Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Error


  • This topic is locked This topic is locked
25 replies to this topic

#1 stephishy

stephishy

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 01 January 2011 - 06:00 PM

Hi! Thank you so much for giving me a hand. I've tried using malwarebytes and superantispyware to solve this problem, running them both in normal mode and in safe mode, but I still haven't been able to fix my computer! It automatically redirects all search engine results to buggy sites.

This is the log from HijackThis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:48:47 PM, on 1/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\WINDOWS\system32\WTClient.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\Ralink\Common\RaUI.exe
H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\LogMeIn Hamachi\hamachi-2.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Ralink\Common\RaRegistry.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\Drivers\WTSRV.EXE
H:\WINDOWS\system32\WISPTIS.EXE
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
H:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
H:\Program Files\Microsoft Office\Office12\EXCEL.EXE
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
H:\Documents and Settings\Stephanie\My Documents\Downloads\HijackThis.exe
H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - H:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - H:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll
O4 - HKLM\..\Run: [MSPY2002] H:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "H:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "H:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = H:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - H:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - H:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - H:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 10470 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:10 AM

Posted 07 January 2011 - 03:14 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 stephishy

stephishy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 07 January 2011 - 03:29 PM

Thank you so much for responding!

I've pasted OTL.txt and Extra.txt below:


OTL logfile created on: 1/7/2011 12:17:37 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = H:\Documents and Settings\Stephanie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive G: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 74.52 Gb Total Space | 2.13 Gb Free Space | 2.86% Space Free | Partition Type: NTFS
Drive J: | 111.79 Gb Total Space | 71.16 Gb Free Space | 63.66% Space Free | Partition Type: NTFS
Drive K: | 149.01 Gb Total Space | 10.81 Gb Free Space | 7.26% Space Free | Partition Type: FAT32

Computer Name: STEPHANI-5C4B7B | User Name: Stephanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/07 12:16:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Stephanie\My Documents\Downloads\OTL.exe
PRC - [2010/12/16 08:28:20 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- H:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/12/08 15:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/12/06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- H:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010/12/06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- H:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/11/24 11:10:46 | 000,083,440 | ---- | M] (Google) -- H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/10/16 18:00:06 | 000,134,808 | ---- | M] (Google Inc.) -- H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/06 18:54:28 | 000,073,728 | ---- | M] (Tablet Driver) -- H:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2009/10/05 15:59:38 | 000,032,768 | ---- | M] (Tablet Driver) -- H:\WINDOWS\system32\WTClient.exe
PRC - [2009/09/17 16:46:56 | 001,609,728 | ---- | M] (Ralink Technology, Corp.) -- H:\Program Files\Ralink\Common\RaUI.exe
PRC - [2009/08/19 08:55:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- H:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [2006/10/26 13:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\system32\WISPTIS.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/07 12:16:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Stephanie\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- H:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/06 18:54:28 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- H:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2009/08/19 08:55:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- H:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k)
DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/15 13:09:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/07/02 09:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/22 09:58:46 | 000,019,624 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2009/06/22 09:58:36 | 000,023,208 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2009/06/02 05:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/04/21 14:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/23 02:12:28 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/06 08:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-583907252-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-583907252-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-583907252-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-21-583907252-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.voltaxprep.com/
IE - HKU\S-1-5-21-583907252-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-583907252-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-583907252-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {52794457-af6c-4c50-9def-f2e24f4c8889}:2.8.0.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z007&form=ZGAADF&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://webproxy.ucsd.edu/proxy.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2010/12/23 08:39:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2010/12/23 08:39:56 | 000,000,000 | ---D | M]

[2009/12/04 00:53:19 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Stephanie\Application Data\Mozilla\Extensions
[2010/12/08 17:37:14 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d728wctj.default\extensions
[2009/12/08 21:43:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d728wctj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/25 11:55:12 | 000,000,000 | ---D | M] (WhiteSmoke Toolbar) -- H:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d728wctj.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}
[2010/11/25 11:54:29 | 000,001,919 | ---- | M] () -- H:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d728wctj.default\searchplugins\bing-zugo.xml
[2010/12/10 17:27:28 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions
[2010/12/10 17:27:36 | 000,000,000 | ---D | M] (Skype extension) -- H:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/12/07 02:33:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- H:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - H:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - H:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O4 - HKLM..\Run: [Alcmtr] H:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] H:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSPY2002] H:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] H:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] H:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SkyTel] H:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WTClient] H:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKU\S-1-5-21-583907252-261478967-839522115-1003..\Run: [EA Core] H:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\S-1-5-21-583907252-261478967-839522115-1003..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = H:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - H:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-583907252-261478967-839522115-1003 Winlogon: Shell - ("H:\Documents and Settings\All Users\Application Data\Security Essentials 2011\SE2011.exe") - H:\Documents and Settings\All Users\Application Data\Security Essentials 2011\SE2011.exe File not found
O20 - HKU\S-1-5-21-583907252-261478967-839522115-1003 Winlogon: Shell - (/hide) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - H:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: H:\Documents and Settings\Stephanie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Documents and Settings\Stephanie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/20 23:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/06/27 01:12:50 | 000,000,049 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/12/11 13:30:27 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 04:56:50 | 000,000,036 | RH-- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\Shell\Open\command - "" = J:\resycled\boot.com -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010/09/20 23:23:57 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: avast5 - hkey= - key= - H:\Program Files\Alwil Software\Avast5\avastUI.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - h:\WINDOWS\system32\Rundll32.exe h:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - H:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - H:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - H:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - H:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - H:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - H:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - H:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - H:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - H:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - H:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - H:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - H:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - H:\WINDOWS\system32\vp6vfw.dll (On2.com)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/02 17:28:51 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\My Documents\CLP
[2011/01/01 11:29:37 | 000,000,000 | ---D | C] -- H:\Program Files\Trend Micro
[2011/01/01 11:29:37 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Start Menu\Programs\HiJackThis
[2010/12/25 14:31:39 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/12/25 14:31:23 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2010/12/25 14:31:22 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2010/12/25 14:31:21 | 000,000,000 | ---D | C] -- H:\Program Files\NCH Swift Sound
[2010/12/23 08:47:21 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2010/12/23 08:46:33 | 000,000,000 | ---D | C] -- H:\Program Files\iPod
[2010/12/23 08:46:29 | 000,000,000 | ---D | C] -- H:\Program Files\iTunes
[2010/12/23 08:39:50 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2010/12/23 08:39:28 | 000,000,000 | ---D | C] -- H:\Program Files\QuickTime
[2010/12/20 21:31:46 | 000,000,000 | ---D | C] -- H:\Program Files\whitesmoketoolbar
[2010/12/20 21:31:46 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Application Data\whitesmoketoolbar
[2010/12/17 22:05:37 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Local Settings\Application Data\LogMeIn Hamachi
[2010/12/17 22:05:31 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/12/17 22:05:13 | 000,000,000 | ---D | C] -- H:\Program Files\LogMeIn Hamachi
[2010/12/17 22:05:13 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2010/12/17 20:20:42 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Application Data\.minecraft
[2010/12/15 21:05:10 | 000,040,960 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 21:01:16 | 000,045,568 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wab.exe
[2010/12/11 22:17:48 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\appmgmt
[2010/12/11 22:00:25 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Macrium
[2010/12/11 13:51:21 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Calibre Library
[2010/12/11 13:51:04 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Application Data\calibre
[2010/12/11 13:50:09 | 000,000,000 | ---D | C] -- H:\Program Files\Calibre2
[2010/12/11 13:50:09 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2010/12/11 11:38:26 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\My Documents\My Kindle Content
[2010/12/11 11:38:25 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Local Settings\Application Data\Amazon
[2010/12/10 18:35:26 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\DivX
[2010/12/10 17:49:32 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Application Data\vlc
[2010/12/10 17:42:00 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Application Data\SUPERAntiSpyware.com
[2010/12/10 17:42:00 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/10 17:41:54 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2010/12/10 17:41:52 | 000,000,000 | ---D | C] -- H:\Program Files\SUPERAntiSpyware
[2010/12/10 17:27:12 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2010/12/10 17:27:10 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Skype
[2010/12/09 19:07:41 | 000,000,000 | ---D | C] -- H:\WINDOWS\CSC
[4 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[2 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/07 12:17:50 | 000,000,994 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-261478967-839522115-1003UA.job
[2011/01/07 12:03:00 | 000,000,892 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/07 10:08:28 | 000,012,598 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2011/01/07 10:06:48 | 000,000,888 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/07 10:06:43 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2011/01/07 10:06:42 | 000,219,120 | ---- | M] () -- H:\WINDOWS\System32\ativvaxx.cap
[2011/01/06 19:05:00 | 000,000,942 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-261478967-839522115-1003Core.job
[2011/01/03 17:41:18 | 000,180,554 | ---- | M] () -- H:\Documents and Settings\Stephanie\Desktop\whatareu.bmp
[2011/01/02 18:04:26 | 000,020,615 | ---- | M] () -- H:\Documents and Settings\Stephanie\Desktop\ballet.JPG
[2011/01/02 17:35:01 | 000,030,038 | ---- | M] () -- H:\Documents and Settings\Stephanie\Desktop\joshuatree.JPG
[2011/01/01 11:29:37 | 000,001,992 | ---- | M] () -- H:\Documents and Settings\Stephanie\Desktop\HiJackThis.lnk
[2010/12/29 13:56:00 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/26 17:53:55 | 000,028,160 | ---- | M] () -- H:\Documents and Settings\Stephanie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/25 14:50:53 | 000,000,306 | ---- | M] () -- H:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/12/23 08:47:21 | 000,001,542 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/20 20:41:04 | 000,000,664 | ---- | M] () -- H:\WINDOWS\System32\d3d9caps.dat
[2010/12/17 20:20:35 | 000,232,501 | ---- | M] () -- H:\Documents and Settings\Stephanie\Desktop\Minecraft.exe
[2010/12/16 08:13:41 | 000,290,888 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 21:31:17 | 000,001,393 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2010/12/11 15:05:02 | 000,002,577 | ---- | M] () -- H:\WINDOWS\System32\CONFIG.NT
[4 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[2 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/03 17:41:18 | 000,180,554 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\whatareu.bmp
[2011/01/02 18:04:26 | 000,020,615 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\ballet.JPG
[2011/01/02 17:36:49 | 000,521,194 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\snowboardfailprofile.bmp
[2011/01/02 17:35:01 | 000,030,038 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\joshuatree.JPG
[2011/01/02 17:32:48 | 003,059,505 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\HuntingtonGardens.JPG
[2011/01/01 11:29:37 | 000,001,992 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\HiJackThis.lnk
[2010/12/25 14:50:50 | 000,000,306 | ---- | C] () -- H:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/12/23 08:47:21 | 000,001,542 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/17 20:20:34 | 000,232,501 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\Minecraft.exe
[2010/12/11 11:41:17 | 000,777,419 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\Room - Emma Donoghue.pdf
[2010/12/09 19:13:21 | 000,001,808 | ---- | C] () -- H:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/12/09 19:13:21 | 000,000,947 | ---- | C] () -- H:\Documents and Settings\Stephanie\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/12/09 19:08:37 | 000,001,621 | ---- | C] () -- H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2010/11/16 22:10:41 | 000,000,787 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/10/12 12:05:56 | 000,000,127 | ---- | C] () -- H:\WINDOWS\System32\MRT.INI
[2010/08/28 15:16:23 | 000,008,704 | ---- | C] () -- H:\WINDOWS\System32\CNMVS75.DLL
[2010/08/26 19:41:23 | 000,147,456 | ---- | C] () -- H:\WINDOWS\System32\DiagFunc.dll
[2010/08/26 19:41:23 | 000,001,191 | ---- | C] () -- H:\WINDOWS\System32\W32N55.INI
[2010/08/26 19:41:23 | 000,000,480 | ---- | C] () -- H:\WINDOWS\System32\DiagFunc.ini
[2010/02/20 23:20:20 | 000,028,160 | ---- | C] () -- H:\Documents and Settings\Stephanie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/17 21:15:23 | 000,003,847 | ---- | C] () -- H:\WINDOWS\Tablet8000x6000M.ini
[2009/12/03 23:44:43 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI
[2009/10/06 18:46:42 | 000,200,704 | ---- | C] () -- H:\WINDOWS\System32\WinTab32.dll
[2007/04/24 19:31:12 | 000,010,240 | ---- | C] () -- H:\WINDOWS\System32\ucinst32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/12 14:06:21 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/12 14:06:21 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/12 14:06:21 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/12 14:06:21 | 023,852,652 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 14:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- H:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- H:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- H:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/04/01 17:37:33 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- H:\WINDOWS\NLDRV\001\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- H:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- H:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- H:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- H:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- H:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- H:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- H:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- H:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/02 09:25:48 | 000,442,368 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- H:\WINDOWS\system32\ATIDEMGX.dll
[2 H:\WINDOWS\system32\*.tmp files -> H:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/12/03 23:32:57 | 000,094,208 | ---- | M] () -- H:\WINDOWS\system32\config\default.sav
[2009/12/03 23:32:57 | 000,659,456 | ---- | M] () -- H:\WINDOWS\system32\config\software.sav
[2009/12/03 23:32:57 | 000,913,408 | ---- | M] () -- H:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\system32\drivers\mbam.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/11/02 07:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\system32\drivers\ndproxy.sys

< End of report >

OTL Extras logfile created on: 1/7/2011 12:17:50 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = H:\Documents and Settings\Stephanie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive G: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 74.52 Gb Total Space | 2.13 Gb Free Space | 2.86% Space Free | Partition Type: NTFS
Drive J: | 111.79 Gb Total Space | 71.16 Gb Free Space | 63.66% Space Free | Partition Type: NTFS
Drive K: | 149.01 Gb Total Space | 10.81 Gb Free Space | 7.26% Space Free | Partition Type: FAT32

Computer Name: STEPHANI-5C4B7B | User Name: Stephanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-583907252-261478967-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "H:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "H:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Program Files\Electronic Arts\EADM\Core.exe" = H:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"H:\Documents and Settings\Stephanie\Desktop\BabylonPortable\App\Babylon\Babylon.exe" = H:\Documents and Settings\Stephanie\Desktop\BabylonPortable\App\Babylon\Babylon.exe:*:Disabled:Babylon -- File not found
"H:\Program Files\VideoLAN\VLC\vlc.exe" = H:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"G:\setup\HPZNUI01.EXE" = G:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe -- File not found
"G:\setup\HPONICIFS01.EXE" = G:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = H:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"H:\Program Files\AVG\AVG10\avgmfapx.exe" = H:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- File not found
"H:\Program Files\Google\Google Earth\plugin\geplugin.exe" = H:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"H:\Program Files\iTunes\iTunes.exe" = H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0468A4CF-069D-86B6-84BD-F8E4F86E2631}" = Catalyst Control Center Graphics Previews Common
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25B9C7BE-5CFD-6173-D3E1-6E4C9EBD8658}" = Catalyst Control Center Graphics Light
"{26999308-FF96-5FBF-B2DB-12E66346FA3A}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2927733E-A961-BA53-03C5-03774A081030}" = ccc-core-static
"{30148775-0642-7507-58EA-3CDB7E828BA2}" = Catalyst Control Center Core Implementation
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3972209B-4946-9B49-1911-0AC122FB8073}" = CCC Help Russian
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{43165058-0CD3-F336-0B4E-879A03DC8F50}" = Catalyst Control Center Graphics Full Existing
"{43F18082-D8A1-5A37-829D-CF1C4ED9ED2A}" = CCC Help Portuguese
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4905D4CA-7295-F988-AE8A-B04675295133}" = CCC Help Thai
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{55A83F62-4CC7-8A5F-0FB0-FE55B53B3ED1}" = CCC Help Finnish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B31B7DD-ED2E-F515-C900-B2E91138A34F}" = ccc-core-preinstall
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5F032DC8-A020-D42E-F2E6-41C748A92A06}" = Catalyst Control Center Graphics Full New
"{618A812B-3099-8DB2-C8E4-95D15A7B7CD5}" = Catalyst Control Center HydraVision Full
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6A7E75AF-C2C7-4B1E-FE46-E0979833D6D5}" = CCC Help Spanish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71AFFCBF-0864-C19D-0C07-5DF67BA0382D}" = CCC Help Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7876AE8D-08D8-3A1C-A1F4-E7F255DDBBEA}" = ccc-utility
"{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
"{8425081E-FEFF-6E4B-408E-53345859896C}" = CCC Help English
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90FE2C60-A4C3-D61D-790A-9493EE405AEA}" = CCC Help Swedish
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A8BBAA6B-71BE-4AA2-A9DE-76BF38473E5F}" = ATI AVIVO Codecs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADAA5D11-5D8F-31EC-1992-693239110308}" = CCC Help French
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B21C00B6-2B53-BB00-B4FE-27316019A9C5}" = CCC Help Chinese Traditional
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD7CDF5A-315E-A085-CF42-921B37D7A507}" = CCC Help Hungarian
"{BDC8B094-1ACE-4DC1-B948-35487DC17634}" = calibre
"{BE9269F2-562B-7BC7-9BE9-16EF8B52B403}" = Catalyst Control Center Localization All
"{BF243C52-D0D2-A777-D388-DFCCF00FFC23}" = CCC Help Dutch
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7370250-3AA3-23F8-DE52-21701C911BBD}" = CCC Help Korean
"{C7DA1638-A3B9-0AF6-B1B3-5ACBC08E7204}" = CCC Help Polish
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D472CC91-8FFC-B07C-F755-363498CF7724}" = CCC Help Danish
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D68E33C8-F508-F069-FF15-59B2BF50B0D3}" = CCC Help Japanese
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E236A12C-FE29-49C4-C10C-F9AFF2EE8D39}" = CCC Help Chinese Standard
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFA83B92-06EA-D90D-1342-A7872D97B89F}" = CCC Help Italian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FAFD1909-311F-2035-6C97-7151A3B485C5}" = CCC Help Greek
"{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}" = HydraVision
"{FD433CFA-5819-54FC-005C-140926CDBB6F}" = CCC Help Czech
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF97034A-E1FE-CC80-E5D4-549796B72E36}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Kindle For PC" = Amazon Kindle For PC
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"ATI Display Driver" = ATI Display Driver
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn Disc Burning Software
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Picasa 3" = Picasa 3
"Shop for HP Supplies" = Shop for HP Supplies
"Stellarium_is1" = Stellarium 0.10.4
"VLC media player" = VLC media player 1.0.1
"whitesmoketoolbar" = WhiteSmoke Toolbar
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-583907252-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2010 2:13:48 AM | Computer Name = STEPHANI-5C4B7B | Source = MsiInstaller | ID = 11904
Description = Product: SolutionCenter -- Error 1904. Module H:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
failed to register. HRESULT -2147220473. Contact your support personnel.

Error - 11/17/2010 7:02:38 PM | Computer Name = STEPHANI-5C4B7B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 11/17/2010 7:02:38 PM | Computer Name = STEPHANI-5C4B7B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 11/17/2010 7:02:39 PM | Computer Name = STEPHANI-5C4B7B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 11/17/2010 9:35:00 PM | Computer Name = STEPHANI-5C4B7B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 11/17/2010 9:35:01 PM | Computer Name = STEPHANI-5C4B7B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 11/17/2010 9:35:01 PM | Computer Name = STEPHANI-5C4B7B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 11/17/2010 9:35:02 PM | Computer Name = STEPHANI-5C4B7B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 11/17/2010 9:35:11 PM | Computer Name = STEPHANI-5C4B7B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 11/18/2010 3:08:05 AM | Computer Name = STEPHANI-5C4B7B | Source = Bonjour Service | ID = 100
Description = 264: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ OSession Events ]
Error - 5/13/2010 12:02:21 AM | Computer Name = STEPHANI-5C4B7B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 144
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/30/2010 12:30:12 AM | Computer Name = STEPHANI-5C4B7B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2444
seconds with 1680 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/4/2011 12:44:22 PM | Computer Name = STEPHANI-5C4B7B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/4/2011 1:50:03 PM | Computer Name = STEPHANI-5C4B7B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/4/2011 1:50:33 PM | Computer Name = STEPHANI-5C4B7B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/4/2011 1:51:03 PM | Computer Name = STEPHANI-5C4B7B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/5/2011 11:34:49 AM | Computer Name = STEPHANI-5C4B7B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/5/2011 9:14:46 PM | Computer Name = STEPHANI-5C4B7B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/6/2011 11:28:32 AM | Computer Name = STEPHANI-5C4B7B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/6/2011 9:19:51 PM | Computer Name = STEPHANI-5C4B7B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/7/2011 2:08:27 PM | Computer Name = STEPHANI-5C4B7B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/7/2011 2:12:08 PM | Computer Name = STEPHANI-5C4B7B | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{EFD87DAC-6764-4EFA-9A5B-9D6CE1B605A7}
because another computer on the network has the same name. The server could not
start.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:10 AM

Posted 07 January 2011 - 03:49 PM

Hi,


you seem to have been infected with a flash drive infection. We will first try to disinfect all your flash drives to avoid spreading the infection:
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Also please run a scan with Rootkit Unhooker:
Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 stephishy

stephishy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 07 January 2011 - 04:24 PM

Hi Myrti,

So running the flash disinfector seemed to clear up an error that I kept getting before (see the pic below). I actually don't have any standard USB flash drives, but I do have a bunch of SD cards, microSD cards, and other camera memory sticks that I basically use as flash drives. Should I plug in all of those too? Thank you so much! (That error was REALLY annoying).

Although, I think that google redirect bug is still alive...

You are awesome!
Stephanie

Here's the report from Rootkit:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xACFDC000 H:\WINDOWS\system32\drivers\RtkHDAud.sys 4546560 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB9667000 H:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4452352 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1EE000 H:\WINDOWS\System32\ati3duag.dll 3014656 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 H:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF4CE000 H:\WINDOWS\System32\ativvaxx.dll 2142208 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 H:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAC016000 H:\WINDOWS\system32\DRIVERS\rt2870.sys 782336 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)
0xBF068000 H:\WINDOWS\System32\ati2cqag.dll 651264 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF107000 H:\WINDOWS\System32\atikvmag.dll 552960 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xAC12F000 H:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF18E000 H:\WINDOWS\System32\atiok3x2.dll 393216 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xB9503000 H:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAC25C000 H:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8812000 H:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 H:\WINDOWS\System32\ati2dvag.dll 352256 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 H:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA82A9000 H:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9561000 H:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8AC2000 H:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7424000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA7E93000 H:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAC19F000 H:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB962B000 H:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAC234000 H:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAC20E000 H:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA94F0000 H:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAD432000 H:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB95F0000 H:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB95B9000 H:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAC1EC000 H:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAC1CA000 H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 H:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF747A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAD456000 H:\WINDOWS\system32\drivers\AtiHdmi.sys 110592 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xF740A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xABF25000 H:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7451000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB95A2000 H:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB9614000 H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 94208 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xA9157000 H:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB95DC000 H:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9653000 H:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAC2B5000 H:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 H:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7468000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9591000 H:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xABF65000 H:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF7677000 H:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB9F2C000 H:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7577000 H:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7687000 H:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA93E0000 H:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7567000 H:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7637000 H:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7697000 H:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76B7000 H:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7517000 H:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB9F1C000 H:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76A7000 H:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7587000 H:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76D7000 H:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7507000 H:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB9F3C000 H:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76C7000 H:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7527000 H:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA91FC000 H:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7537000 H:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB9B5B000 H:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB9B4B000 H:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF781F000 H:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF774F000 H:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB9B73000 H:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 H:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB9B43000 H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7757000 H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF777F000 H:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB9B8B000 H:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB9B53000 H:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7817000 H:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB9B6B000 H:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB9B83000 H:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7777000 H:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xB9B63000 H:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7767000 H:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF776F000 H:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77EF000 H:\WINDOWS\System32\Drivers\Scutum50.sys 20480 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 SPR Protocol Driver)
0xF775F000 H:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77B7000 H:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAD489000 H:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9F14000 H:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA7CC000 H:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 H:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA7EC000 H:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9F10000 H:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xACFC4000 H:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7C4000 H:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA7E8000 H:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79BF000 H:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79DF000 H:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79BD000 H:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 H:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79C1000 H:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79D7000 H:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79C3000 H:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79EB000 H:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF79B5000 H:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79BB000 H:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 H:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7AB6000 H:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7A6A000 H:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7AB1000 H:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x00D80000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 102400 bytes
0x06790000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 102400 bytes
0x06B00000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 102400 bytes
0x04B10000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 110592 bytes
0x00CF0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8A4775D0 ] PID: 648, 118784 bytes
0x038C0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 118784 bytes
0x07520000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 1224704 bytes
0x080D0000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 159744 bytes
0x06D80000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 1740800 bytes
0x08100000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 176128 bytes
0x06750000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 208896 bytes
0x06F30000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 217088 bytes
0x08130000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 225280 bytes
0x08170000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 249856 bytes
0x07A50000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 282624 bytes
0x00EC0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8A4775D0 ] PID: 648, 28672 bytes
0x01130000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8A4775D0 ] PID: 648, 28672 bytes
0x04E20000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04590000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04460000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x00D70000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x00DA0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x039E0000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04410000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x043E0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04430000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04580000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04B00000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04AF0000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04BD0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04BE0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04C40000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04CA0000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04C90000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04CD0000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04CC0000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04FB0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x04FD0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x05010000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x05090000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x050B0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x05160000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x05120000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x05140000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x05290000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x05450000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x057E0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x06450000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x06660000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x06670000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x066E0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x067E0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x067D0000 Hidden Image-->Branding.dll [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x06710000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x067C0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x06AF0000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x06B50000 Hidden Image-->atixclib.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 28672 bytes
0x01150000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8A4775D0 ] PID: 648, 307200 bytes
0x00DE0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8A47E480 ] PID: 1240, 307200 bytes
0x073A0000 Hidden Image-->CLI.Aspect.HydraVision.Wizard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 323584 bytes
0x07B70000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 339968 bytes
0x04B50000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 348160 bytes
0x03810000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8A4775D0 ] PID: 648, 36864 bytes
0x03910000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x03930000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x03A70000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x03B60000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x04AD0000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x04C60000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x050D0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x051A0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x051D0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x05200000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x05280000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x066C0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x07250000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 36864 bytes
0x07B10000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 372736 bytes
0x07AA0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 405504 bytes
0x065F0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 413696 bytes
0x06B60000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 421888 bytes
0x07270000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 421888 bytes
0x00D20000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8A4775D0 ] PID: 648, 45056 bytes
0x00D90000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8A4775D0 ] PID: 648, 45056 bytes
0x037E0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8A4775D0 ] PID: 648, 45056 bytes
0x04CB0000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x04C30000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x00D40000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x00D60000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x00E40000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x03A00000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x04C50000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x04C70000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x04F90000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x05180000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x051B0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x051F0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 45056 bytes
0x045A0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x8A47E480 ] PID: 1240, 454656 bytes
0x06A70000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 503808 bytes
0x039D0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x039C0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x03A60000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x04400000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x04570000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x050C0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x05170000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x051E0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x057C0000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x066A0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x06730000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x06B20000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 53248 bytes
0x06460000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 561152 bytes
0x07BD0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 585728 bytes
0x051C0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 61440 bytes
0x05230000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 61440 bytes
0x05270000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 61440 bytes
0x05330000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 61440 bytes
0x07E00000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 651264 bytes
0x068A0000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 659456 bytes
0x052E0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 69632 bytes
0x038E0000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 69632 bytes
0x03940000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 69632 bytes
0x03A30000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x8A47E480 ] PID: 1240, 69632 bytes
0x05210000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 69632 bytes
0x052C0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 69632 bytes
0x05470000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 69632 bytes
0x07330000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 69632 bytes
0x00DA0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8A4775D0 ] PID: 648, 77824 bytes
0x05070000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 77824 bytes
0x00DB0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 77824 bytes
0x05100000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 77824 bytes
0x07D30000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 790528 bytes
0x066F0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 86016 bytes
0x050E0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 86016 bytes
0x052A0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 86016 bytes
0x05310000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x8A47E480 ] PID: 1240, 94208 bytes

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:10 AM

Posted 07 January 2011 - 07:03 PM

Hi,

I would suggest that you uninstall WhiteSmoke Toolbar next, the toolbar has a shady reputation.

Please also run the following script to remove leftover from the autorun infection:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    O32 - AutoRun File - [2010/12/11 13:30:27 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002/10/16 04:56:50 | 000,000,036 | RH-- | M] () - J:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\Shell - "" = AutoRun
    O33 - MountPoints2\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\Shell\Open\command - "" = J:\resycled\boot.com -- File not found
    :files
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 stephishy

stephishy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 10 January 2011 - 09:49 PM

Hi again,

Sorry, I was away this weekend. But now I'm back. Back to this bleeping computer. :)

Some new issues came up, so I'll write what I did in order, below.

1.) Uninstalled WhiteSmoke Toolbar...
...and after I rebooted I ended up with...
2.) A new error! See picture below. Something to do with HPAssistant PSSWCORE? Hitting cancel gets me nowhere, hitting OK gets me nowhere. What is this?
3.) Ran the OTL.exe Fix that you gave me, but as soon as I clicked "Run Fix", the old Windows-No Disk error popped up.
4.) Ran the follow up
Anyways, here's the logs below:

========== OTL ==========
File not found.
J:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2ac9428-03f1-11df-902b-001bb9a9b6b5}\ not found.
File J:\resycled\boot.com not found.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.2.20.1 log created on 01102011_183904


OTL logfile created on: 1/10/2011 6:46:31 PM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = H:\Documents and Settings\Stephanie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive G: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 74.52 Gb Total Space | 2.67 Gb Free Space | 3.59% Space Free | Partition Type: NTFS
Drive I: | 3.79 Gb Total Space | 3.79 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive J: | 111.79 Gb Total Space | 71.16 Gb Free Space | 63.66% Space Free | Partition Type: NTFS
Drive K: | 149.01 Gb Total Space | 10.81 Gb Free Space | 7.26% Space Free | Partition Type: FAT32
Drive L: | 3.79 Gb Total Space | 1.25 Gb Free Space | 33.09% Space Free | Partition Type: FAT32

Computer Name: STEPHANI-5C4B7B | User Name: Stephanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - H:\Documents and Settings\Stephanie\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - H:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - H:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - H:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - H:\WINDOWS\system32\drivers\WTSrv.exe (Tablet Driver)
PRC - H:\WINDOWS\system32\WTClient.exe (Tablet Driver)
PRC - H:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - H:\Program Files\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - H:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - H:\WINDOWS\system32\WISPTIS.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - H:\Documents and Settings\Stephanie\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - H:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - H:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
MOD - H:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - H:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Hamachi2Svc) -- H:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Apple Mobile Device) -- H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WinTabService) -- H:\WINDOWS\System32\Drivers\WTSRV.EXE (Tablet Driver)
SRV - (RalinkRegistryWriter) -- H:\Program Files\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)


========== Driver Services (SafeList) ==========

DRV - (Tablet2k) -- H:\WINDOWS\System32\Drivers\Tablet2k.sys File not found
DRV - (SASKUTIL) -- H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- H:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (rt2870) -- H:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (ati2mtag) -- H:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (UCTblHid) -- H:\WINDOWS\system32\drivers\UCTblHid.sys (Tablet Driver)
DRV - (TClass2k) -- H:\WINDOWS\system32\drivers\TClass2k.sys (Tablet Driver)
DRV - (AtiHdmiService) -- H:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (Scutum50) -- H:\WINDOWS\system32\drivers\Scutum50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (hamachi) -- H:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- H:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- H:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- H:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- H:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.voltaxprep.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/07 02:34:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: H:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/07 02:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2010/12/23 08:39:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2010/12/23 08:39:56 | 000,000,000 | ---D | M]

[2011/01/07 17:35:39 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d728wctj.default\extensions
[2010/12/10 17:27:28 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions
[2010/11/29 19:38:32 | 000,000,000 | ---D | M] (Default) -- H:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/10 17:27:36 | 000,000,000 | ---D | M] (Skype extension) -- H:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/03 21:30:13 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/12/07 02:33:14 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/11/29 19:38:13 | 000,025,048 | ---- | M] (Mozilla Foundation) -- H:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/11/29 19:38:13 | 000,138,712 | ---- | M] (Mozilla Foundation) -- H:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/07 02:33:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/11/29 19:38:24 | 000,066,520 | ---- | M] (mozilla.org) -- H:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- H:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/12/23 08:39:56 | 000,159,744 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/23 08:39:56 | 000,159,744 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/23 08:39:56 | 000,159,744 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/23 08:39:56 | 000,159,744 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/23 08:39:56 | 000,159,744 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/23 08:39:56 | 000,159,744 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/23 08:39:56 | 000,159,744 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/11/29 19:38:26 | 000,001,394 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/11/29 19:38:26 | 000,002,193 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/11/29 19:38:26 | 000,001,534 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/11/29 19:38:26 | 000,002,344 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/11/29 19:38:26 | 000,002,371 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/11/29 19:38:26 | 000,001,178 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/11/29 19:38:26 | 000,000,792 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - H:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - H:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] H:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [GrooveMonitor] H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] H:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSPY2002] H:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] H:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] H:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] H:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] H:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] H:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WTClient] H:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] H:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Google Update] H:\Documents and Settings\Stephanie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = H:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: H:\Documents and Settings\Stephanie\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - H:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - H:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - H:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - H:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - H:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - H:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - H:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - H:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - H:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - H:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - H:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - H:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - H:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - H:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - H:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - H:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - H:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - H:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - H:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - H:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - H:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: H:\Documents and Settings\Stephanie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Documents and Settings\Stephanie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - H:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - H:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - H:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - H:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - H:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - H:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - H:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - H:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - H:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - H:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/20 23:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/06/27 01:12:50 | 000,000,049 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011/01/07 13:08:59 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/01/07 13:09:02 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/11 13:30:27 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ]
O32 - AutoRun File - [2011/01/07 13:09:06 | 000,000,000 | RHSD | M] - K:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/07 13:09:06 | 000,000,000 | RHSD | M] - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010/09/20 23:23:57 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 18:39:04 | 000,000,000 | ---D | C] -- H:\_OTL
[2011/01/10 18:30:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Application Data\Sun
[2011/01/10 18:27:21 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/10 18:27:20 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/01/10 18:25:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Application Data\ATI
[2011/01/10 18:25:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\ATI
[2011/01/10 18:25:43 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Adobe
[2011/01/07 18:51:32 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/01/07 17:38:49 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Application Data\Macromedia
[2011/01/07 17:38:48 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Application Data\Adobe
[2011/01/07 17:37:18 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\HP
[2011/01/07 13:17:19 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Rootkit Unhooker LE
[2011/01/07 13:17:19 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Desktop\MustBeRandomlyNamed
[2011/01/07 13:16:57 | 000,719,574 | ---- | C] (UG North ) -- H:\Documents and Settings\Stephanie\Desktop\RkU3.8.388.590.exe
[2011/01/07 13:08:59 | 000,000,000 | RHSD | C] -- H:\autorun.inf
[2011/01/02 17:28:51 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\My Documents\CLP
[2011/01/01 11:29:37 | 000,000,000 | ---D | C] -- H:\Program Files\Trend Micro
[2011/01/01 11:29:37 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Start Menu\Programs\HiJackThis
[2010/12/25 14:31:23 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2010/12/25 14:31:22 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2010/12/25 14:31:21 | 000,000,000 | ---D | C] -- H:\Program Files\NCH Swift Sound
[2010/12/23 08:47:21 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2010/12/23 08:46:33 | 000,000,000 | ---D | C] -- H:\Program Files\iPod
[2010/12/23 08:46:29 | 000,000,000 | ---D | C] -- H:\Program Files\iTunes
[2010/12/23 08:39:50 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2010/12/23 08:39:28 | 000,000,000 | ---D | C] -- H:\Program Files\QuickTime
[2010/12/20 21:31:46 | 000,000,000 | ---D | C] -- H:\Program Files\whitesmoketoolbar
[2010/12/17 22:05:37 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Stephanie\Local Settings\Application Data\LogMeIn Hamachi
[2010/12/17 22:05:31 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/12/17 22:05:13 | 000,000,000 | ---D | C] -- H:\Program Files\LogMeIn Hamachi
[2010/12/17 22:05:13 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2010/12/15 21:05:10 | 000,040,960 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 21:01:16 | 000,045,568 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wab.exe
[2010/12/11 22:17:48 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\appmgmt
[4 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[2 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/10 18:34:09 | 000,288,342 | ---- | M] () -- H:\Documents and Settings\Stephanie\Desktop\newerror.bmp
[2011/01/10 18:27:19 | 000,012,598 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2011/01/10 18:25:40 | 000,000,888 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 18:25:32 | 000,219,120 | ---- | M] () -- H:\WINDOWS\System32\ativvaxx.cap
[2011/01/10 18:25:32 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2011/01/07 18:05:00 | 000,000,994 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-261478967-839522115-1003UA.job
[2011/01/07 18:03:00 | 000,000,892 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/06 19:05:00 | 000,000,942 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-261478967-839522115-1003Core.job
[2011/01/03 17:41:18 | 000,180,554 | ---- | M] () -- H:\Documents and Settings\Stephanie\Desktop\whatareu.bmp
[2011/01/02 18:04:26 | 000,020,615 | ---- | M] () -- H:\Documents and Settings\Stephanie\Desktop\ballet.JPG
[2011/01/02 17:35:01 | 000,030,038 | ---- | M] () -- H:\Documents and Settings\Stephanie\Desktop\joshuatree.JPG
[2011/01/01 11:29:37 | 000,001,992 | ---- | M] () -- H:\Documents and Settings\Stephanie\Desktop\HiJackThis.lnk
[2010/12/29 13:56:00 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/26 17:53:55 | 000,028,160 | ---- | M] () -- H:\Documents and Settings\Stephanie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/25 14:50:53 | 000,000,306 | ---- | M] () -- H:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/12/23 08:47:21 | 000,001,542 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/20 20:41:04 | 000,000,664 | ---- | M] () -- H:\WINDOWS\System32\d3d9caps.dat
[2010/12/17 20:20:35 | 000,232,501 | ---- | M] () -- H:\Documents and Settings\Stephanie\Desktop\Minecraft.exe
[2010/12/16 08:13:41 | 000,290,888 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 21:31:17 | 000,001,393 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[4 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[2 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/10 18:34:09 | 000,288,342 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\newerror.bmp
[2011/01/03 17:41:18 | 000,180,554 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\whatareu.bmp
[2011/01/02 18:04:26 | 000,020,615 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\ballet.JPG
[2011/01/02 17:36:49 | 000,521,194 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\snowboardfailprofile.bmp
[2011/01/02 17:35:01 | 000,030,038 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\joshuatree.JPG
[2011/01/02 17:32:48 | 003,059,505 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\HuntingtonGardens.JPG
[2011/01/01 11:29:37 | 000,001,992 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\HiJackThis.lnk
[2010/12/25 14:50:50 | 000,000,306 | ---- | C] () -- H:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/12/23 08:47:21 | 000,001,542 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/17 20:20:34 | 000,232,501 | ---- | C] () -- H:\Documents and Settings\Stephanie\Desktop\Minecraft.exe
[2010/10/12 12:05:56 | 000,000,127 | ---- | C] () -- H:\WINDOWS\System32\MRT.INI
[2010/08/28 15:16:23 | 000,008,704 | ---- | C] () -- H:\WINDOWS\System32\CNMVS75.DLL
[2010/08/26 19:41:23 | 000,147,456 | ---- | C] () -- H:\WINDOWS\System32\DiagFunc.dll
[2010/08/26 19:41:23 | 000,001,191 | ---- | C] () -- H:\WINDOWS\System32\W32N55.INI
[2010/08/26 19:41:23 | 000,000,480 | ---- | C] () -- H:\WINDOWS\System32\DiagFunc.ini
[2010/02/20 23:20:20 | 000,028,160 | ---- | C] () -- H:\Documents and Settings\Stephanie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/17 21:15:23 | 000,003,847 | ---- | C] () -- H:\WINDOWS\Tablet8000x6000M.ini
[2009/12/03 23:44:43 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI
[2009/10/06 18:46:42 | 000,200,704 | ---- | C] () -- H:\WINDOWS\System32\WinTab32.dll
[2007/04/24 19:31:12 | 000,010,240 | ---- | C] () -- H:\WINDOWS\System32\ucinst32.dll

< End of report >

#8 stephishy

stephishy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 10 January 2011 - 09:52 PM

oops, forgot to attach image of new problem

Attached Files



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:10 AM

Posted 11 January 2011 - 09:53 AM

Hi,

the message looks like a corrupted install of HP software. Do you have your HP disks?

Please run a scan with rootkit unhooker next:
Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 stephishy

stephishy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 11 January 2011 - 01:00 PM

Good morning!

Yes, I do have the CDs for the HP printer...although, I think it was after those disks were used that the "Windows-No Disk" error first showed up.

Here's the result from the last RKUnhooker scan.


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xACED0000 H:\WINDOWS\system32\drivers\RtkHDAud.sys 4546560 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB95FB000 H:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4452352 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1EE000 H:\WINDOWS\System32\ati3duag.dll 3014656 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 H:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF4CE000 H:\WINDOWS\System32\ativvaxx.dll 2142208 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 H:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAB9A4000 H:\WINDOWS\system32\DRIVERS\rt2870.sys 782336 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)
0xBF068000 H:\WINDOWS\System32\ati2cqag.dll 651264 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF107000 H:\WINDOWS\System32\atikvmag.dll 552960 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xABABD000 H:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF18E000 H:\WINDOWS\System32\atiok3x2.dll 393216 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xB9497000 H:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xABC12000 H:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA81A0000 H:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 H:\WINDOWS\System32\ati2dvag.dll 352256 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 H:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA7C87000 H:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB94F5000 H:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8428000 H:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7424000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xABB2D000 H:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB95BF000 H:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xABBC2000 H:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xABB9C000 H:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8E7E000 H:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAD326000 H:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9584000 H:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB954D000 H:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xABB7A000 H:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xABB58000 H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 H:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF747A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAD34A000 H:\WINDOWS\system32\drivers\AtiHdmi.sys 110592 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xF740A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAB8B3000 H:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7451000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9536000 H:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB95A8000 H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 94208 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xA8ABD000 H:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9570000 H:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB95E7000 H:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xABC6B000 H:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 H:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7468000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9525000 H:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAB8F3000 H:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF7577000 H:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76F7000 H:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA786000 H:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7567000 H:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA8D8A000 H:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA766000 H:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7637000 H:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7557000 H:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7537000 H:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA716000 H:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7587000 H:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7547000 H:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA796000 H:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7517000 H:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7667000 H:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76E7000 H:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7527000 H:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA726000 H:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA7A54000 H:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA736000 H:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB9AF9000 H:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF777F000 H:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF781F000 H:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF774F000 H:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB9B11000 H:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 H:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7787000 H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7757000 H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB9B31000 H:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB9B29000 H:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB9AF1000 H:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7817000 H:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB9B09000 H:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB9B21000 H:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7777000 H:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xB9B01000 H:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7767000 H:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF776F000 H:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77CF000 H:\WINDOWS\System32\Drivers\Scutum50.sys 20480 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 SPR Protocol Driver)
0xF775F000 H:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xABA9B000 H:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAD3C9000 H:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA048000 H:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA7C0000 H:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 H:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xACEC0000 H:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAD3D1000 H:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xABC0E000 H:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7B8000 H:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA7E0000 H:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79BF000 H:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF799F000 H:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79BD000 H:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 H:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79C1000 H:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79D3000 H:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79C3000 H:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79E1000 H:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF79B5000 H:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79BB000 H:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 H:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB9A3C000 H:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AA4000 H:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A7F000 H:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x00D80000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 102400 bytes
0x067A0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 102400 bytes
0x06B40000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 102400 bytes
0x04B10000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 110592 bytes
0x00CF0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x89C47250 ] PID: 2016, 118784 bytes
0x038B0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 118784 bytes
0x07610000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 1224704 bytes
0x07EB0000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 159744 bytes
0x07100000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 1740800 bytes
0x07EE0000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 176128 bytes
0x06760000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 208896 bytes
0x072F0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 217088 bytes
0x07F10000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 225280 bytes
0x07F50000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 249856 bytes
0x07A40000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 282624 bytes
0x00EC0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x89C47250 ] PID: 2016, 28672 bytes
0x010E0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x89C47250 ] PID: 2016, 28672 bytes
0x04AF0000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x00D70000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x00DA0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x039E0000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x043E0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04410000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04430000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04460000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04590000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04580000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04740000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04B00000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04BD0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04C00000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04C40000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04CA0000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04C80000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04CC0000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04E40000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x05120000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x05070000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04FB0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04FD0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x04FF0000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x050C0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x05160000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x05140000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x057E0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x05280000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x05450000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x06440000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x06670000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x06660000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x066F0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x067D0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x06720000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x06950000 Hidden Image-->Branding.dll [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x06970000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x06B20000 Hidden Image-->atixclib.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x07330000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 28672 bytes
0x01100000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x89C47250 ] PID: 2016, 307200 bytes
0x00DE0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8A20D858 ] PID: 756, 307200 bytes
0x07490000 Hidden Image-->CLI.Aspect.HydraVision.Wizard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 323584 bytes
0x07B60000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 339968 bytes
0x04B50000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 348160 bytes
0x03900000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x89C47250 ] PID: 2016, 36864 bytes
0x03930000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x03910000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x03A70000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x03B60000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x04AD0000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x04C60000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x05080000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x051A0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x05200000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x051D0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x05240000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x066B0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x066D0000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 36864 bytes
0x07B00000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 372736 bytes
0x07A90000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 405504 bytes
0x065F0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 413696 bytes
0x06990000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 421888 bytes
0x06E20000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 421888 bytes
0x00D90000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x89C47250 ] PID: 2016, 45056 bytes
0x00D20000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x89C47250 ] PID: 2016, 45056 bytes
0x038D0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x89C47250 ] PID: 2016, 45056 bytes
0x00D40000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x00D60000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x00E40000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x03A00000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x04C30000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x04C50000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x04C90000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x04CB0000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x04F90000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x051C0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x05180000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x051F0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 45056 bytes
0x04750000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x8A20D858 ] PID: 756, 454656 bytes
0x06A60000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 503808 bytes
0x039C0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x039D0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x03A60000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x04570000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x04400000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x050D0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x05170000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x051B0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x064E0000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x066A0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x06AF0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x06740000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 53248 bytes
0x06450000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 561152 bytes
0x07BC0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 585728 bytes
0x051E0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 61440 bytes
0x05250000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 61440 bytes
0x05300000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 61440 bytes
0x052F0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 61440 bytes
0x07E10000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 651264 bytes
0x06890000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 659456 bytes
0x038D0000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 69632 bytes
0x03940000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 69632 bytes
0x03A30000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x8A20D858 ] PID: 756, 69632 bytes
0x05220000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 69632 bytes
0x052D0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 69632 bytes
0x052B0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 69632 bytes
0x05470000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 69632 bytes
0x07DF0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 69632 bytes
0x00DA0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x89C47250 ] PID: 2016, 77824 bytes
0x00DB0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 77824 bytes
0x05090000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 77824 bytes
0x05100000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 77824 bytes
0x07D20000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 790528 bytes
0x050E0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 86016 bytes
0x05290000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 86016 bytes
0x06700000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 86016 bytes
0x05310000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x8A20D858 ] PID: 756, 94208 bytes

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:10 AM

Posted 11 January 2011 - 03:37 PM

Hi,

it is possibly that the install of the pritner software was somehow corrupted/incomplete and that is why it keeps asking for the CD.

please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 stephishy

stephishy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 11 January 2011 - 10:53 PM

I downloaded and installed both the program and windows recovery but it after letting it scan for 3 hours, it still hasn't gone beyond the 3 line intro...

I also seem to have lost the ability for my wireless adapter to connect to the Internet.

Should I hold power and force-quit? Then run the program again?

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:10 AM

Posted 12 January 2011 - 07:00 AM

Hi,

can you just close the program? Instead of the power quit?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 stephishy

stephishy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 12 January 2011 - 08:49 PM

I tried to alt f4, tried quietly in task manager to no avail so I power quit. I also noticed that the Microsoft office installation is now corrupt. I'll try running the program again later tonight

#15 stephishy

stephishy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 13 January 2011 - 03:39 PM

Hey again, couldn't get combofix to run :( any ideas? Is the corrupt hp installer maybe messing with combofix?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users