Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log- Rundll/msiclass.dll Error


  • This topic is locked This topic is locked
8 replies to this topic

#1 Alinda

Alinda

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 19 May 2009 - 11:52 PM

Today, my AVG scan detected a trojan in one of my files. According to my computer, the trojan wouldn't delete because it was opened in another program. I restarted my computer, hoping that would solve the problem. Now, I find that this Rundll error message keeps popping up every time I log in. It says something about not being able to open msiclass.dll and "Access denied". I figured this had to do with the trojan. I searched for msiclass.dll in my computer, found it, and deleted it from my computer. However, I still receive the same message, except now instead of it saying "access denied", it says something among the lines of "specified folder could not be found". I searched the web and discovered people with similar problems. Unfortunately for me, none of the solutions that had worked for them worked for me. (For example, I couldn't fix my problem with Autoruns because I couldn't even find the msiclass.dll file using it; I think I deleted some wrong files too, because I thought it was associated with the dll. Clearing (what I could) of my Temp files didn't work either. Registry Easy was NO help at all.)

It's probably not a big deal, but it is driving me nuts. Any help would be greatly appreciated. I'm not very tech-savvy, so hopefully I am doing this right.

EDIT: I just noticed that all my music files say ".mp3" after their names now. I know, mp3 is just the format it's in, but it wasn't like that before. It used to just say the song's name, and only the name. Not Name.mp3. I think that might have happened because I deleted the wrong files with autoruns. (I deleted several things with the word msi in them.) Is there any way to get them back to normal? It's the little things that bother me. :/

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:30 PM, on 5/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Users\Alinda\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Registry Easy\RE.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=T-1628
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Alinda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 11065 bytes

Edited by Alinda, 20 May 2009 - 07:08 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:01 PM

Posted 01 June 2009 - 11:05 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Alinda

Alinda
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 06 June 2009 - 11:26 PM

Thank you! No worries, I completely understand. It's a busy world. I'm just happy to get some help. I've attached the two text documents to this post.

By the way, I also noticed another thing wrong. When I use the add/remove programs tool from the control panel, the items always come up as icons instead of details. When I switch it back to details mode, it doesn't show anything else except for the name of the programs. It used to show the date a program was last used, the author of the program, etc. Again, this is a small problem, but I just get so bugged. I think it might have happened when I deleted the wrong files. (I deleted most of the things that included msi in their names. Wasn't a great idea.)

Oh, and you can ignore the thing in my first post about .mp3. That's fixed now. :)

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:01 PM

Posted 07 June 2009 - 11:00 AM

Hi Alinda,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will get back to you with your first instructions. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:01 PM

Posted 07 June 2009 - 11:25 AM

Hi Alinda,

Your log looks fine but let's do some checking.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 Alinda

Alinda
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 07 June 2009 - 04:06 PM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-07 13:54:48
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

INT 0x62 ? 85EE2BF8
INT 0x72 ? 85EE2BF8
INT 0x81 ? 84EB7BF8
INT 0x82 ? 85EE2BF8
INT 0x91 ? 84EB7BF8
INT 0x92 ? 85EE2BF8
INT 0xA1 ? 84EB7BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spux.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 88F4746F 5 Bytes JMP 85EE21D8
.text ab1wd816.SYS 88FA3000 22 Bytes [26, F2, E0, 81, 10, F1, E0, ...]
.text ab1wd816.SYS 88FA3017 145 Bytes [00, 32, C7, 70, 80, 3D, C5, ...]
.text ab1wd816.SYS 88FA30A9 35 Bytes CALL 71D1D12F
.text ab1wd816.SYS 88FA30CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text ab1wd816.SYS 88FA30DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1072] kernel32.dll!ExitProcess 77303B54 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1072] USER32.dll!MessageBoxA 764AD619 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1072] USER32.dll!MessageBoxW 764AD667 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe[2852] ntdll.dll!DbgBreakPoint 771D7DFE 1 Byte [90]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806036D2] \SystemRoot\System32\Drivers\spux.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80603040] \SystemRoot\System32\Drivers\spux.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806037FC] \SystemRoot\System32\Drivers\spux.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806030BE] \SystemRoot\System32\Drivers\spux.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060313C] \SystemRoot\System32\Drivers\spux.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80613048] \SystemRoot\System32\Drivers\spux.sys
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\ab1wd816.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E67BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73EA98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E6D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E5F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E67599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E5E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E9B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E6D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E6012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E60095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E571F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73EED802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E875E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E5DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E5668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E566BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E61E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84EBC1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84EB91F8
Device \Driver\usbohci \Device\USBPDO-0 85ED01F8
Device \Driver\usbohci \Device\USBPDO-1 85ED01F8
Device \Driver\usbohci \Device\USBPDO-2 85ED01F8
Device \Driver\usbohci \Device\USBPDO-3 85ED01F8
Device \Driver\usbohci \Device\USBPDO-4 85ED01F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbehci \Device\USBPDO-5 85ED71F8
Device \Driver\volmgr \Device\HarddiskVolume1 84EB91F8
Device \Driver\volmgr \Device\HarddiskVolume2 84EB91F8
Device \Driver\cdrom \Device\CdRom0 85EDA1F8
Device \Driver\sptd \Device\3126687152 spux.sys
Device \Driver\cdrom \Device\CdRom1 85EDA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84EBB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 84EBB1F8
Device \Driver\atapi \Device\Ide\IdePort0 84EBB1F8
Device \Driver\atapi \Device\Ide\IdePort1 84EBB1F8
Device \Driver\atapi \Device\Ide\IdePort2 84EBB1F8
Device \Driver\atapi \Device\Ide\IdePort3 84EBB1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8638D1F8
Device \Driver\Smb \Device\NetbiosSmb 863A11F8
Device \Driver\PCI_PNP7152 \Device\0000004e spux.sys

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\netbt \Device\NetBT_Tcpip_{0642DD7D-5C7B-43F3-AF78-622D89020FB5} 8638D1F8

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\netbt \Device\NetBT_Tcpip_{32D62CB6-4A6B-4863-9725-CA364B5E72E5} 8638D1F8
Device \Driver\usbohci \Device\USBFDO-0 85ED01F8
Device \Driver\usbohci \Device\USBFDO-1 85ED01F8
Device \Driver\usbohci \Device\USBFDO-2 85ED01F8
Device \Driver\usbohci \Device\USBFDO-3 85ED01F8
Device \Driver\usbohci \Device\USBFDO-4 85ED01F8
Device \Driver\usbehci \Device\USBFDO-5 85ED71F8
Device \Driver\ab1wd816 \Device\Scsi\ab1wd8161Port4Path0Target0Lun0 85ECE1F8
Device \Driver\ab1wd816 \Device\Scsi\ab1wd8161 85ECE1F8
Device \FileSystem\cdfs \Cdfs 864141F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7D 0xED 0x40 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0xD1 0x3E 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0x0A 0x86 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB3 0x54 0x0A 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xB3 0x54 0x0A 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xB3 0x54 0x0A 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7D 0xED 0x40 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0xD1 0x3E 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0x0A 0x86 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB3 0x54 0x0A 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xB3 0x54 0x0A 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xB3 0x54 0x0A 0xF4 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 31: copy of MBR

---- EOF - GMER 1.0.15 ----





OTL logfile created on: 6/7/2009 1:59:48 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Alinda\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.58% Memory free
4.00 Gb Paging File | 3.92 Gb Available in Paging File | 98.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.82 Gb Total Space | 132.40 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 11.06 Gb Total Space | 5.19 Gb Free Space | 46.88% Space Free | Partition Type: NTFS
Drive E: | 379.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEEPERS-PC
Current User Name: Alinda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/06/13 23:09:42 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe
PRC - [2008/01/20 19:23:40 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SYSTEM32\WISPTIS.EXE
PRC - [2008/01/20 19:25:31 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2007/06/13 23:09:42 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe
PRC - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\system32\agrsmsvc.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 19:27:31 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/07 20:45:10 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/04/27 01:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/04/27 07:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2009/05/19 19:27:33 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/19 19:27:33 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2007/07/27 09:49:42 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STacSV.exe
PRC - [2009/05/19 19:27:32 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2007/09/07 11:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\system32\Pen_Tablet.exe
PRC - [2009/05/19 19:27:32 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2008/01/20 19:23:40 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SYSTEM32\WISPTIS.EXE
PRC - [2008/01/20 19:25:31 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/05/19 19:27:32 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2007/09/07 11:16:50 | 00,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\system32\WTablet\Pen_TabletUser.exe
PRC - [2007/09/07 11:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\system32\Pen_Tablet.exe
PRC - [2008/01/20 19:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/27 09:48:28 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/17 14:58:40 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/06/29 17:12:06 | 00,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2008/08/11 16:04:15 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2006/09/06 13:12:46 | 00,323,216 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2007/03/11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/19 19:27:32 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/03/11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/12/07 20:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007/06/29 14:04:16 | 04,933,632 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2007/03/11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/08/11 16:04:15 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/01/20 19:25:32 | 00,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
PRC - [2009/06/07 13:56:35 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Alinda\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\system32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/06/13 23:09:42 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV - [2009/05/19 19:27:32 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/05/19 19:27:31 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/01/20 19:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/20 19:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/02/05 17:38:22 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/01/20 19:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/05/05 15:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/08/11 16:04:15 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2007/03/11 21:37:52 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/03/11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/01/20 19:25:20 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/01/20 19:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/04/07 20:45:10 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2007/04/27 01:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer [Auto | Running])
SRV - [2007/04/27 07:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer [Auto | Running])
SRV - [2007/07/27 09:49:42 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2007/09/07 11:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\system32\Pen_Tablet.exe -- (TabletServicePen [Auto | Running])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2008/01/20 19:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/20 19:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/08/14 08:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2008/01/20 19:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/20 19:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/20 19:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/28 16:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\Windows\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/20 19:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/20 19:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2007/06/13 23:21:30 | 02,600,960 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV - [2006/10/30 10:23:12 | 00,007,680 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot | Running])
DRV - [2009/05/19 19:27:44 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/05/19 19:27:41 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/19 19:27:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2005/09/07 14:29:44 | 00,044,288 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2005/09/07 14:32:58 | 00,024,960 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2008/01/20 19:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/01/20 19:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/20 19:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/01/20 19:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 00:36:45 | 01,302,492 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2008/01/20 19:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/20 19:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 00:30:56 | 02,589,184 | ---- | M] (Intel® Corporation) -- C:\Windows\system32\DRIVERS\NETw2v32.sys -- (NETw2v32 [On_Demand | Stopped])
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2005/01/02 23:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\system32\npptNT2.sys -- (NPPTNT2 [On_Demand | Stopped])
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/01/20 19:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/20 19:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/01/20 19:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2007/01/15 23:28:20 | 00,070,144 | ---- | M] (Realtek Corporation) -- C:\Windows\system32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2007/06/08 14:42:44 | 00,253,952 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\system32\DRIVERS\RTL8187B.sys -- (RTL8187B [On_Demand | Running])
DRV - [2007/06/15 22:47:26 | 00,047,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTSTOR.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2009/05/14 14:22:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/05/14 14:22:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/05/14 14:22:00 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2007/04/27 07:40:00 | 00,090,688 | ---- | M] (SafeNet, Inc.) -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running])
DRV - [2008/01/20 19:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2009/03/24 22:20:40 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/07/27 09:50:22 | 00,329,728 | ---- | M] (IDT, Inc.) -- C:\Windows\system32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/17 15:22:02 | 00,181,176 | ---- | M] (Synaptics, Inc.) -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/20 19:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2007/05/23 18:37:40 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV - [2008/01/20 19:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/02/16 12:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\Windows\system32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2007/02/16 11:30:12 | 00,012,848 | ---- | M] (Wacom Technology) -- C:\Windows\system32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
DRV - [2007/02/15 17:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\Windows\system32\DRIVERS\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])
DRV - [2006/11/02 00:30:56 | 00,194,048 | ---- | M] (Marvell) -- C:\Windows\system32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=T-1628


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
IE - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1628
IE - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\S-1-5-21-1819276629-3356792198-2940103775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\S-1-5-21-1819276629-3356792198-2940103775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Scour - Search Socially"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.18
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/19 19:27:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/05/19 19:27:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 21:43:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/02 20:51:58 | 00,000,000 | ---D | M]

[2009/01/08 01:41:55 | 00,000,000 | ---D | M] -- C:\Users\Alinda\AppData\Roaming\mozilla\Extensions
[2008/08/25 21:02:55 | 00,000,000 | ---D | M] -- C:\Users\Alinda\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/08 01:41:55 | 00,000,000 | ---D | M] -- C:\Users\Alinda\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2009/06/06 13:18:05 | 00,000,000 | ---D | M] -- C:\Users\Alinda\AppData\Roaming\mozilla\Firefox\Profiles\4ayrpoix.default\extensions
[2009/01/14 17:13:29 | 00,000,000 | ---D | M] -- C:\Users\Alinda\AppData\Roaming\mozilla\Firefox\Profiles\4ayrpoix.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/22 23:41:36 | 00,000,000 | ---D | M] -- C:\Users\Alinda\AppData\Roaming\mozilla\Firefox\Profiles\4ayrpoix.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/01/23 22:07:09 | 00,000,000 | ---D | M] -- C:\Users\Alinda\AppData\Roaming\mozilla\Firefox\Profiles\4ayrpoix.default\extensions\moveplayer@movenetworks.com
[2009/05/19 19:44:26 | 00,000,000 | ---D | M] -- C:\Users\Alinda\AppData\Roaming\mozilla\Firefox\Profiles\4ayrpoix.default\extensions\personas@christopher.beard
[2009/01/25 15:38:51 | 00,000,000 | ---D | M] -- C:\Users\Alinda\AppData\Roaming\mozilla\Firefox\Profiles\4ayrpoix.default\extensions\yyginstantplay@yoyogames.com
[2009/05/10 16:28:57 | 00,004,431 | ---- | M] () -- C:\Users\Alinda\AppData\Roaming\Mozilla\FireFox\Profiles\4ayrpoix.default\searchplugins\scour---search-socially.xml
[2008/06/24 18:54:02 | 00,002,386 | ---- | M] () -- C:\Users\Alinda\AppData\Roaming\Mozilla\FireFox\Profiles\4ayrpoix.default\searchplugins\siteadvisor.xml
[2009/03/28 22:17:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 21:43:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/21 10:06:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/07/25 19:44:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/16 20:58:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/07 12:06:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/28 22:17:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2008/08/25 21:02:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/04/28 21:43:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 21:43:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/25 21:02:32 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/08/25 21:02:32 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/25 21:02:32 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 20:07:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/08/25 21:02:32 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/11 16:04:15 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/08/11 16:04:15 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2008/08/25 21:02:32 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (1201 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (Gateway Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" (Chicony)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray (Napster)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - Startup: C:\Users\Alinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/24 22:06:28 | 00,000,050 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/29 18:07:40 | 00,000,000 | -H-D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/12/12 20:15:27 | 00,053,248 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/01/18 18:30:20 | 00,010,454 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2003/06/05 08:28:33 | 00,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/07 13:56:39 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/07 13:56:20 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Alinda\Desktop\OTL.exe
[2009/06/07 13:22:28 | 00,286,208 | ---- | C] () -- C:\Users\Alinda\Desktop\4yl6t46n.exe
[2009/06/02 20:51:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/06/02 20:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/05/29 18:07:40 | 00,000,000 | -H-D | C] -- C:\autorun.inf
[2009/05/29 16:25:54 | 00,000,000 | ---D | C] -- C:\Program Files\Perfect Optimizer
[2009/05/27 16:24:31 | 00,032,768 | ---- | C] () -- C:\Users\Alinda\Documents\aliensinamericaimeanrealones.wps
[2009/05/26 20:23:58 | 00,023,552 | ---- | C] () -- C:\Users\Alinda\Documents\acadeca_speech2010-11.wps
[2009/05/24 22:07:19 | 00,000,857 | ---- | C] () -- C:\Windows\System\mapisvc.inf
[2009/05/24 22:07:13 | 00,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MSPST.DLL
[2009/05/24 22:07:13 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MAPIX.DLL
[2009/05/24 22:07:13 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\OLE2.DLL
[2009/05/24 22:07:13 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MAPIU.DLL
[2009/05/24 22:07:13 | 00,157,184 | ---- | C] () -- C:\Windows\System\STORAGE.DLL
[2009/05/24 22:07:13 | 00,142,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\TYPELIB.DLL
[2009/05/24 22:07:13 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\COMPOBJ.DLL
[2009/05/24 22:07:13 | 00,099,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\OLE2NLS.DLL
[2009/05/24 22:07:13 | 00,090,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\OLE2DISP.DLL
[2009/05/24 22:07:13 | 00,073,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\UWAOLE.DLL
[2009/05/24 22:07:13 | 00,069,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MSAJU110.DLL
[2009/05/24 22:07:13 | 00,060,752 | ---- | C] () -- C:\Windows\System\MSFTREG.DLL
[2009/05/24 22:07:13 | 00,057,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\OLE2CONV.DLL
[2009/05/24 22:07:13 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\OLE2PROX.DLL
[2009/05/24 22:07:13 | 00,025,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\CTL3DV2.DLL
[2009/05/24 22:07:13 | 00,024,598 | ---- | C] () -- C:\Windows\System\OLE2.REG
[2009/05/24 22:07:13 | 00,018,688 | ---- | C] () -- C:\Windows\System\CMDIALOG.VBX
[2009/05/24 22:07:13 | 00,011,835 | ---- | C] () -- C:\Windows\System\MAPIRPC.REG
[2009/05/24 22:07:13 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MAPISP.EXE
[2009/05/24 22:07:13 | 00,000,000 | ---D | C] -- C:\Windows\MSAPPS
[2009/05/24 22:07:09 | 00,710,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MSAJT110.DLL
[2009/05/24 22:07:09 | 00,394,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\VBRUN300.DLL
[2009/05/24 22:07:09 | 00,279,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MSABC110.DLL
[2009/05/24 22:07:09 | 00,188,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WINGDE.DLL
[2009/05/24 22:07:09 | 00,095,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\VBDB300.DLL
[2009/05/24 22:07:09 | 00,092,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WING.DLL
[2009/05/24 22:07:09 | 00,089,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MEDV12.DLL
[2009/05/24 22:07:09 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MVFS12.DLL
[2009/05/24 22:07:09 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MVTTL12.DLL
[2009/05/24 22:07:09 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MVSRCH12.DLL
[2009/05/24 22:07:09 | 00,033,280 | ---- | C] (Microsoft Corp.) -- C:\Windows\System\MSAES110.DLL
[2009/05/24 22:07:09 | 00,031,744 | ---- | C] (Microsoft Corp.) -- C:\Windows\System\MSAFINX.DLL
[2009/05/24 22:07:09 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WAVMIX16.DLL
[2009/05/24 22:07:09 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\VBOA300.DLL
[2009/05/24 22:07:09 | 00,006,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WINGDIB.DRV
[2009/05/24 22:07:09 | 00,005,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WINGPAL.WND
[2009/05/24 22:07:09 | 00,002,552 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2009/05/24 22:07:09 | 00,002,313 | ---- | C] () -- C:\Windows\System\UTOPIA.REG
[2009/05/24 22:07:09 | 00,001,966 | ---- | C] () -- C:\Windows\System\DVA.386
[2009/05/24 22:07:09 | 00,001,833 | ---- | C] () -- C:\Windows\System\UTOPIAWA.REG
[2009/05/24 22:06:20 | 00,000,000 | ---D | C] -- C:\MSBOB
[2009/05/24 21:21:32 | 00,289,280 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2009/05/19 21:07:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/19 20:52:48 | 00,000,042 | ---- | C] () -- C:\Windows\System32\RegistryEasy.lie
[2009/05/19 20:39:19 | 00,000,396 | ---- | C] () -- C:\Windows\tasks\Schedule Task Weekly.job
[2009/05/19 20:39:08 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2009/05/19 20:28:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/19 19:27:54 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/05/19 19:27:52 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/05/19 19:27:44 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/05/19 19:27:41 | 36,894,033 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/05/19 19:27:41 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/05/19 19:27:41 | 00,434,673 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/05/19 19:27:41 | 00,065,246 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/05/19 19:27:41 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/05/19 19:27:41 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/05/19 18:43:09 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/05/19 18:43:09 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/05/19 18:43:09 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/05/19 18:43:09 | 00,117,248 | ---- | C] () -- C:\Windows\vFind.exe
[2009/05/19 18:43:09 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/05/19 18:43:09 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/05/19 18:43:09 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/05/19 18:43:09 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/05/19 18:42:50 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF26365.exe
[2009/05/19 18:42:50 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/05/19 18:32:22 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/19 18:32:21 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF22753.exe
[2009/05/19 18:32:21 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2009/05/19 18:23:34 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/19 18:21:57 | 00,000,000 | ---D | C] -- C:\Users\Alinda\AppData\Roaming\Malwarebytes
[2009/05/19 18:21:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/19 18:21:49 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/19 18:21:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/19 18:21:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/24 22:20:39 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/08/02 18:27:20 | 00,051,001 | ---- | C] () -- C:\Windows\System32\ms169293.dll
[2008/08/02 18:27:16 | 00,032,256 | ---- | C] () -- C:\Windows\hwuser.dll
[2008/06/23 12:24:09 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/26 18:25:42 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/02/26 18:24:34 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:31 | 00,000,846 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,235 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Modified Within 30 Days ==========

[2009/06/07 13:56:35 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Alinda\Desktop\OTL.exe
[2009/06/07 13:37:54 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/07 13:37:54 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/07 13:37:52 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/07 13:37:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/07 13:37:44 | 25,481,21600 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/07 13:37:29 | 23,876,2133 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/06/07 13:22:53 | 00,286,208 | ---- | M] () -- C:\Users\Alinda\Desktop\4yl6t46n.exe
[2009/06/07 12:42:18 | 36,894,033 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/06/07 12:42:18 | 00,065,246 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/06/06 19:03:12 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1819276629-3356792198-2940103775-1000.job
[2009/06/06 13:37:28 | 00,007,041 | ---- | M] () -- C:\Users\Alinda\Documents\accounts.rtf
[2009/06/04 23:42:45 | 00,026,269 | ---- | M] () -- C:\Users\Alinda\Documents\randomalindastuff.rtf
[2009/05/27 22:22:32 | 00,032,768 | ---- | M] () -- C:\Users\Alinda\Documents\aliensinamericaimeanrealones.wps
[2009/05/27 22:22:32 | 00,001,768 | ---- | M] () -- C:\Users\Alinda\AppData\Roaming\wklnhst.dat
[2009/05/26 21:04:38 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/26 21:04:38 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/26 21:04:38 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/26 21:03:06 | 00,023,552 | ---- | M] () -- C:\Users\Alinda\Documents\acadeca_speech2010-11.wps
[2009/05/24 22:18:46 | 00,000,846 | ---- | M] () -- C:\Windows\win.ini
[2009/05/24 22:11:30 | 02,250,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/24 22:07:19 | 00,000,857 | ---- | M] () -- C:\Windows\System\mapisvc.inf
[2009/05/24 22:07:18 | 00,001,833 | ---- | M] () -- C:\Windows\System\UTOPIAWA.REG
[2009/05/24 22:07:17 | 00,000,235 | ---- | M] () -- C:\Windows\system.ini
[2009/05/24 22:06:28 | 00,000,050 | ---- | M] () -- C:\autoexec.bat
[2009/05/19 20:55:51 | 00,000,396 | ---- | M] () -- C:\Windows\tasks\Schedule Task Weekly.job
[2009/05/19 20:52:48 | 00,000,042 | ---- | M] () -- C:\Windows\System32\RegistryEasy.lie
[2009/05/19 19:27:54 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/05/19 19:27:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/05/19 19:27:44 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/05/19 19:27:41 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/05/19 19:27:41 | 00,434,673 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/05/19 19:27:41 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/05/19 18:41:48 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF26365.exe
[2009/05/19 18:23:23 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF22753.exe
[2009/05/14 17:50:08 | 00,117,248 | ---- | M] () -- C:\Windows\vFind.exe
< End of report >






OTL Extras logfile created on: 6/7/2009 1:59:48 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Alinda\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.58% Memory free
4.00 Gb Paging File | 3.92 Gb Available in Paging File | 98.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.82 Gb Total Space | 132.40 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 11.06 Gb Total Space | 5.19 Gb Free Space | 46.88% Space Free | Partition Type: NTFS
Drive E: | 379.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEEPERS-PC
Current User Name: Alinda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{57C05CC5-8862-40D5-A01E-CE2280852624} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{E181A64A-EC69-492D-B9F7-BB75F270E150} = LPORT=5353 | PROTOCOL=6 | DIR=IN | NAME=ADOBE CSI CS4 |
{EC01FF8E-0F9F-449B-BAC9-372D4A2674BD} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=SVCHOST.EXE | SVC=SSDPSRV |

========== Vista Active Application Exception List ==========

{09563DAE-FB2F-4B4A-83A7-6EF2E99D3484} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{104462DA-9C36-4E4F-B73B-0EAB3405A5E0} = DIR=IN | APP=C:\PROGRAM FILES\CYBERLINK\POWERDIRECTOR\PDR.EXE |
{138BAD3A-2E6A-40D4-B658-DECB9E2EE6C6} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{20B5E6DB-81BC-405A-A7D4-B013F5560CD6} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\ADOBE\CS4SERVICEMANAGER\CS4SERVICEMANAGER.EXE |
{29A7653C-EA99-4BA0-A8F6-A1A291047289} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{2F5D05A3-7EDA-4B0A-8E04-04EF6F5B3D75} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
{3BE0397D-F052-4998-A887-AB39A389006D} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
{3D299D05-BB93-4D3C-A2BD-F00A868AC87F} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{4AFA0EA3-BB02-4602-B7E9-78076F85D9AF} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YSERVER.EXE |
{7CF48AF2-D9A7-4354-94D6-009E72729D81} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
{84350710-1BF5-4148-B122-06F3DF847DD2} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{86A9CB0E-015A-4D9B-8FBE-C030F3E6A3D9} = DIR=IN | APP=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE |
{93B72839-03F1-45DF-A432-72C5CBFC99A5} = DIR=IN | APP=C:\PROGRAM FILES\AVG\AVG8\AVGEMC.EXE |
{9D8BB895-C38D-4684-A58E-E51C5559777B} = DIR=IN | APP=C:\PROGRAM FILES\AVG\AVG8\AVGNSX.EXE |
{AFB34EA9-76E4-444B-B994-2197BCFA99F8} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YSERVER.EXE |
{AFF7C80F-4632-4074-90D0-77A3333C063D} = DIR=IN | APP=C:\PROGRAM FILES\MSN MESSENGER\LIVECALL.EXE |
{BF63F797-019E-4E96-90CB-732744428996} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
{C8B6A698-57B7-41E1-9315-DBC2C7B78B98} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\ADOBE\CS4SERVICEMANAGER\CS4SERVICEMANAGER.EXE |
{D04DE3A0-24C3-437C-A468-7216E110D899} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\SAFENET SENTINEL\SENTINEL KEYS SERVER\SNTLKEYSSRVR.EXE |
{EA64DA58-5550-469C-9AA0-5CE70CAEB1A8} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{EA934EEC-E47C-4836-8217-E6E9D5E683C3} = DIR=IN | APP=C:\PROGRAM FILES\AVG\AVG8\AVGUPD.EXE |
{F3263150-4BAB-4414-8CB2-F01E4383632E} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\SAFENET SENTINEL\SENTINEL KEYS SERVER\SNTLKEYSSRVR.EXE |
TCP Query User{0301AD59-404E-4A8E-B4E1-82F941BC37DC}C:\users\alinda\desktop\sro_new_full-client_downloader.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\SRO_NEW_FULL-CLIENT_DOWNLOADER.EXE |
TCP Query User{118A207A-C3A1-4E76-8251-CD6542A11FC1}C:\program files\softnyx\wolfteam\wolfteam.bin = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SOFTNYX\WOLFTEAM\WOLFTEAM.BIN |
TCP Query User{230203B9-07F5-4D53-8FAF-E35A740BB55E}C:\users\alinda\desktop\folders\important junk\newtek.lightwave3d.v9.3\lightwave\4000002c00002i\hub.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\FOLDERS\IMPORTANT JUNK\NEWTEK.LIGHTWAVE3D.V9.3\LIGHTWAVE\4000002C00002I\HUB.EXE |
TCP Query User{24035C80-D2E5-46E3-8153-FCA3018925C2}C:\users\alinda\desktop\newtek.lightwave3d.v9.3\lightwave\4000002c00002i\hub.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\NEWTEK.LIGHTWAVE3D.V9.3\LIGHTWAVE\4000002C00002I\HUB.EXE |
TCP Query User{267A18CE-CA16-441F-9137-6EC87E7990A8}C:\program files\electronic arts\eadm\core.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ELECTRONIC ARTS\EADM\CORE.EXE |
TCP Query User{586CCDA2-2C0C-49B6-9081-2EADA0007E18}C:\program files\wolfquest\wolfquest.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\WOLFQUEST\WOLFQUEST.EXE |
TCP Query User{61FEE5F1-9938-415A-845C-DD2008BF3438}C:\users\alinda\downloads\anarchyonline_17.9.1-large.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ALINDA\DOWNLOADS\ANARCHYONLINE_17.9.1-LARGE.EXE |
TCP Query User{A1BAF61D-0494-4CDD-9FAD-785B3710F4CB}C:\users\alinda\desktop\newtek.lightwave3d.v9.3\layout.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\NEWTEK.LIGHTWAVE3D.V9.3\LAYOUT.EXE |
TCP Query User{B3E2CA3B-CD2E-428D-9F5C-07CEEA5931E6}C:\program files\java\jre6\bin\java.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE |
TCP Query User{C2469914-1B09-458F-84A4-ACA0F3FD6F21}C:\users\alinda\desktop\newtek.lightwave3d.v9.3\modeler.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\NEWTEK.LIGHTWAVE3D.V9.3\MODELER.EXE |
TCP Query User{C8F92CC6-CE2E-46BB-B492-F4E3CB3EBCFE}C:\users\alinda\desktop\folders\important junk\newtek.lightwave3d.v9.3\modeler.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\FOLDERS\IMPORTANT JUNK\NEWTEK.LIGHTWAVE3D.V9.3\MODELER.EXE |
TCP Query User{EF2D06BA-76C1-4A6A-9368-4300D0518AC1}C:\users\alinda\desktop\folders\important junk\newtek.lightwave3d.v9.3\layout.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\FOLDERS\IMPORTANT JUNK\NEWTEK.LIGHTWAVE3D.V9.3\LAYOUT.EXE |
UDP Query User{1B5AADD8-F46B-43A9-A775-2331D6E00E26}C:\program files\java\jre6\bin\java.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE |
UDP Query User{3DC4FA30-48D1-43B8-B148-C2E91C96C16C}C:\program files\softnyx\wolfteam\wolfteam.bin = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SOFTNYX\WOLFTEAM\WOLFTEAM.BIN |
UDP Query User{3EE35374-5EB5-4B05-97B1-93623B03179E}C:\users\alinda\desktop\sro_new_full-client_downloader.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\SRO_NEW_FULL-CLIENT_DOWNLOADER.EXE |
UDP Query User{5A24AFFE-D006-4B3C-8A27-E5A24574199C}C:\users\alinda\desktop\newtek.lightwave3d.v9.3\layout.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\NEWTEK.LIGHTWAVE3D.V9.3\LAYOUT.EXE |
UDP Query User{661E12A9-7214-4FDF-81E5-EE15C9F02248}C:\users\alinda\desktop\folders\important junk\newtek.lightwave3d.v9.3\modeler.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\FOLDERS\IMPORTANT JUNK\NEWTEK.LIGHTWAVE3D.V9.3\MODELER.EXE |
UDP Query User{85420CDA-BEF3-4FE0-8FF0-506F70E4FA53}C:\users\alinda\desktop\newtek.lightwave3d.v9.3\lightwave\4000002c00002i\hub.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\NEWTEK.LIGHTWAVE3D.V9.3\LIGHTWAVE\4000002C00002I\HUB.EXE |
UDP Query User{996BE9AB-F186-415C-8D3C-B05D472336AC}C:\program files\electronic arts\eadm\core.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ELECTRONIC ARTS\EADM\CORE.EXE |
UDP Query User{9CD3321B-1FC2-488C-BBFF-7E11E08C95C2}C:\program files\wolfquest\wolfquest.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\WOLFQUEST\WOLFQUEST.EXE |
UDP Query User{AB44623D-57A9-47D1-BEC5-771595B854EC}C:\users\alinda\desktop\folders\important junk\newtek.lightwave3d.v9.3\lightwave\4000002c00002i\hub.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\FOLDERS\IMPORTANT JUNK\NEWTEK.LIGHTWAVE3D.V9.3\LIGHTWAVE\4000002C00002I\HUB.EXE |
UDP Query User{B1BC411F-4C65-456D-9E2D-B68AD6F83A92}C:\users\alinda\downloads\anarchyonline_17.9.1-large.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ALINDA\DOWNLOADS\ANARCHYONLINE_17.9.1-LARGE.EXE |
UDP Query User{F63986CA-7CB6-4556-BD41-4F5A59DE70EA}C:\users\alinda\desktop\newtek.lightwave3d.v9.3\modeler.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\NEWTEK.LIGHTWAVE3D.V9.3\MODELER.EXE |
UDP Query User{FABC9632-1F8B-4841-8363-B45ECCEFDAE5}C:\users\alinda\desktop\folders\important junk\newtek.lightwave3d.v9.3\layout.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ALINDA\DESKTOP\FOLDERS\IMPORTANT JUNK\NEWTEK.LIGHTWAVE3D.V9.3\LAYOUT.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{027AA095-8940-D14A-9710-55AC390A062E}" = Catalyst Control Center Localization Chinese Traditional
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0ABB8014-9C45-3D59-2EE1-450D4BB6A020}" = Catalyst Control Center Localization Korean
"{0BA73BFB-F3B9-B4E9-E06A-2D9835063FC8}" = CCC Help Danish
"{0BC2F780-AA5F-42F3-8C27-AD914ADF37C7}" = Catalyst Control Center Graphics Full New
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10D557E5-782E-809E-694E-C009D556140B}" = Catalyst Control Center Localization Japanese
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19D97D0A-2F7C-7A05-6FF9-61D6A3D70357}" = Catalyst Control Center Localization Spanish
"{1AAE3775-2956-4EF6-9B18-8930888BE7A6}" = Catalyst Control Center Localization Italian
"{1FF72161-020E-7F48-C3B9-44C34C509BA9}" = Catalyst Control Center Localization Swedish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2665948C-FDDD-5628-CF9D-B9162B43779E}" = CCC Help Chinese Standard
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DD63926-10BB-502F-0508-ACE84B488304}" = CCC Help Korean
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3766CD70-3D13-752F-A57A-F46CE184938E}" = Catalyst Control Center Localization Norwegian
"{37E1544F-84EA-DF8B-E027-987BEB181B9F}" = CCC Help Hungarian
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3F64F1B1-43E6-6B92-0AA8-A42E5DAB9549}" = Catalyst Control Center Localization Polish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{4807DA91-A1F0-C8B2-0792-B44BC0289F18}" = Catalyst Control Center Core Implementation
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CAE18D6-EC63-F6E3-2B32-B77CB0579B74}" = ccc-core-static
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA Player 4.1
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{57D32300-6D42-D293-60B9-9B85729A2C9E}" = CCC Help Finnish
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{59A344D5-E6F5-823F-8304-8BC6374FF110}" = CCC Help French
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5A2B7008-B38A-B1AC-FDA1-34C29A9256FB}" = Catalyst Control Center Localization Danish
"{5BE1CF21-3C06-E05F-10B8-7280605F0B8C}" = CCC Help German
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{62ABC1DA-D0AB-817E-8F27-B59BE2FCBDF8}" = CCC Help Polish
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65956BB6-13A3-BE3F-60C4-17450ABB4C9E}" = CCC Help Japanese
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D7EA315-37D1-3E42-1B15-A19C7D501DE5}" = CCC Help Portuguese
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6DE83F25-2396-47AB-0D0A-55B79A20C167}" = CCC Help Norwegian
"{6E4A352E-21D0-3733-BA26-EC986857A583}" = Catalyst Control Center Localization German
"{6E96BBDE-BD91-98E8-CBE7-7DD7CD4AC1AB}" = CCC Help Czech
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{71EBC6CB-4B04-515A-D1F7-EEFB823A50B3}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{74EAD77F-3CA7-5FD8-8D99-F8E5D6FC26C7}" = Catalyst Control Center Localization Hungarian
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7731371D-ED9D-8D3C-A54A-5D0BBD64995B}" = Catalyst Control Center Localization Dutch
"{78C32FC7-35CA-0FED-7373-D58F6D89D355}" = Skins
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7F244C37-DB0A-C9B7-2282-E9894801C06E}" = Catalyst Control Center Graphics Light
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{7FA8291D-2AEF-E745-51E9-09906DB3AD3E}" = CCC Help Chinese Traditional
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{830C41B4-1501-3F28-D1C8-090B4FE2DB4B}" = Catalyst Control Center Graphics Previews Vista
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EC73A6-3850-49CB-88AD-B921CCF02DAA}" = Catalyst Control Center Localization Finnish
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90E09AE4-D207-4545-4F4D-5B99CC8B6EAD}" = Catalyst Control Center Localization Portuguese
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99DE9A66-F4CD-B866-33BB-D9AA2811AB91}" = CCC Help Italian
"{9ABB21DB-E5B2-5EBA-353F-7FA9C069CA4D}" = Catalyst Control Center Graphics Full Existing
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A2E23800-051D-4F35-8169-85F5739A04C5}" = openCanvas4.5.09e Plus
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6DF09F0-F93E-DD2D-7061-EBDCE9D45D30}" = CCC Help Thai
"{A797891C-0515-205C-8EFC-90724BE49374}" = CCC Help English
"{A9D8E245-18DD-6D67-3A56-607D775B44B8}" = Catalyst Control Center Localization Greek
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BAFFEF7F-08B3-45b3-B215-418175C4E9DD}" = c5200_Help
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C059A8B3-FD73-8C99-0748-FAA028EBBB93}" = Catalyst Control Center Localization Russian
"{C081E42A-53AB-E06E-D612-B9A182C076E2}" = CCC Help Spanish
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5830269-84E7-A1F0-49DF-D75EF1FD54CD}" = CCC Help Turkish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{CA89B19F-4AD8-DFCB-7E85-CE6EA1F5DBE8}" = CCC Help Dutch
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CFE7B0A0-E13B-3998-21A9-5630D30D0302}" = Catalyst Control Center Localization Turkish
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D166EEED-FC42-7C51-88BA-D7558719DE9D}" = CCC Help Greek
"{D1E03284-66FD-4292-8239-504CEC5B0CC3}" = C5200_doccd
"{D3201149-7F23-80FE-4DEA-CEA35FB1017A}" = CCC Help Russian
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D66D02D8-3544-2C26-2D28-0D0C9F456C76}" = Catalyst Control Center Localization Chinese Standard
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC2F95B9-784A-06A0-44F1-D181B9FBDD6F}" = Catalyst Control Center Localization Thai
"{DD8F704E-B850-4775-9DFD-D3DE1775132B}" = WolfQuest
"{DE7456B6-9F1B-C54D-59B7-77A04EED9B37}" = Catalyst Control Center Localization Czech
"{DF507C99-7DE1-4fa8-8632-AB8A205F1258}" = The Sims™ 2 Store Edition
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB8145E3-5F50-9353-1637-CB3FC029EF9C}" = Catalyst Control Center Localization French
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FE26925C-AFB5-B30E-54C6-76822E88BAE3}" = CCC Help Swedish
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG8Uninstall" = AVG Free 8.5
"Byki Express" = Byki Express
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.0 (beta)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Equestriad 2001" = Equestriad 2001
"FontCreator55_is1" = FontCreator 5.6
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LimeWire" = LimeWire 4.18.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Pen Tablet Driver" = Pen Tablet
"SimPE_is1" = SimPE 0.68 (alpha)
"Songbird 20081124" = Songbird 1.0.0 (20081124)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent gateway Master Uninstall" = Gateway Games
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/25/2009 12:22:48 AM | Computer Name = Peepers-PC | Source = Application Error | ID = 1000
Description = Faulting application ORLY32.EXE, version 0.0.0.0, time stamp 0x94cd2142,
faulting module WINSPOOL.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000135, fault offset 0x00009cac, process id 0xc44, application start time
0x01c9dcf074b8f920.

Error - 5/25/2009 1:08:26 AM | Computer Name = Peepers-PC | Source = Application Error | ID = 1000
Description = Faulting application ntvdm.exe, version 6.0.6001.18000, time stamp
0x47918baf, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00003f3d, process id 0x1514, application start time
0x01c9dcf6d5eb317f.

Error - 5/25/2009 1:11:41 AM | Computer Name = Peepers-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/25/2009 3:13:19 AM | Computer Name = Peepers-PC | Source = EventSystem | ID = 4621
Description =

Error - 5/25/2009 4:05:36 PM | Computer Name = Peepers-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/25/2009 5:32:01 PM | Computer Name = Peepers-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/25/2009 9:11:17 PM | Computer Name = Peepers-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/26/2009 2:28:31 AM | Computer Name = Peepers-PC | Source = EventSystem | ID = 4621
Description =

Error - 5/26/2009 6:51:14 PM | Computer Name = Peepers-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2009 7:11:36 PM | Computer Name = Peepers-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 4/17/2009 9:40:32 PM | Computer Name = Peepers-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/6/2009 7:32:20 PM | Computer Name = Peepers-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 6/7/2009 4:05:26 AM | Computer Name = Peepers-PC | Source = DCOM | ID = 10010
Description =

Error - 6/7/2009 3:39:50 PM | Computer Name = Peepers-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.2 for the Network Card with network address
001644A4E22A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 6/7/2009 3:39:49 PM | Computer Name = Peepers-PC | Source = HTTP | ID = 15016
Description =

Error - 6/7/2009 3:41:05 PM | Computer Name = Peepers-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/7/2009 4:29:30 PM | Computer Name = Peepers-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:27:27 PM on 6/7/2009 was unexpected.

Error - 6/7/2009 4:29:39 PM | Computer Name = Peepers-PC | Source = HTTP | ID = 15016
Description =

Error - 6/7/2009 4:30:51 PM | Computer Name = Peepers-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/7/2009 4:37:50 PM | Computer Name = Peepers-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:35:41 PM on 6/7/2009 was unexpected.

Error - 6/7/2009 4:37:52 PM | Computer Name = Peepers-PC | Source = HTTP | ID = 15016
Description =

Error - 6/7/2009 4:39:07 PM | Computer Name = Peepers-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:01 PM

Posted 07 June 2009 - 06:21 PM

Hi Alinda,

The logs are clean.

You may have deleted a valid file or more than one and this would explain the error messages. If these files are coming up as error messages it doesn't mean they aren't legitimate.

This kind of problem is beyond my knowledge so I have to refer you to the other forums on Bleeping Computer.

This forum would be your best bet.

Vista help

Sorry I am unable to help but there are some knowledgeable staff and members available here to help you recover these files.

Good luck :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 Alinda

Alinda
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 07 June 2009 - 07:48 PM

Well, thank you anyways. I'll keep in mind to post there later. (:

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:01 PM

Posted 13 June 2009 - 04:39 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users