cache
[2010/07/01 20:31:00 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\webex
[2010/07/01 20:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2010/07/01 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\langsa\Desktop\DeVry
[2010/07/01 17:28:45 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\langsa\OTL.exe
[2010/06/30 21:27:59 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\langsa\Desktop\TFC.exe
[2010/06/30 11:28:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/30 11:21:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/06/30 00:26:11 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\AVG9
[2010/06/29 23:54:05 | 000,000,000 | ---D | C] -- C:\windows\temp
[2010/06/29 23:53:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/29 14:29:22 | 034,651,584 | ---- | C] (Hewlett-Packard Company ) -- C:\Users\langsa\sp48843.exe
[2010/06/29 14:23:08 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\windows\System32\SynTPCo4.dll
[2010/06/29 14:20:40 | 013,960,488 | ---- | C] (Synaptics Incorporated) -- C:\Users\langsa\Synaptics_v14_0_3_C_XP32_Vista32_Win7-32_Signed_default.exe
[2010/06/29 00:11:28 | 000,000,000 | ---D | C] -- C:\d0e0f61f2b73e93308
[2010/06/28 17:35:29 | 015,374,248 | ---- | C] (PC Tools ) -- C:\Users\langsa\sdstart.exe
[2010/06/28 17:22:14 | 000,000,000 | ---D | C] -- C:\windows\System32\WindowsPowerShell
[2010/06/28 14:15:30 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll
[2010/06/28 14:15:30 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDRes.dll
[2010/06/28 14:15:30 | 000,149,456 | ---- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll
[2010/06/28 14:10:46 | 000,233,136 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctgntdi.sys
[2010/06/28 14:10:46 | 000,100,136 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctwfpfilter.sys
[2010/06/28 14:10:00 | 000,218,592 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
[2010/06/28 14:10:00 | 000,088,040 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\PCTAppEvent.sys
[2010/06/28 14:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/28 13:59:19 | 000,059,664 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\TfSysMon.sys
[2010/06/28 13:59:19 | 000,051,984 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\TfFsMon.sys
[2010/06/28 13:59:19 | 000,033,552 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\TfNetMon.sys
[2010/06/28 13:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/06/28 13:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/21 00:16:52 | 000,922,400 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\langsa\jre-6u20-windows-i586-iftw-rv.exe
[2010/06/20 20:15:14 | 000,000,000 | ---D | C] -- C:\Users\langsa\JavaRa
[2010/06/19 00:50:51 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\Hewlett-Packard
[2010/06/19 00:45:08 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\Intel
[2010/06/19 00:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2010/06/19 00:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/06/19 00:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010/06/16 23:02:21 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Local\Cyberlink
[2010/06/15 17:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/06/15 17:43:36 | 000,000,000 | ---D | C] -- C:\windows\hpoj6500e709
[2010/06/15 17:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/06/15 17:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/06/15 17:24:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/15 17:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/06/13 22:56:49 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\Facebook
[2010/06/13 22:56:22 | 001,990,728 | ---- | C] (Facebook, Inc.) -- C:\Users\langsa\Install_Facebook_Plug-In_1.0.3.exe
[2010/06/03 23:10:29 | 000,000,000 | ---D | C] -- C:\Users\langsa\Documents\My Chat Logs
[2010/06/03 23:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/06/03 23:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/06/03 23:02:50 | 004,852,120 | ---- | C] (Yuna Software) -- C:\Users\langsa\MsgPlusLive-484.exe
[2010/05/27 22:31:26 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\windows\System32\SynCOM.dll
[2010/05/12 18:04:21 | 000,000,000 | ---D | C] -- C:\5decf481de6b3c24e1c079b24d31
[2010/05/07 17:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/05/07 17:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/05/07 17:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2010/05/07 17:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/05/07 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\NCH Software
[2010/05/07 13:22:29 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\com.oskoui-oskoui.avatar
[2010/05/07 13:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/05/07 13:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/07 13:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/07 13:09:09 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Local\Adobe
[2010/05/07 02:53:39 | 000,000,000 | ---D | C] -- C:\Users\langsa\Pics
[2010/05/01 01:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\kSolo
[2010/04/27 18:05:49 | 000,000,000 | ---D | C] -- C:\Users\langsa\Documents\RP Characters
[2010/04/26 18:48:11 | 000,000,000 | ---D | C] -- C:\Users\langsa\Documents\GSnap
[2010/04/26 18:19:45 | 000,000,000 | ---D | C] -- C:\MTV_OUTPUT
[2010/04/21 20:54:32 | 000,000,000 | ---D | C] -- C:\Users\langsa\AppData\Roaming\Apple Computer
[2010/04/21 20:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/04/21 20:43:24 | 000,818,200 | ---- | C] (RealNetworks, Inc.) -- C:\Users\langsa\RealPlayerSPGold.exe
[2010/04/06 23:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/08/07 10:56:03 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009/08/07 10:56:02 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[1 C:\Users\langsa\Documents\*.tmp files -> C:\Users\langsa\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/03 12:35:22 | 004,456,448 | ---- | M] () -- C:\Users\langsa\NTUSER.DAT
[2010/07/03 12:01:10 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2841127670-2781909849-4267527183-1004UA.job
[2010/07/03 11:59:11 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 11:47:54 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/03 11:47:53 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/03 11:47:53 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/03 11:47:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/03 11:47:33 | 2141,433,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/03 11:46:06 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010/07/03 11:44:41 | 000,524,288 | -HS- | M] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TMContainer00000000000000000001.regtrans-ms
[2010/07/03 11:44:41 | 000,065,536 | -HS- | M] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TM.blf
[2010/07/03 11:43:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/03 11:01:07 | 000,000,000 | ---- | M] () -- C:\Users\langsa\AppData\Local\prvlcl.dat
[2010/07/03 10:55:09 | 002,092,602 | -H-- | M] () -- C:\Users\langsa\AppData\Local\IconCache.db
[2010/07/03 02:37:12 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2010/07/02 22:52:17 | 005,104,934 | R--- | M] () -- C:\Users\langsa\Documents\He's Just Not That Into You.pdf
[2010/07/02 22:02:35 | 061,608,586 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010/07/02 19:01:04 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2841127670-2781909849-4267527183-1004Core.job
[2010/07/02 15:01:55 | 000,002,047 | ---- | M] () -- C:\Users\langsa\Desktop\Google Chrome.lnk
[2010/07/02 15:01:55 | 000,002,009 | ---- | M] () -- C:\Users\langsa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/02 14:43:45 | 000,034,818 | ---- | M] () -- C:\Users\langsa\Piccolo- Check me out.mp3
[2010/07/02 13:47:30 | 000,073,204 | ---- | M] () -- C:\Users\langsa\Simmons- Disturbing Picture.mp3
[2010/07/02 08:45:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\langsa\Desktop\OTL.exe
[2010/07/01 22:57:59 | 000,001,356 | ---- | M] () -- C:\Users\langsa\AppData\Local\d3d9caps.dat
[2010/07/01 22:52:21 | 000,000,310 | ---- | M] () -- C:\Users\langsa\Public - Shortcut (2).lnk
[2010/07/01 22:52:17 | 000,000,310 | ---- | M] () -- C:\Users\langsa\Public - Shortcut.lnk
[2010/07/01 17:28:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\langsa\OTL.exe
[2010/06/30 21:28:29 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\langsa\Desktop\TFC.exe
[2010/06/30 11:46:14 | 000,023,552 | ---- | M] () -- C:\Users\langsa\Samantha%20Lang's%20General%20Resume.doc
[2010/06/30 11:21:09 | 003,724,428 | R--- | M] () -- C:\Users\langsa\Desktop\ComboFix.exe
[2010/06/29 23:51:26 | 000,000,215 | ---- | M] () -- C:\windows\system.ini
[2010/06/29 19:26:56 | 001,306,448 | ---- | M] () -- C:\Users\langsa\100_3342.JPG
[2010/06/29 14:43:46 | 000,293,376 | ---- | M] () -- C:\Users\langsa\3jgh10x5.exe
[2010/06/29 14:31:11 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/06/29 14:21:07 | 013,960,488 | ---- | M] (Synaptics Incorporated) -- C:\Users\langsa\Synaptics_v14_0_3_C_XP32_Vista32_Win7-32_Signed_default.exe
[2010/06/29 14:13:19 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/06/29 13:43:01 | 000,645,810 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/06/29 13:43:00 | 000,763,574 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/06/29 13:43:00 | 000,120,908 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/28 23:39:15 | 000,524,288 | -HS- | M] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TMContainer00000000000000000002.regtrans-ms
[2010/06/28 23:21:21 | 004,456,448 | -HS- | M] () -- C:\Users\langsa\ntuser.dat.rmbak
[2010/06/28 23:21:21 | 000,524,288 | -HS- | M] () -- C:\Users\langsa\NTUSER.DAT{6af937d1-9d44-11de-b656-00247e90c248}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 23:21:21 | 000,065,536 | -HS- | M] () -- C:\Users\langsa\NTUSER.DAT{6af937d1-9d44-11de-b656-00247e90c248}.TM.blf
[2010/06/28 17:53:05 | 000,064,030 | ---- | M] () -- C:\Users\langsa\trojan hkey issues.png
[2010/06/28 17:42:12 | 015,374,248 | ---- | M] (PC Tools ) -- C:\Users\langsa\sdstart.exe
[2010/06/28 13:59:22 | 000,000,767 | ---- | M] () -- C:\Users\langsa\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2010/06/28 13:59:21 | 000,000,743 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2010/06/23 21:53:17 | 000,075,349 | ---- | M] () -- C:\Users\langsa\fffffffuuuuu firefox.png
[2010/06/20 23:18:38 | 006,294,825 | ---- | M] () -- C:\Users\langsa\lugia's theme
[2010/06/20 19:55:27 | 000,071,798 | ---- | M] () -- C:\Users\langsa\JavaRa.zip
[2010/06/20 09:34:30 | 000,006,547 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010/06/19 12:13:57 | 018,810,765 | ---- | M] () -- C:\Users\langsa\YouTube - Ultrasound.flv
[2010/06/18 19:21:00 | 000,762,531 | ---- | M] () -- C:\Users\langsa\100_3331.JPG
[2010/06/18 18:34:07 | 001,125,284 | ---- | M] () -- C:\Users\langsa\100_3333.JPG
[2010/06/15 18:11:47 | 000,186,624 | ---- | M] () -- C:\windows\hpwins23.dat
[2010/06/15 17:59:06 | 000,000,254 | ---- | M] () -- C:\windows\win.ini
[2010/06/15 17:50:35 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/06/15 13:46:11 | 000,096,082 | ---- | M] () -- C:\Users\langsa\harrison hotness2.jpg
[2010/06/13 23:00:23 | 000,018,459 | ---- | M] () -- C:\Users\langsa\sha-sha2.jpg
[2010/06/13 22:58:55 | 000,014,016 | ---- | M] () -- C:\Users\langsa\sha-sha.jpg
[2010/06/13 22:56:35 | 001,990,728 | ---- | M] (Facebook, Inc.) -- C:\Users\langsa\Install_Facebook_Plug-In_1.0.3.exe
[2010/06/13 21:26:40 | 000,125,603 | ---- | M] () -- C:\Users\langsa\viper-snake-zoom.jpg
[2010/06/13 21:15:57 | 000,239,455 | ---- | M] () -- C:\Users\langsa\heavens_orion_nebula.png
[2010/06/13 00:38:49 | 000,100,010 | ---- | M] () -- C:\Users\langsa\Helix-nebula.jpg
[2010/06/13 00:38:20 | 000,125,298 | ---- | M] () -- C:\Users\langsa\Orion_Nebula_1200.jpg
[2010/06/13 00:35:30 | 000,230,024 | ---- | M] () -- C:\Users\langsa\orion-full-825x2011.jpg
[2010/06/12 11:52:41 | 004,066,743 | ---- | M] () -- C:\Users\langsa\PVPGurl-If_You_Could_Be_Nyhm_Nation_Gigi_and_Demineon.mp3
[2010/06/11 21:01:15 | 021,799,978 | ---- | M] () -- C:\Users\langsa\YouTube - octopus steals my video camera and swims off with it (while it's Recording).flv
[2010/06/09 00:41:20 | 000,421,408 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/08 17:32:25 | 000,030,512 | ---- | M] () -- C:\Users\langsa\fffffffuuuuu.gif
[2010/06/05 23:02:14 | 000,314,897 | ---- | M] () -- C:\Users\langsa\Trilobabe sm.jpg
[2010/06/04 15:02:10 | 000,014,336 | ---- | M] () -- C:\Users\langsa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 14:08:44 | 016,065,852 | ---- | M] () -- C:\Users\langsa\devrydocuments.zip
[2010/06/03 23:59:48 | 000,028,202 | ---- | M] () -- C:\Users\langsa\YTMND Fads - Soundpack - SoundPack DB2.mp3
[2010/06/03 23:03:05 | 004,852,120 | ---- | M] (Yuna Software) -- C:\Users\langsa\MsgPlusLive-484.exe
[2010/06/02 09:57:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2010/06/02 09:57:43 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2010/05/28 21:41:34 | 000,149,354 | ---- | M] () -- C:\Users\langsa\The_Ninja_Turtles_on_NES_by_ksama487.jpg
[2010/05/28 20:07:49 | 000,248,584 | ---- | M] () -- C:\Users\langsa\Sea_Slug_by_greyanimebeast.jpg
[2010/05/27 23:45:10 | 000,125,338 | ---- | M] () -- C:\Users\langsa\NAS1-JL_large.jpg
[2010/05/26 10:31:07 | 000,392,551 | ---- | M] () -- C:\Users\langsa\Just_touch_me_by_Janots13.jpg
[2010/05/24 17:11:35 | 000,162,288 | ---- | M] () -- C:\Users\langsa\53025103.jpg
[2010/05/24 16:53:10 | 000,057,850 | ---- | M] () -- C:\Users\langsa\whenigrowup.jpg
[2010/05/24 16:28:38 | 000,023,487 | ---- | M] () -- C:\Users\langsa\2vlmuc0.jpg
[2010/05/21 21:13:04 | 116,287,474 | ---- | M] () -- C:\Users\langsa\pita dog.avi
[2010/05/12 22:41:35 | 000,097,632 | ---- | M] () -- C:\Users\langsa\harrison's kitty.jpg
[2010/05/11 13:29:29 | 000,156,161 | ---- | M] () -- C:\Users\langsa\fullmetalalchemist107pa.jpg
[2010/05/07 17:16:19 | 000,000,920 | ---- | M] () -- C:\Users\langsa\NCH Toolbox.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/04/29 00:09:53 | 000,079,347 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 6.jpg
[2010/04/29 00:06:24 | 000,033,904 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 5.jpg
[2010/04/29 00:00:42 | 000,013,066 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 4.jpg
[2010/04/28 23:58:47 | 000,017,380 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 3.jpg
[2010/04/28 23:54:45 | 000,166,463 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 1.jpg
[2010/04/28 23:50:37 | 000,147,222 | ---- | M] () -- C:\Users\langsa\Llorne sea slug 2.jpg
[2010/04/28 23:33:56 | 000,035,621 | ---- | M] () -- C:\Users\langsa\Llorne sea slug - cruisin.jpg
[2010/04/28 23:32:51 | 000,181,198 | ---- | M] () -- C:\Users\langsa\Llorne sea slug - oh hai there.jpg
[2010/04/27 17:16:09 | 000,026,706 | ---- | M] () -- C:\Users\langsa\sword ref.jpg
[2010/04/27 16:26:25 | 000,063,802 | ---- | M] () -- C:\Users\langsa\uniform-reference.gif
[2010/04/27 16:24:16 | 000,379,564 | ---- | M] () -- C:\Users\langsa\umeda.jpg
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\windows\PEV.exe
[2010/04/21 20:50:10 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/04/21 20:47:19 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\windows\System32\pncrt.dll
[2010/04/21 00:20:03 | 000,078,850 | ---- | M] () -- C:\Users\langsa\n1165720760_30158947_3835.jpg
[2010/04/15 23:53:02 | 000,013,346 | ---- | M] () -- C:\Users\langsa\abel faht.jpg
[2010/04/08 23:47:45 | 000,039,160 | ---- | M] () -- C:\Users\langsa\3CYRP-A1.jpg
[2010/04/08 22:11:23 | 000,056,780 | ---- | M] () -- C:\Users\langsa\kane_puppy.jpg
[2010/04/08 22:01:05 | 000,092,122 | ---- | M] () -- C:\Users\langsa\harrison hotness.jpg
[2010/04/05 00:02:25 | 000,023,892 | ---- | M] () -- C:\Users\langsa\2010-04-01-clash1.jpg
[2010/04/05 00:02:05 | 000,018,486 | ---- | M] () -- C:\Users\langsa\clash-poster-kraken-close.jpg
[2010/04/05 00:00:09 | 000,047,278 | ---- | M] () -- C:\Users\langsa\kracken.jpg
[2010/04/04 23:56:23 | 000,027,578 | ---- | M] () -- C:\Users\langsa\4197085481_faf747bc30_o.jpg
[2010/04/04 23:55:58 | 000,032,766 | ---- | M] () -- C:\Users\langsa\clash-of-the-titans-kraken-575x328.jpg
[2010/04/04 17:25:18 | 001,408,636 | ---- | M] () -- C:\Users\langsa\Documents\fandango_com_fd.pdf
[1 C:\Users\langsa\Documents\*.tmp files -> C:\Users\langsa\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/02 22:52:17 | 005,104,934 | R--- | C] () -- C:\Users\langsa\Documents\He's Just Not That Into You.pdf
[2010/07/02 14:43:34 | 000,034,818 | ---- | C] () -- C:\Users\langsa\Piccolo- Check me out.mp3
[2010/07/02 13:47:19 | 000,073,204 | ---- | C] () -- C:\Users\langsa\Simmons- Disturbing Picture.mp3
[2010/07/02 08:36:32 | 000,000,859 | ---- | C] () -- C:\Users\langsa\kaspersky.txt
[2010/07/01 22:52:21 | 000,000,310 | ---- | C] () -- C:\Users\langsa\Public - Shortcut (2).lnk
[2010/07/01 22:52:17 | 000,000,310 | ---- | C] () -- C:\Users\langsa\Public - Shortcut.lnk
[2010/06/30 11:24:27 | 000,023,552 | ---- | C] () -- C:\Users\langsa\Samantha%20Lang's%20General%20Resume.doc
[2010/06/30 00:11:26 | 2141,433,856 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/29 22:27:17 | 003,724,428 | R--- | C] () -- C:\Users\langsa\Desktop\ComboFix.exe
[2010/06/29 19:41:04 | 001,306,448 | ---- | C] () -- C:\Users\langsa\100_3342.JPG
[2010/06/29 14:42:22 | 000,293,376 | ---- | C] () -- C:\Users\langsa\3jgh10x5.exe
[2010/06/29 14:31:11 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/06/29 14:13:19 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/06/29 00:37:34 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/06/28 23:35:23 | 000,524,288 | -HS- | C] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TMContainer00000000000000000002.regtrans-ms
[2010/06/28 23:35:23 | 000,524,288 | -HS- | C] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 23:35:23 | 000,065,536 | -HS- | C] () -- C:\Users\langsa\NTUSER.DAT{7aead7eb-80a8-11df-a46a-00247e90c248}.TM.blf
[2010/06/28 23:07:32 | 000,010,471 | ---- | C] () -- C:\Users\langsa\Attach.txt
[2010/06/28 17:52:54 | 000,064,030 | ---- | C] () -- C:\Users\langsa\trojan hkey issues.png
[2010/06/28 17:04:05 | 000,201,184 | ---- | C] () -- C:\windows\System32\winrm.vbs
[2010/06/28 17:04:05 | 000,004,675 | ---- | C] () -- C:\windows\System32\wsmanconfig_schema.xml
[2010/06/28 17:04:05 | 000,002,426 | ---- | C] () -- C:\windows\System32\WsmTxt.xsl
[2010/06/28 14:15:32 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll
[2010/06/28 14:15:31 | 000,000,882 | ---- | C] () -- C:\windows\RegSDImport.xml
[2010/06/28 14:15:31 | 000,000,879 | ---- | C] () -- C:\windows\RegISSImport.xml
[2010/06/28 14:15:30 | 001,152,444 | ---- | C] () -- C:\windows\UDB.zip
[2010/06/28 14:15:30 | 000,000,131 | ---- | C] () -- C:\windows\IDB.zip
[2010/06/28 14:10:46 | 000,007,387 | ---- | C] () -- C:\windows\System32\drivers\pctgntdi.cat
[2010/06/28 14:10:00 | 000,007,412 | ---- | C] () -- C:\windows\System32\drivers\PCTAppEvent.cat
[2010/06/28 14:10:00 | 000,007,383 | ---- | C] () -- C:\windows\System32\drivers\pctcore.cat
[2010/06/28 13:59:22 | 000,000,767 | ---- | C] () -- C:\Users\langsa\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2010/06/28 13:59:21 | 000,000,743 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2010/06/28 13:48:41 | 000,262,144 | -H-- | C] () -- C:\Users\langsa\S-1-5-21-2841127670-2781909849-4267527183-1004.rrr.LOG1
[2010/06/28 13:48:41 | 000,000,000 | -H-- | C] () -- C:\Users\langsa\S-1-5-21-2841127670-2781909849-4267527183-1004.rrr.LOG2
[2010/06/20 23:18:21 | 006,294,825 | ---- | C] () -- C:\Users\langsa\lugia's theme
[2010/06/20 19:55:05 | 000,071,798 | ---- | C] () -- C:\Users\langsa\JavaRa.zip
[2010/06/20 09:00:27 | 000,006,547 | ---- | C] () -- C:\WirelessDiagLog.csv
[2010/06/19 12:13:37 | 018,810,765 | ---- | C] () -- C:\Users\langsa\YouTube - Ultrasound.flv
[2010/06/18 16:18:21 | 001,125,284 | ---- | C] () -- C:\Users\langsa\100_3333.JPG
[2010/06/18 16:18:16 | 000,762,531 | ---- | C] () -- C:\Users\langsa\100_3331.JPG
[2010/06/15 18:09:37 | 000,001,847 | ---- | C] () -- C:\windows\hpwmdl23.dat.temp
[2010/06/15 17:50:35 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/06/15 17:22:01 | 000,001,163 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/15 17:22:00 | 000,186,624 | ---- | C] () -- C:\windows\hpwins23.dat
[2010/06/15 13:45:41 | 000,096,082 | ---- | C] () -- C:\Users\langsa\harrison hotness2.jpg
[2010/06/13 22:48:27 | 000,018,459 | ---- | C] () -- C:\Users\langsa\sha-sha2.jpg
[2010/06/13 22:40:45 | 000,014,016 | ---- | C] () -- C:\Users\langsa\sha-sha.jpg
[2010/06/13 21:26:29 | 000,125,603 | ---- | C] () -- C:\Users\langsa\viper-snake-zoom.jpg
[2010/06/13 21:14:05 | 000,239,455 | ---- | C] () -- C:\Users\langsa\heavens_orion_nebula.png
[2010/06/13 00:38:43 | 000,100,010 | ---- | C] () -- C:\Users\langsa\Helix-nebula.jpg
[2010/06/13 00:38:11 | 000,125,298 | ---- | C] () -- C:\Users\langsa\Orion_Nebula_1200.jpg
[2010/06/13 00:35:17 | 000,230,024 | ---- | C] () -- C:\Users\langsa\orion-full-825x2011.jpg
[2010/06/12 11:52:12 | 004,066,743 | ---- | C] () -- C:\Users\langsa\PVPGurl-If_You_Could_Be_Nyhm_Nation_Gigi_and_Demineon.mp3
[2010/06/12 00:01:43 | 000,000,000 | ---- | C] () -- C:\Users\langsa\AppData\Local\prvlcl.dat
[2010/06/11 21:00:17 | 021,799,978 | ---- | C] () -- C:\Users\langsa\YouTube - octopus steals my video camera and swims off with it (while it's Recording).flv
[2010/06/09 10:49:31 | 000,075,349 | ---- | C] () -- C:\Users\langsa\fffffffuuuuu firefox.png
[2010/06/08 17:30:43 | 000,030,512 | ---- | C] () -- C:\Users\langsa\fffffffuuuuu.gif
[2010/06/05 23:01:39 | 000,314,897 | ---- | C] () -- C:\Users\langsa\Trilobabe sm.jpg
[2010/06/04 14:01:35 | 016,065,852 | ---- | C] () -- C:\Users\langsa\devrydocuments.zip
[2010/06/03 23:59:41 | 000,028,202 | ---- | C] () -- C:\Users\langsa\YTMND Fads - Soundpack - SoundPack DB2.mp3
[2010/05/28 21:40:39 | 000,149,354 | ---- | C] () -- C:\Users\langsa\The_Ninja_Turtles_on_NES_by_ksama487.jpg
[2010/05/28 20:05:41 | 000,248,584 | ---- | C] () -- C:\Users\langsa\Sea_Slug_by_greyanimebeast.jpg
[2010/05/27 23:43:39 | 000,125,338 | ---- | C] () -- C:\Users\langsa\NAS1-JL_large.jpg
[2010/05/26 10:30:41 | 000,392,551 | ---- | C] () -- C:\Users\langsa\Just_touch_me_by_Janots13.jpg
[2010/05/24 17:11:18 | 000,162,288 | ---- | C] () -- C:\Users\langsa\53025103.jpg
[2010/05/24 16:52:55 | 000,057,850 | ---- | C] () -- C:\Users\langsa\whenigrowup.jpg
[2010/05/24 16:28:24 | 000,023,487 | ---- | C] () -- C:\Users\langsa\2vlmuc0.jpg
[2010/05/12 22:41:09 | 000,097,632 | ---- | C] () -- C:\Users\langsa\harrison's kitty.jpg
[2010/05/11 13:24:24 | 000,156,161 | ---- | C] () -- C:\Users\langsa\fullmetalalchemist107pa.jpg
[2010/05/07 17:25:45 | 116,287,474 | ---- | C] () -- C:\Users\langsa\pita dog.avi
[2010/05/07 17:16:19 | 000,000,920 | ---- | C] () -- C:\Users\langsa\NCH Toolbox.lnk
[2010/04/29 00:09:53 | 000,079,347 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 6.jpg
[2010/04/29 00:06:23 | 000,033,904 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 5.jpg
[2010/04/29 00:00:42 | 000,013,066 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 4.jpg
[2010/04/28 23:58:46 | 000,017,380 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 3.jpg
[2010/04/28 23:54:43 | 000,166,463 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 1.jpg
[2010/04/28 23:50:37 | 000,147,222 | ---- | C] () -- C:\Users\langsa\Llorne sea slug 2.jpg
[2010/04/28 23:33:56 | 000,035,621 | ---- | C] () -- C:\Users\langsa\Llorne sea slug - cruisin.jpg
[2010/04/28 23:32:50 | 000,181,198 | ---- | C] () -- C:\Users\langsa\Llorne sea slug - oh hai there.jpg
[2010/04/27 17:16:01 | 000,026,706 | ---- | C] () -- C:\Users\langsa\sword ref.jpg
[2010/04/27 16:55:36 | 000,004,559 | ---- | C] () -- C:\Users\langsa\feila characters.txt
[2010/04/27 16:26:18 | 000,063,802 | ---- | C] () -- C:\Users\langsa\uniform-reference.gif
[2010/04/27 16:23:35 | 000,379,564 | ---- | C] () -- C:\Users\langsa\umeda.jpg
[2010/04/21 20:50:10 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/04/21 00:19:20 | 000,078,850 | ---- | C] () -- C:\Users\langsa\n1165720760_30158947_3835.jpg
[2010/04/15 23:53:01 | 000,013,346 | ---- | C] () -- C:\Users\langsa\abel faht.jpg
[2010/04/08 23:47:35 | 000,039,160 | ---- | C] () -- C:\Users\langsa\3CYRP-A1.jpg
[2010/04/08 22:11:09 | 000,056,780 | ---- | C] () -- C:\Users\langsa\kane_puppy.jpg
[2010/04/08 22:00:23 | 000,092,122 | ---- | C] () -- C:\Users\langsa\harrison hotness.jpg
[2010/04/05 00:02:19 | 000,023,892 | ---- | C] () -- C:\Users\langsa\2010-04-01-clash1.jpg
[2010/04/05 00:01:59 | 000,018,486 | ---- | C] () -- C:\Users\langsa\clash-poster-kraken-close.jpg
[2010/04/05 00:00:03 | 000,047,278 | ---- | C] () -- C:\Users\langsa\kracken.jpg
[2010/04/04 23:56:16 | 000,027,578 | ---- | C] () -- C:\Users\langsa\4197085481_faf747bc30_o.jpg
[2010/04/04 23:55:52 | 000,032,766 | ---- | C] () -- C:\Users\langsa\clash-of-the-titans-kraken-575x328.jpg
[2010/04/04 17:25:13 | 001,408,636 | ---- | C] () -- C:\Users\langsa\Documents\fandango_com_fd.pdf
[2010/03/03 00:02:55 | 000,027,648 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2010/01/06 19:53:39 | 000,162,304 | ---- | C] () -- C:\windows\System32\ztvunrar36.dll
[2010/01/06 19:53:39 | 000,153,088 | ---- | C] () -- C:\windows\System32\UNRAR3.dll
[2010/01/06 19:53:39 | 000,077,312 | ---- | C] () -- C:\windows\System32\ztvunace26.dll
[2010/01/06 19:53:39 | 000,075,264 | ---- | C] () -- C:\windows\System32\unacev2.dll
[2009/11/07 05:06:14 | 000,000,044 | ---- | C] () -- C:\windows\WSST_Screen_Saver.ini
[2009/08/18 14:51:49 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2009/08/12 23:37:12 | 000,000,025 | ---- | C] () -- C:\windows\cdplayer.ini
[2009/08/07 10:56:02 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/08/07 10:56:02 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/08/07 10:56:02 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2009/02/03 07:00:00 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2009/02/03 07:00:00 | 000,011,264 | ---- | C] () -- C:\windows\System32\atimuixx.dll
[2008/10/01 18:01:58 | 000,109,216 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008/08/06 18:19:14 | 000,294,912 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll
[2007/11/27 20:41:06 | 000,114,688 | ---- | C] () -- C:\windows\System32\aicext.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2005/04/03 19:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[1998/05/07 00:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

========== LOP Check ==========

[2009/11/12 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Alien Skin
[2009/12/08 06:09:36 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Audacity
[2010/06/30 00:26:11 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\AVG9
[2010/05/07 13:22:29 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\com.oskoui-oskoui.avatar
[2010/03/14 21:23:08 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\DAEMON Tools Lite
[2010/07/01 21:37:06 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Elluminate
[2010/06/13 22:56:53 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Facebook
[2009/08/08 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\InterVideo
[2010/07/01 21:05:28 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\MyScribe
[2009/09/11 14:50:19 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\PeerNetworking
[2009/09/12 19:06:42 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Renegade Minds
[2009/08/17 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\SecondLife
[2009/08/12 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\SPORE
[2009/12/07 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\SystemRequirementsLab
[2009/11/21 19:30:36 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\Vivox
[2010/07/01 20:31:34 | 000,000,000 | ---D | M] -- C:\Users\langsa\AppData\Roaming\webex
[2010/07/03 11:46:12 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

broni · 2010/07/03

Good

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

langsa · 2010/07/04

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, July 4, 2010
Operating system: Microsoft Windows Vista Business Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, July 03, 2010 16:37:38
Records in database: 4253109
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 248029
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 06:28:59

No threats found. Scanned area is clean.

Selected area has been scanned.

Log in or Sign up

Solved Hkey registry issues

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

langsa Inactive Thread Starter

langsa Inactive Thread Starter

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Hkey registry issues

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

langsa Inactive Thread Starter

langsa Inactive Thread Starter

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

Share This Page

Useful Searches