Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Internet Security 2010 & Redirect Virus Infections


  • This topic is locked This topic is locked
22 replies to this topic

#1 millshay

millshay

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 31 December 2010 - 01:49 AM

I am running Windows 7, and started out with Antivirus Scan virus which I recognized from 4 years ago when my husband had it on his old computer. I was getting the fake pop-up warning windows and BSOD all the time. After having to shut down with memory dumps so many times, Windows made me run "chkdsk" which came up with errors that seemed legitimate like “System Volume on disk is corrupt”.

I removed the proxy server check in Internet Explorer so I could get on the Internet and download MBAM. Ran MBAM and it seemed to take out Antivirus Scan symptoms, along with Trojan.Dropper, Trojan.Agent and others. I was never able to stop any of the processes at the time, though, because I couldn’t get "iexplore.exe" to open or any of the other renamed ones.

I installed CA Internet Security Suite (which came with my Road Runner) and it found “System Surveillance Pro 4.2” and ”XP INTERNET SECURITY 2010” STILL ON MY SYSTEM, and although it was able to quarantine one small part of this program, it could only detect the other infections and COULD NOT DELETE THEM so XP INTERNET SECURITY 2010 is still on my computer.

Even so, the computer started acting much better but when I tried to go to sites on the Internet it started redirecting me to other sites, so I realized I now had a Redirect Virus and needed some specialized programs to remove that, but am unable to download “Hitman Pro 3.5”.

Then I found your forums and have gone through all of the instructions to post here but ran into problems. I couldn't enable a firewall, I couldn’t run “Defogger.exe”, and got an error saying “The dependency service or group failed to start”. I tried doing the scans, however, I am unable to get any of the programs to work to completion.

When trying to run DDS, I get an error that says “THIS TOOL DOES NOT YOUR SUPPORT YOUR OPERATING SYSTEM. PRESS ANY KEY TO CONTINUE.” (The incorrect wording is exactly the way it was on my screen.)
When trying to scan with GMER, it scanned for about 15 minutes, and then I got an error: “gmer.exe has stopped working. A problem caused the program to stop working correctly…” so I have no scans to post.

My newest problem is that when trying to click a link on your site (or any site on the internet) the screen freezes up and won’t allow me to click anything. I have to close the programs with Task Manager.

Can anyone help in any way in getting me closer to a solution to removing these infections?

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:28 AM

Posted 07 January 2011 - 09:15 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey


EDIT: I see you cannot get our programs to run. Try using RKill first:

Before we can do anything we must first end the processes that belong to the rogue program(s) so that they do not interfere with the cleaning procedure. To do this, download the following file to your desktop.

rkill.com Download Link

Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with the rogue program(s). Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program(s) when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogoue(s). So, please try running Rkill until the malware is no longer running.

If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 millshay

millshay
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 07 January 2011 - 03:17 PM

Hi:

Thanks for answering!

I ran RKill and it found one process and shut it down.

Then I still could not get “dds.scr” or “dds.pif” to run. It kept saying “THIS TOOL DOES NOT YOUR SUPPORT YOUR OPERATING SYSTEM” [sic] even AFTER I disconnected from the internet and disabled my antivirus protection.

Does DDS.SCR run on a WINDOWS 7 Home Premium Operating System? If not, what do I do next?

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:28 AM

Posted 07 January 2011 - 03:48 PM

Hi,

My name is Casey and I will be helping you with your malware problems.

As you may have noticed, I am currently in training which means that all of my responses will first be verified by a malware removal coach. As such, there may be a little delay in my responses to you. On the plus side, there will be two sets of eyes looking over your logs.

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 millshay

millshay
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 07 January 2011 - 03:54 PM

Great, Casey:

Thanks for responding so quickly. What should I do about not being able to run dds.scr and getting the error message: “THIS TOOL DOES NOT YOUR SUPPORT YOUR OPERATING SYSTEM”?

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:28 AM

Posted 07 January 2011 - 03:58 PM

I'm pretty sure that's a fake warning from one of the infections on your PC, but we'll check it out. Like I said in my above post my replied will first have to be verified by a coach, so there may be some delay until you hear from me next.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:28 AM

Posted 11 January 2011 - 06:07 PM

Hi again,

Firstly, my sincere apologies for the delay in responding to your topic. I'm not permitted to post to you before my coach authorises the response and, unfortunately, there was some delay in that.

My coach has checked out the error for you and they say that it is actually a legitimate error from DDS. However, DDS should run on Windows 7, so there is problem somewhere, we're going to try and see if some other tools will run.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 millshay

millshay
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 12 January 2011 - 10:32 PM

Thanks so much for replying.

I ran the scans in the opposite order, but here's the first one:

OTL logfile created on: 1/12/2011 7:21:42 PM - Run 3
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Hayley\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.26 Gb Total Space | 228.93 Gb Free Space | 79.15% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 1.01 Gb Free Space | 11.39% Space Free | Partition Type: NTFS

Computer Name: HAYLEY-PC | User Name: Hayley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/12 18:50:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.exe
PRC - [2010/12/29 15:21:54 | 001,721,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/12/08 12:26:05 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/12/02 14:37:33 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2010/10/18 22:37:34 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Hayley\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/06 04:12:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2010/04/06 04:12:22 | 000,251,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/04/06 04:12:14 | 000,247,120 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
PRC - [2010/04/06 04:12:10 | 001,103,184 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
PRC - [2010/03/22 08:01:45 | 000,878,008 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Light\CAGlobalLight.exe
PRC - [2010/03/20 01:41:08 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2010/02/28 19:37:38 | 001,377,008 | ---- | M] () -- C:\Windows\System32\svcprs32.exe
PRC - [2010/02/28 19:33:56 | 002,347,760 | ---- | M] () -- C:\Windows\System32\mdmcls32.exe
PRC - [2009/11/24 22:09:13 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/11 16:15:38 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/07/31 16:30:14 | 000,150,008 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2009/07/29 17:27:36 | 000,707,184 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2009/07/29 17:27:32 | 000,846,448 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2009/07/27 15:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 10:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2009/06/23 14:44:46 | 000,203,376 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
PRC - [2009/06/23 14:44:44 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/02 14:18:04 | 000,281,088 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
PRC - [2007/05/02 14:16:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/05/02 14:15:32 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2007/02/15 02:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 05:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 09:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (SafeList) ==========

MOD - [2011/01/12 18:50:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/01 10:55:58 | 000,113,144 | ---- | M] (CA) -- C:\Windows\System32\UmxSbxExw.dll
MOD - [2009/04/01 09:45:50 | 000,272,888 | ---- | M] (CA) -- C:\Windows\System32\UmxSbxw.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/01 20:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/04/20 02:01:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/06 04:12:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2010/04/06 04:12:22 | 000,251,216 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/03/20 01:41:08 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/28 19:37:38 | 001,377,008 | ---- | M] () [Auto | Running] -- C:\Windows\System32\svcprs32.exe -- (WinSvchostManager)
SRV - [2010/02/28 19:33:56 | 002,347,760 | ---- | M] () [Auto | Running] -- C:\Windows\System32\mdmcls32.exe -- (WinExtManager)
SRV - [2009/11/19 12:42:03 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/07/31 16:30:14 | 000,150,008 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2009/07/27 15:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/13 10:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2009/06/23 14:44:44 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/04/29 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/05/02 14:16:14 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006/09/11 15:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 15:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 14:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 14:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 09:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/31 22:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 08:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvc=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/07/07 17:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2009/12/23 11:29:36 | 000,132,088 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2009/12/23 11:29:36 | 000,078,840 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/12/10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/30 16:51:00 | 000,239,608 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2009/09/30 16:51:00 | 000,060,920 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2009/09/16 16:26:41 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2009/09/11 16:00:26 | 004,805,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/02 17:29:58 | 000,053,240 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2009/08/14 11:43:50 | 000,150,520 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2009/08/07 12:03:46 | 000,107,512 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\kmxfw.sys -- (KmxFw)
DRV - [2009/08/04 09:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 14:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/23 14:44:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009/06/08 10:02:10 | 000,058,360 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\System32\drivers\KmxFilter.sys -- (KmxFilter)
DRV - [2009/05/28 14:46:18 | 000,391,296 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/27 15:27:04 | 000,598,656 | ---- | M] (Computer Associates International, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2009/02/13 04:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 04:57:28 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2009/02/13 04:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/06/02 17:49:48 | 000,305,688 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/04/24 08:33:00 | 000,358,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wlanUIG.sys -- (2WXG7053)
DRV - [2006/04/04 21:20:36 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.my.yahoo.com
IE - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox
IE - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\Firefox [2011/01/03 20:40:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\LinkAdvisor\Firefox [2011/01/03 20:40:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/05 16:38:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 22:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 22:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\LinkAdvisor\Firefox [2011/01/03 20:40:32 | 000,000,000 | ---D | M]

[2011/01/06 19:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions
[2011/01/06 19:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions\finder@auctionsensor.com
[2010/01/31 19:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions\MediaCoder-MCEX
[2010/01/31 19:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2011/01/10 12:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions
[2009/11/24 17:29:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/27 20:36:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/19 12:11:01 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/08/19 11:59:27 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\firebug@software.joehewitt.com
[2011/01/10 12:31:19 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\toolbar@ask.com
[2011/01/02 15:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/02 15:50:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (SEMToolBar) - {aa6d5589-d43b-4990-a329-a2add2fe93a0} - C:\Program Files\Bruce Clay Inc\SEMToolBar\adxloader.dll (Bruce Clay, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No CLSID value found.
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (SEMToolBar) - {000d96fb-8270-41fd-96c2-34807ca97d9c} - C:\Program Files\Bruce Clay Inc\SEMToolBar\adxloader.dll (Bruce Clay, Inc.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..\Toolbar\WebBrowser: (Elf 1.12 Toolbar) - {38542454-DFB6-44F5-B052-D4E071A3D073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe ()
O4 - HKLM..\Run: [Wallchanger] C:\WALTDCS\WALLCHANGER.exe ()
O4 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..Trusted Domains: macromedia.com ([www] http in Local intranet)
O15 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1124306064-959407867-2446713946-1001\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4D690BF2-361C-46AB-948F-8EE44D5AD631} https://www.tradestation.com/chatclient/livechat/ClientPlugIn/TSChat.Cab (TSIntraSocket Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540002} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\Windows\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\System32\UmxWNP.dll (CA)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Annie in the Sink.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Annie in the Sink.jpg
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/12 18:50:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.exe
[2011/01/12 10:53:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/11 20:26:16 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/11 20:26:15 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/01/11 20:26:15 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/01/11 20:26:15 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/01/11 20:26:15 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/01/11 20:26:15 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/01/11 20:26:15 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/01/11 20:26:15 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/11 20:26:15 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/01/11 20:26:15 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/01/11 20:26:14 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/11 20:26:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/11 20:26:13 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/11 10:09:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.scr
[2011/01/11 10:08:48 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTH.scr
[2011/01/06 20:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/01/06 20:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/01/06 20:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Elf_1.12
[2011/01/06 20:51:46 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\Conduit
[2011/01/06 20:14:35 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\SalehooAlert
[2011/01/06 19:46:38 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\AuctionSensor.com
[2011/01/06 19:46:38 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\AuctionSensor.com
[2011/01/06 19:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AuctionSensor eBay Deal Finder
[2011/01/06 19:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\AuctionSensor eBay Deal Finder
[2011/01/06 19:38:21 | 007,826,666 | ---- | C] (AuctionSensor.com ) -- C:\Users\Hayley\Desktop\as-1.0.1-app-win.exe
[2011/01/06 09:43:36 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\bluescreenview
[2011/01/05 18:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/05 18:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/05 18:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/05 18:20:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Hayley\Desktop\spybotsd162.exe
[2011/01/05 16:45:13 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\HP
[2011/01/05 16:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/01/05 16:22:02 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/01/05 13:27:21 | 000,000,000 | ---D | C] -- C:\SYSTEM.SAV
[2011/01/04 22:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/04 22:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/04 22:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/04 22:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/04 22:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/04 22:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/04 21:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/01/04 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
[2011/01/04 20:55:50 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\IObit
[2011/01/04 20:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/01/04 20:54:19 | 010,160,048 | ---- | C] (IObit ) -- C:\Users\Hayley\Desktop\asc-setup.exe
[2011/01/04 20:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/04 20:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/04 20:19:39 | 002,976,440 | ---- | C] (Piriform Ltd) -- C:\Users\Hayley\Desktop\ccsetup302.exe
[2011/01/04 19:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner Free
[2011/01/04 19:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2011/01/04 19:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/01/04 19:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner Free
[2011/01/04 19:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2011/01/04 19:52:34 | 004,322,272 | ---- | C] (ZhiQing Soft, Inc. ) -- C:\Users\Hayley\Desktop\WRCFree.exe
[2011/01/04 18:26:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2011/01/04 18:16:16 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\Autoruns
[2011/01/03 22:07:02 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\Uniblue
[2011/01/03 22:06:10 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\PackageAware
[2011/01/03 20:39:58 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\Windows\System32\Isafprod.dll
[2011/01/03 20:39:57 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Isafeif.dll
[2011/01/03 20:39:37 | 002,654,208 | ---- | C] (PureSight Technologies Ltd) -- C:\Windows\System32\winsflte.dll
[2011/01/03 19:28:27 | 000,000,000 | ---D | C] -- C:\Swsetup
[2011/01/03 17:19:51 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\{D9B1A630-1548-45A4-9380-4F68B7672000}
[2011/01/03 17:10:56 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/01/03 17:09:28 | 000,039,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2011/01/03 17:08:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/01/03 17:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/01/03 17:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/01/03 17:04:15 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/01/03 17:04:15 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/01/03 17:04:15 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/01/03 17:03:59 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/01/03 17:03:00 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\Windows Live
[2011/01/03 17:02:18 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/01/03 17:02:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/01/03 17:02:18 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/01/02 16:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/02 16:30:18 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/02 15:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/01/02 15:50:54 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/01/02 15:50:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/01/02 15:50:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/01/02 15:50:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/01/02 12:07:56 | 036,317,368 | ---- | C] (PC Tools ) -- C:\Users\Hayley\Desktop\spdoc.exe
[2011/01/01 19:37:05 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/01 15:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/01/01 15:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/12/30 21:45:28 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\gmer
[2010/12/29 16:28:38 | 006,347,584 | ---- | C] (SurfRight B.V.) -- C:\Users\Hayley\Desktop\HitmanPro35.exe
[2010/12/29 14:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2010/12/29 14:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\ISSThirdParty
[2010/12/29 14:21:46 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Vetredir.dll
[2010/12/29 14:21:31 | 001,028,096 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2010/12/29 14:21:31 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\ssleay32.dll
[2010/12/29 14:21:30 | 000,007,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sporder.dll
[2010/12/29 14:21:30 | 000,000,000 | ---D | C] -- C:\Windows\rnapxs
[2010/12/29 14:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
[2010/12/29 14:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2010/12/29 14:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2010/12/29 10:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/12/29 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2010/12/29 10:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/12/29 10:00:42 | 000,000,000 | ---D | C] -- C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP
[2010/12/29 10:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/12/28 22:58:12 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\Malwarebytes
[2010/12/28 22:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/28 22:55:36 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup.exe
[2010/12/20 18:39:05 | 000,000,000 | ---D | C] -- C:\NOVOTNY - Copy (2)
[2010/12/18 18:53:13 | 000,000,000 | ---D | C] -- C:\PERSONAL
[2010/12/15 21:51:26 | 000,000,000 | ---D | C] -- C:\8d2162cfa57af651a34db507e54f
[2010/12/15 06:01:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/15 06:00:54 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/15 06:00:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/15 06:00:51 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/15 06:00:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/15 06:00:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/15 06:00:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/15 06:00:50 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/15 06:00:50 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/15 06:00:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/15 06:00:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/15 06:00:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/15 06:00:47 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010/12/15 06:00:46 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 06:00:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 06:00:44 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 06:00:44 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 06:00:43 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 06:00:43 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010/12/15 06:00:39 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 06:00:38 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[3 C:\Users\Hayley\Documents\*.tmp files -> C:\Users\Hayley\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/12 19:09:01 | 000,133,632 | ---- | M] () -- C:\Users\Hayley\Desktop\RKUnhookerLE.EXE
[2011/01/12 18:50:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.exe
[2011/01/12 18:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/12 18:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124306064-959407867-2446713946-1001UA.job
[2011/01/12 17:12:01 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2011/01/12 11:30:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124306064-959407867-2446713946-1001Core.job
[2011/01/12 11:07:55 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/12 11:07:55 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/12 10:58:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/12 10:58:44 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/01/12 10:58:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/12 10:58:30 | 1603,112,960 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/12 10:57:42 | 000,991,985 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2011/01/12 10:57:42 | 000,123,820 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2011/01/12 10:57:42 | 000,008,621 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2011/01/12 10:57:42 | 000,000,289 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2011/01/12 10:57:42 | 000,000,241 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/01/12 10:57:42 | 000,000,241 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/01/12 10:57:42 | 000,000,241 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/01/12 10:57:42 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2011/01/12 10:57:42 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2011/01/12 10:57:42 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2011/01/12 10:57:42 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2011/01/12 10:57:42 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2011/01/12 10:57:42 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/01/12 10:57:42 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/01/12 10:57:42 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/01/12 10:57:42 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/01/12 10:57:42 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/01/11 10:09:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.scr
[2011/01/11 10:08:53 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTH.scr
[2011/01/10 11:36:40 | 000,011,996 | ---- | M] () -- C:\Users\Hayley\Documents\DISNEYbigfigs.docx
[2011/01/10 10:34:57 | 000,624,640 | ---- | M] () -- C:\Users\Hayley\Desktop\dds.pif
[2011/01/07 12:16:07 | 000,010,495 | ---- | M] () -- C:\Users\Hayley\Documents\ANSWER.docx
[2011/01/07 11:05:52 | 000,624,128 | ---- | M] () -- C:\Users\Hayley\Desktop\dds.scr
[2011/01/07 11:01:14 | 000,719,873 | ---- | M] () -- C:\Users\Hayley\Desktop\rkill.com
[2011/01/06 20:51:08 | 002,677,072 | ---- | M] () -- C:\Users\Hayley\Desktop\Elf_1.12.exe
[2011/01/06 20:20:58 | 002,165,222 | ---- | M] () -- C:\Users\Hayley\Desktop\SalehooAlert.zip
[2011/01/06 20:07:25 | 000,000,960 | ---- | M] () -- C:\Users\Hayley\Desktop\Auction Alert.lnk
[2011/01/06 19:46:18 | 000,001,013 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\AuctionSensor.lnk
[2011/01/06 19:46:18 | 000,000,989 | ---- | M] () -- C:\Users\Hayley\Desktop\AuctionSensor.lnk
[2011/01/06 19:38:31 | 007,826,666 | ---- | M] (AuctionSensor.com ) -- C:\Users\Hayley\Desktop\as-1.0.1-app-win.exe
[2011/01/06 19:27:05 | 002,636,646 | ---- | M] () -- C:\Users\Hayley\Desktop\AuctionAlert.zip
[2011/01/06 11:45:31 | 000,010,442 | ---- | M] () -- C:\Users\Hayley\Documents\rickpillslost.docx
[2011/01/06 11:29:22 | 000,007,607 | ---- | M] () -- C:\Users\Hayley\AppData\Local\Resmon.ResmonCfg
[2011/01/06 09:43:20 | 000,058,862 | ---- | M] () -- C:\Users\Hayley\Desktop\bluescreenview.zip
[2011/01/05 18:22:25 | 000,001,242 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/05 18:22:25 | 000,001,218 | ---- | M] () -- C:\Users\Hayley\Desktop\Spybot - Search & Destroy.lnk
[2011/01/05 18:20:11 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Hayley\Desktop\spybotsd162.exe
[2011/01/05 17:24:37 | 000,011,520 | ---- | M] () -- C:\Users\Hayley\Documents\old5hool.docx
[2011/01/05 16:53:54 | 000,938,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/05 16:47:25 | 000,202,520 | ---- | M] () -- C:\Windows\hpoins18.dat
[2011/01/05 16:45:11 | 000,130,911 | ---- | M] () -- C:\Windows\hppins03.dat
[2011/01/05 16:44:38 | 000,647,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/05 16:44:38 | 000,116,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/05 16:36:19 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/05 16:34:27 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/01/05 16:33:55 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/01/05 16:14:59 | 000,000,240 | ---- | M] () -- C:\Users\Hayley\Desktop\HP Windows 7 Full Feature Printer Software alert 1.url
[2011/01/05 13:02:11 | 000,012,820 | ---- | M] () -- C:\Users\Hayley\Documents\reply.docx
[2011/01/04 22:55:16 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/04 22:44:37 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/04 20:55:56 | 000,000,136 | ---- | M] () -- C:\Users\Hayley\Desktop\IObit Freeware.url
[2011/01/04 20:55:55 | 000,001,205 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2011/01/04 20:55:55 | 000,001,181 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2011/01/04 20:54:51 | 010,160,048 | ---- | M] (IObit ) -- C:\Users\Hayley\Desktop\asc-setup.exe
[2011/01/04 20:24:30 | 000,070,584 | ---- | M] () -- C:\Users\Hayley\Desktop\cc_20110104_202406.reg
[2011/01/04 20:20:19 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/04 20:19:45 | 002,976,440 | ---- | M] (Piriform Ltd) -- C:\Users\Hayley\Desktop\ccsetup302.exe
[2011/01/04 19:55:27 | 000,001,963 | ---- | M] () -- C:\Users\Hayley\Desktop\Wise Disk Cleaner Free.lnk
[2011/01/04 19:55:27 | 000,001,949 | ---- | M] () -- C:\Users\Hayley\Desktop\Clean disk with 1 click.lnk
[2011/01/04 19:55:27 | 000,001,089 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011/01/04 19:54:02 | 000,001,137 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/01/04 19:52:48 | 004,322,272 | ---- | M] (ZhiQing Soft, Inc. ) -- C:\Users\Hayley\Desktop\WRCFree.exe
[2011/01/04 18:15:16 | 000,620,465 | ---- | M] () -- C:\Users\Hayley\Desktop\Autoruns.zip
[2011/01/03 20:39:39 | 005,845,744 | ---- | M] () -- C:\Windows\System32\win32cpr.dll
[2011/01/03 20:39:39 | 001,872,624 | ---- | M] () -- C:\Windows\System32\winsflt.dll
[2011/01/03 20:32:11 | 000,460,296 | ---- | M] () -- C:\Users\Hayley\Desktop\CA2010Install.exe
[2011/01/03 16:58:12 | 000,657,920 | ---- | M] () -- C:\Users\Hayley\Desktop\MicrosoftFixit50461.msi
[2011/01/03 15:54:28 | 612,324,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/03 11:40:18 | 000,058,007 | ---- | M] () -- C:\Users\Hayley\Documents\viruswin7.docx
[2011/01/02 17:39:16 | 000,288,107 | ---- | M] () -- C:\Users\Hayley\Desktop\gmer.zip
[2011/01/02 16:29:02 | 000,339,991 | ---- | M] () -- C:\Users\Hayley\Desktop\RSIT.exe
[2011/01/02 16:00:16 | 000,000,335 | ---- | M] () -- C:\Users\Hayley\Desktop\FixExe.reg
[2011/01/02 12:07:56 | 036,317,368 | ---- | M] (PC Tools ) -- C:\Users\Hayley\Desktop\spdoc.exe
[2011/01/01 19:52:54 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/01/01 19:37:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/01 15:39:00 | 000,002,700 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/01/01 15:27:13 | 006,347,584 | ---- | M] (SurfRight B.V.) -- C:\Users\Hayley\Desktop\HitmanPro35.exe
[2011/01/01 15:07:48 | 000,010,523 | ---- | M] () -- C:\Users\Hayley\Documents\MBAMquick.docx
[2010/12/30 22:33:22 | 000,011,892 | ---- | M] () -- C:\Users\Hayley\Documents\VIRUSexplanation.docx
[2010/12/30 18:12:07 | 000,050,477 | ---- | M] () -- C:\Users\Hayley\Desktop\Defogger.exe
[2010/12/29 15:21:58 | 000,001,016 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/12/29 15:16:47 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010/12/29 15:12:57 | 000,000,007 | ---- | M] () -- C:\Windows\System32\mkghj.dll
[2010/12/28 22:56:35 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup.exe
[2010/12/28 22:27:04 | 000,780,283 | ---- | M] () -- C:\Users\Hayley\Desktop\iExplore.exe
[2010/12/28 15:33:24 | 000,011,446 | ---- | M] () -- C:\Users\Hayley\Documents\frontierland.docx
[2010/12/28 15:33:15 | 000,000,162 | -H-- | M] () -- C:\Users\Hayley\Documents\~$ontierland.docx
[2010/12/25 12:07:27 | 000,011,149 | ---- | M] () -- C:\Users\Hayley\Documents\zoey.docx
[2010/12/18 19:17:00 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/16 14:54:10 | 001,256,847 | ---- | M] () -- C:\Users\Hayley\Desktop\dynamo_blog_v2.zip
[2010/12/16 14:34:19 | 006,946,504 | ---- | M] () -- C:\Users\Hayley\Desktop\Keynote_Blue-_Accounting.zip
[2010/12/16 14:32:58 | 007,158,054 | ---- | M] () -- C:\Users\Hayley\Desktop\Landscape_Green-_Accounting.zip
[2010/12/15 17:59:39 | 000,010,523 | ---- | M] () -- C:\Users\Hayley\Documents\mavis2.docx
[2010/12/14 21:54:38 | 000,013,611 | ---- | M] () -- C:\Users\Hayley\Documents\mavis1214.docx
[2010/12/14 17:31:05 | 000,002,407 | ---- | M] () -- C:\Users\Hayley\Desktop\Google Chrome.lnk
[3 C:\Users\Hayley\Documents\*.tmp files -> C:\Users\Hayley\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/12 19:09:01 | 000,133,632 | ---- | C] () -- C:\Users\Hayley\Desktop\RKUnhookerLE.EXE
[2011/01/12 11:10:54 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2011/01/07 11:46:42 | 000,010,495 | ---- | C] () -- C:\Users\Hayley\Documents\ANSWER.docx
[2011/01/07 11:09:24 | 000,624,640 | ---- | C] () -- C:\Users\Hayley\Desktop\dds.pif
[2011/01/06 20:51:01 | 002,677,072 | ---- | C] () -- C:\Users\Hayley\Desktop\Elf_1.12.exe
[2011/01/06 20:14:06 | 002,165,222 | ---- | C] () -- C:\Users\Hayley\Desktop\SalehooAlert.zip
[2011/01/06 20:06:28 | 000,000,960 | ---- | C] () -- C:\Users\Hayley\Desktop\Auction Alert.lnk
[2011/01/06 19:46:18 | 000,001,013 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\AuctionSensor.lnk
[2011/01/06 19:46:18 | 000,000,989 | ---- | C] () -- C:\Users\Hayley\Desktop\AuctionSensor.lnk
[2011/01/06 19:26:54 | 002,636,646 | ---- | C] () -- C:\Users\Hayley\Desktop\AuctionAlert.zip
[2011/01/06 11:41:40 | 000,010,442 | ---- | C] () -- C:\Users\Hayley\Documents\rickpillslost.docx
[2011/01/06 09:43:15 | 000,058,862 | ---- | C] () -- C:\Users\Hayley\Desktop\bluescreenview.zip
[2011/01/05 18:22:25 | 000,001,242 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/05 18:22:25 | 000,001,218 | ---- | C] () -- C:\Users\Hayley\Desktop\Spybot - Search & Destroy.lnk
[2011/01/05 17:14:40 | 000,011,520 | ---- | C] () -- C:\Users\Hayley\Documents\old5hool.docx
[2011/01/05 16:36:19 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/05 16:33:55 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/01/05 16:22:55 | 000,130,866 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2011/01/05 16:22:55 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2011/01/05 16:14:59 | 000,000,240 | ---- | C] () -- C:\Users\Hayley\Desktop\HP Windows 7 Full Feature Printer Software alert 1.url
[2011/01/05 12:20:16 | 000,012,820 | ---- | C] () -- C:\Users\Hayley\Documents\reply.docx
[2011/01/04 22:55:16 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/04 22:44:37 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/04 20:56:08 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2011/01/04 20:55:56 | 000,000,136 | ---- | C] () -- C:\Users\Hayley\Desktop\IObit Freeware.url
[2011/01/04 20:55:55 | 000,001,205 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2011/01/04 20:55:55 | 000,001,181 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2011/01/04 20:24:13 | 000,070,584 | ---- | C] () -- C:\Users\Hayley\Desktop\cc_20110104_202406.reg
[2011/01/04 20:20:19 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/04 19:55:27 | 000,001,963 | ---- | C] () -- C:\Users\Hayley\Desktop\Wise Disk Cleaner Free.lnk
[2011/01/04 19:55:27 | 000,001,949 | ---- | C] () -- C:\Users\Hayley\Desktop\Clean disk with 1 click.lnk
[2011/01/04 19:55:27 | 000,001,089 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011/01/04 19:54:02 | 000,001,137 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/01/03 22:24:04 | 000,620,465 | ---- | C] () -- C:\Users\Hayley\Desktop\Autoruns.zip
[2011/01/03 20:39:45 | 005,845,744 | ---- | C] () -- C:\Windows\System32\win32cpr.dll
[2011/01/03 20:39:45 | 002,347,760 | ---- | C] () -- C:\Windows\System32\mdmcls32.exe
[2011/01/03 20:39:45 | 001,872,624 | ---- | C] () -- C:\Windows\System32\winsflt.dll
[2011/01/03 20:39:45 | 001,377,008 | ---- | C] () -- C:\Windows\System32\svcprs32.exe
[2011/01/03 20:32:08 | 000,460,296 | ---- | C] () -- C:\Users\Hayley\Desktop\CA2010Install.exe
[2011/01/03 16:58:08 | 000,657,920 | ---- | C] () -- C:\Users\Hayley\Desktop\MicrosoftFixit50461.msi
[2011/01/02 17:16:53 | 000,058,007 | ---- | C] () -- C:\Users\Hayley\Documents\viruswin7.docx
[2011/01/02 16:28:56 | 000,339,991 | ---- | C] () -- C:\Users\Hayley\Desktop\RSIT.exe
[2011/01/02 16:00:13 | 000,000,335 | ---- | C] () -- C:\Users\Hayley\Desktop\FixExe.reg
[2011/01/01 15:39:00 | 000,002,700 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/01/01 15:27:53 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/01/01 15:07:47 | 000,010,523 | ---- | C] () -- C:\Users\Hayley\Documents\MBAMquick.docx
[2011/01/01 14:18:57 | 000,123,820 | ---- | C] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2010/12/30 22:10:19 | 000,011,892 | ---- | C] () -- C:\Users\Hayley\Documents\VIRUSexplanation.docx
[2010/12/30 21:43:38 | 000,288,107 | ---- | C] () -- C:\Users\Hayley\Desktop\gmer.zip
[2010/12/30 21:35:22 | 000,624,128 | ---- | C] () -- C:\Users\Hayley\Desktop\dds.scr
[2010/12/30 18:12:06 | 000,050,477 | ---- | C] () -- C:\Users\Hayley\Desktop\Defogger.exe
[2010/12/29 15:16:47 | 000,000,136 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010/12/29 15:15:05 | 000,991,985 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2010/12/29 15:15:05 | 000,008,621 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2010/12/29 15:15:05 | 000,000,289 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2010/12/29 15:15:05 | 000,000,241 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2010/12/29 15:15:05 | 000,000,241 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2010/12/29 15:15:05 | 000,000,241 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2010/12/29 15:14:52 | 000,001,016 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/12/29 15:12:57 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2010/12/29 14:21:45 | 001,054,032 | ---- | C] () -- C:\Windows\System32\cfgmig32.dll
[2010/12/29 14:21:31 | 002,385,136 | ---- | C] () -- C:\Windows\System32\winsflt_x64.dll
[2010/12/29 14:21:31 | 000,286,208 | ---- | C] () -- C:\Windows\System32\winsfinst.exe
[2010/12/29 11:22:09 | 000,004,780 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/12/29 10:47:49 | 612,324,287 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/28 22:37:38 | 000,719,873 | ---- | C] () -- C:\Users\Hayley\Desktop\rkill.com
[2010/12/28 22:26:59 | 000,780,283 | ---- | C] () -- C:\Users\Hayley\Desktop\iExplore.exe
[2010/12/28 15:33:15 | 000,011,446 | ---- | C] () -- C:\Users\Hayley\Documents\frontierland.docx
[2010/12/28 15:33:15 | 000,000,162 | -H-- | C] () -- C:\Users\Hayley\Documents\~$ontierland.docx
[2010/12/25 09:52:27 | 000,011,149 | ---- | C] () -- C:\Users\Hayley\Documents\zoey.docx
[2010/12/16 14:54:07 | 001,256,847 | ---- | C] () -- C:\Users\Hayley\Desktop\dynamo_blog_v2.zip
[2010/12/16 14:34:18 | 006,946,504 | ---- | C] () -- C:\Users\Hayley\Desktop\Keynote_Blue-_Accounting.zip
[2010/12/16 14:32:53 | 007,158,054 | ---- | C] () -- C:\Users\Hayley\Desktop\Landscape_Green-_Accounting.zip
[2010/12/15 17:59:37 | 000,010,523 | ---- | C] () -- C:\Users\Hayley\Documents\mavis2.docx
[2010/12/14 21:21:44 | 000,013,611 | ---- | C] () -- C:\Users\Hayley\Documents\mavis1214.docx
[2010/07/16 20:21:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\YCRWin32.dll
[2010/06/30 16:58:24 | 000,007,607 | ---- | C] () -- C:\Users\Hayley\AppData\Local\Resmon.ResmonCfg
[2010/05/22 15:48:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/15 13:57:32 | 000,000,576 | ---- | C] () -- C:\ProgramData\afl.log
[2009/12/29 12:14:21 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/28 19:27:42 | 000,000,094 | ---- | C] () -- C:\Users\Hayley\AppData\Local\fusioncache.dat
[2009/09/18 01:15:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 14:50:37 | 000,000,062 | ---- | C] () -- C:\Windows\PrintWorkShop2009.ini
[2008/06/20 17:41:51 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2008/06/20 09:30:43 | 000,000,392 | ---- | C] () -- C:\Users\Hayley\AppData\Roaming\wklnhst.dat
[2008/06/16 12:07:11 | 000,000,011 | ---- | C] () -- C:\Windows\EPF_UPLD.INI
[2008/06/16 12:07:10 | 000,000,254 | ---- | C] () -- C:\Windows\PHOTO!2.INI
[2008/01/14 15:54:04 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/08/24 11:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/06/28 17:34:31 | 000,061,678 | ---- | C] () -- C:\Users\Hayley\AppData\Roaming\PFP110JPR.{PB
[2007/06/28 17:34:31 | 000,012,358 | ---- | C] () -- C:\Users\Hayley\AppData\Roaming\PFP110JCM.{PB
[2007/06/28 17:24:52 | 000,000,871 | ---- | C] () -- C:\Windows\WaltDisney.INI
[2007/06/28 17:24:52 | 000,000,059 | ---- | C] () -- C:\Windows\WALTDCS.INI
[2007/06/28 16:05:38 | 000,000,258 | ---- | C] () -- C:\Windows\System32\BDEMERGE.INI
[2007/06/28 12:26:13 | 000,007,432 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2007/05/15 00:06:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/05/14 23:28:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/05/14 23:21:50 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/05/14 23:21:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 00:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 06:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 06:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 19:42:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\hppapr02.dll
[2006/06/23 09:09:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2004/11/18 09:16:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\nktwab.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 335 bytes -> C:\Users\Hayley\Documents\test3.eml:OECustomProperty
@Alternate Data Stream - 323 bytes -> C:\Users\Hayley\Documents\test.eml:OECustomProperty
@Alternate Data Stream - 192 bytes -> C:\Users\Hayley\Documents\test2.eml:OECustomProperty
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

#9 millshay

millshay
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 12 January 2011 - 10:34 PM

Here is the RKUnhookerLE.exe Report - it looks like it found something:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8F205000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5279744 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82E3D000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E3D000 PnpManager 4259840 bytes
0x82E3D000 RAW 4259840 bytes
0x82E3D000 WMIxWDM 4259840 bytes
0x81E11000 C:\Windows\system32\drivers\RTKVHDA.sys 2740224 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x938C0000 Win32k 2404352 bytes
0x938C0000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8DA1F000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8903E000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8F80D000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x88C08000 C:\Windows\system32\DRIVERS\iaStorV.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x88CE3000 C:\Windows\system32\DRIVERS\iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8F70E000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88E46000 C:\Windows\System32\DRIVERS\NDIS.SYS 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8F90F000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x83D09000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xBAE0B000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9A027000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83C36000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x83E06000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8E91A000 C:\Windows\system32\drivers\hcw18bda.sys 393216 bytes (Hauppauge Computer Works, Inc, Cx418 Raptor Driver)
0x89180000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8DB7F000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBAF31000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xBAEE2000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x93B70000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8E9AE000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x8E894000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83F34000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83E85000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x91D53000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x91CC2000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83CC7000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x893AB000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88F43000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x89291000 C:\Windows\System32\DRIVERS\kmxcfg.sys 253952 bytes (CA, HIPS Kernel Configuration Cache)
0x88E08000 C:\Windows\System32\DRIVERS\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9A0FA000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8F7C5000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82E06000 ACPI_HAL 225280 bytes
0x82E06000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x83FAA000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8E97A000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x88FAF000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x89348000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x88F08000 C:\Windows\System32\DRIVERS\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x83DB4000 C:\Windows\system32\DRIVERS\KmxAMRT.sys 200704 bytes (CA, CA Antivirus File System Filter Driver for XP/2003)
0x820AE000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88F82000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8E8EE000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x83C00000 C:\Windows\System32\DRIVERS\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83EDE000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9A179000 C:\Windows\System32\DRIVERS\KmxCF.sys 163840 bytes (CA, HIPS Content Filter Driver)
0x8F9D1000 C:\Windows\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0x8921A000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89000000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x821BD000 C:\Windows\system32\DRIVERS\Dot4.sys 147456 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
0x88DB3000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9A0D7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x91C2D000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xBAEAC000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8E837000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x892E9000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xBAF82000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8924C000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8E86A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8DA00000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x93B50000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x83FDE000 C:\Windows\System32\DRIVERS\kmxfw.sys 122880 bytes (CA, HIPS Firewall Driver)
0x821E1000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9A135000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x91D29000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9A0AC000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x820DD000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x83DE5000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E812000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91C4F000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x91C67000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x91C7E000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8DB68000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x82118000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x82180000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8927B000 C:\Windows\System32\DRIVERS\kmxagent.sys 90112 bytes (CA, HIPS Agent Driver)
0x83F94000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8214D000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8916D000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x91DA9000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x89388000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8E800000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8E858000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8DBE9000 C:\Windows\system32\DRIVERS\KmxFilter.sys 73728 bytes (CA, HIPS Core Filter Driver)
0x91D17000 C:\Windows\System32\DRIVERS\KmxSbx.sys 73728 bytes (CA, HIPS Registry, Spawning and Devices Guard driver)
0x9A0C5000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x9A168000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x88FE1000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x88DDF000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91D06000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83F13000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83CAE000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8926B000 C:\Windows\System32\DRIVERS\KmxFile.sys 65536 bytes (CA, HIPS File Guard driver)
0x91D43000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8902D000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x91D99000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8939B000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83F24000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8E8DF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8920C000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8937A000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8933A000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83F86000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x891DD000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x91CB4000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x82197000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
0x83E77000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8F800000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x821B0000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
0x91C98000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8F9C4000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x91CA5000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xBAECD000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8930A000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x89200000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x82160000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x892DD000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x82142000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8210D000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8216C000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8932F000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E82A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x88EFD000 C:\Windows\System32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x821A5000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x8E889000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x83F08000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x82131000 C:\Windows\system32\DRIVERS\dc3d.sys 40960 bytes (Microsoft Corporation, Filter Driver for Identification of Microsoft Hardware Wireless Mouse and Keyboard Device Models)
0x82103000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x893F6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x893EC000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88F39000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBAEA2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x88DD6000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xD168E000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x88DAA000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x81E00000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
0x891EB000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xD16A0000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82177000 C:\Windows\system32\DRIVERS\point32.sys 36864 bytes (Microsoft Corporation, Point32k.sys)
0x93B20000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x83ECD000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8DBD9000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x83CBF000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x891F4000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BAF000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83ED6000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x89317000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8931F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x89327000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x89025000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xBAEDA000 C:\Windows\system32\DRIVERS\XAudio32.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x892D6000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8213B000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x83F7F000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x892CF000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8DBE2000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8F9F8000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x9A1A1000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8F200000 C:\Windows\system32\drivers\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x91C95000 C:\Windows\System32\Drivers\PdiPorts.sys 12288 bytes (Portrait Displays, Inc., PdiPorts Device Driver)
0x91CB2000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8212F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0xD164EF2E Unknown thread object [ ETHREAD 0x85C85C48 ] , 600 bytes


THANK YOU!

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 AM

Posted 13 January 2011 - 05:54 PM

Hello.

I'll be taking over for a few days while Casey is away.

There doesn't appear to be any active infections at the moment. Perhaps MalwareBytes and ComboFix had cleaned it up.

Please post the contents of this file, if it exists:
C:\ComboFix.txt

Which of the problems that you've described are still present at the moment?

With Regards,
The Panda

#11 millshay

millshay
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 13 January 2011 - 10:35 PM

Hi, "The Panda":

Thanks very much for all of your help. The computer is much better, but it still runs slowly, especially on the internet. Would it help if I deleted some of the start-up and background programs that seem to be running, and if so, how would I go about doing that?

Thanks again.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 AM

Posted 14 January 2011 - 06:03 PM

Hello.

That's good to hear.

Let's see what we can do about the speed. You've 2 GBs of RAM, which is not quite spacious enough for Windows 7 and the amount of starts you have. Unfortunately, StatupLite is not compatible with Windows 7, so we'll manually remove some with HJT.

Any changes we make can be undone.

Download, Install, and Save Log with HijackThis
  • Download the installer HERE onto your desktop. Right click the icon on your desktop and select Run as Administrator.
  • You may be asked for confirmation for running an executable file. Select Run.
  • You will be asked choose the install location. Please leave it at the default:
    C:\Program Files\Trend Micro\HijackThis.
  • Select Install.
  • The installation process should only take a few seconds. A shortcut named HijackThis will be created on your desktop so there will be no need to access the HijackThis program directly. The HijackThis window will pop-up after the installation.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • To the left of each entry you will see a box.Put a checkmark next to the following entries:

    (Note that the entries below will look slightly different in HJT.)

    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
    O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe ()
    O4 - HKLM..\Run: [Wallchanger] C:\WALTDCS\WALLCHANGER.exe ()
  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • Close HijackThis.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

Restart your computer. Does that help the speed a bit?

With Regards,
The Panda

#13 millshay

millshay
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 14 January 2011 - 08:36 PM

Yes, that DOES HELP speed it up, thank you so much.

After deleting those you had listed, I did have to RESTORE one, though, and that was the rtHDVCpl.exe (Realtek Semiconductor), because without it, the speakers sounded really brassy and just plain "wrong".

So again, thanks for all of your help.

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 AM

Posted 14 January 2011 - 10:03 PM

Hello.

No problem. Let's keep this topic open for a couple days, if nothing comes up, we'll close it.

With Regards,
The Panda

#15 millshay

millshay
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 17 January 2011 - 04:58 PM

Yikes! All of a sudden, I can't get my "h" drive to work. It's the one on my computer that's for the Compact Flash I/II/MD. Could something have gotten deleted that I needed to have that drive recognize when I've put a disk in? The "h" drive shows up under "Computer," but when I put the Compact Flash disk in, it just keeps asking for me to insert it over and over.

Thanks for any help you can offer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users