Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer may still be infected with "Win 7 Internet Security 2010"


  • This topic is locked This topic is locked
21 replies to this topic

#1 torchy99

torchy99

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 03 January 2011 - 02:47 PM

I have had a series of viruses and malware on my computer running Windows 7 that I have been able to eliminate to some degree, but need to have someone take a look and see if it is completely malware-free. I’ve tried to run “dss.scr” to post logs without success, and I now realize it doesn’t run on Windows 7. So instead, I have used RSIT.exe, which was recommended to me.

I believe I may still be infected with some version of “Win 7 Internet Security 2010” plus lots of spyware cookies. Can anyone assist me in finding and eliminating these? I will be happy to generate logs from whatever programs you think will run on Windows 7 and will be helpful to you. Thanks so much in advance.

Here are the logs from RSIT [although I just realized I should have disabled my antivirus program(s) first]. I’m running GMER right now (since yesterday) and I’m hoping it’s nearly finished so I can post it, too.

Here’s RSIT’s log:
INFO.TXT file
info.txt logfile of random's system information tool 1.08 2011-01-02 16:31:26
======Uninstall list======
-->"C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\setup\ccinstaller.exe" /u /silent /module="fw"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Cue Master\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Overball\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Tubing\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /X{166478EA-A017-43C0-BE42-7560BD5A646B}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A05B328-35EB-4CED-B16F-62FA5A2642E6}\setup.exe" -l0x9 IfYouSeeThisAlowOnlyRemove -removeonly
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Community Help-->msiexec /qb /x {0C432DEB-FBF2-A5E0-FDB7-4B39F7FAF0D4}
Adobe Community Help-->MsiExec.exe /I{0C432DEB-FBF2-A5E0-FDB7-4B39F7FAF0D4}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Dreamweaver CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{C79312BD-3E76-4474-A10C-1435D1856A4B}"
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 Professional-->C:\Program Files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B}
Adobe Photoshop Elements 8.0-->msiexec /i {17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}
Adobe Photoshop.com Inspiration Browser-->msiexec /qb /x {AFBBF30D-ADA9-4313-464E-14458B6BE034}
Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advanced Analyzer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF397F20-24BB-11D7-AC6F-0050DA09345C}\Setup.exe" 1
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
AMRT-->MsiExec.exe /I{01A3E75B-54C0-407F-8B95-B77705C7DCC4}
Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Auction Alert 2.0.2-->"C:\Program Files\Auction Alert\unins000.exe"
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
CA Anti-Virus Plus-->"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\setup\ccinstaller.exe" /u /silent /module="am"
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CA Personal Firewall-->MsiExec.exe /X{2681A52E-FCFA-4982-A030-7B652BDD346C}
CA Website Inspector-->C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\CAWebsiteInspector.exe /uninstall
CamStudio Lossless Codec v1.4-->"C:\Windows\system32\unins000.exe"
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
Cars Demo-->MsiExec.exe /X{8D361950-BDB3-40CF-B57C-53F9F4E5048A}
Centra Client-->C:\PROGRA~1\Centra\Client\bin\updater.exe -uninstall
CoffeeCup Free HTML Editor-->C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
DGOControls-->C:\Program Files\InstallShield Installation Information\{779A19AC-A302-425D-B295-F12116C2D731}\setup.exe -runfromtemp -l0x0009 -removeonly
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DirectX 9 Runtime-->MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
Disney-Pixar Ratatouille Demo-->C:\Program Files\InstallShield Installation Information\{EA5EA0B3-7C8C-4B34-B1EB-249EDA7F30C8}\setup.exe -runfromtemp -l0x0009 -removeonly
Disney-Pixar WALL-E-->C:\Program Files\InstallShield Installation Information\{B94C6815-7BCC-4124-AC39-9208A06FFFA7}\setup.exe -runfromtemp -l0x0009 -removeonly
DNAMigrator-->"C:\Program Files\CA\CA Internet Security Suite\CA Backup and Migration\setup\ccinstaller.exe" /u /silent /module="bm"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
FileZilla Client 3.3.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
GameSpot Download Manager-->"C:\Program Files\GameSpot\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_4079369A224CB572.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hitman Pro 3.5-->"C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /uninstall
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Color LaserJet 2605 2.0-->C:\Program Files\HP\Digital Imaging\{4E59AA98-3EF3-47A3-9DEA-6B37F00C901F}\setup\hpzscr01.exe -datfile hppscr02.dat -onestop -forcereboot
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Driver Diagnostics-->MsiExec.exe /I{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP My Display-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x9 -removeonly
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPCarePackCore-->MsiExec.exe /I{7B02BF60-796D-4616-908B-B31A63CFDEFB}
HPCarePackProducts-->MsiExec.exe /I{9203AC41-0E7B-445A-98E6-AB3072CB4A10}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Viiv™ Software-->MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaCoder 0.7.2.4582-->C:\Program Files\MediaCoder\uninst.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Expression Blend 3 SDK-->MsiExec.exe /X{0E837AF0-4C92-4077-83F0-D022073F17C0}
Microsoft Expression Blend 3-->"c:\Program Files\Microsoft Expression\Blend 3\XSetup.exe" -x -AppLangId:1033 "-manifest:BlendManifest.cab" "-source:c:\Program Files\Microsoft Expression\Blend 3\Setup;c:\c0958d159ecd3e8794\Setup"
Microsoft Expression Blend 3-->MsiExec.exe /X{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}
Microsoft Expression Design 3-->"c:\Program Files\Microsoft Expression\Design 3\XSetup.exe" -x -AppLangId:1033 "-manifest:DesignManifest.cab" "-source:c:\Program Files\Microsoft Expression\Design 3\Setup;c:\c0958d159ecd3e8794\Setup"
Microsoft Expression Design 3-->MsiExec.exe /X{E9980014-BE11-4891-A5F4-0F2917B856BC}
Microsoft Expression Encoder 3-->"c:\Program Files\Microsoft Expression\Encoder 3\XSetup.exe" -x -AppLangId:1033 "-manifest:EncoderManifest.cab" "-source:c:\Program Files\Microsoft Expression\Encoder 3\Setup;c:\c0958d159ecd3e8794\Setup"
Microsoft Expression Encoder 3-->MsiExec.exe /X{F1F1A2AD-A1CE-4D9D-B510-31F280B45E0B}
Microsoft Expression Studio 3-->"c:\Program Files\Microsoft Expression\Studio 3\XSetup.exe" -x -AppLangId:1033 "-manifest:ExpressionStudioManifest.cab" "-source:c:\Program Files\Microsoft Expression\Studio 3\Setup;c:\c0958d159ecd3e8794\Setup"
Microsoft Expression Studio 3-->MsiExec.exe /X{44F7BA74-C11A-49FC-B2FC-1B827C491F74}
Microsoft Expression Web 2 MUI (English)-->MsiExec.exe /X{90120000-0045-0409-0000-0000000FF1CE}
Microsoft Expression Web 2 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall XWEB /dll XSETUP.DLL
Microsoft Expression Web 2-->MsiExec.exe /X{90120000-0045-0000-0000-0000000FF1CE}
Microsoft Expression Web 3 SP2-->msiexec -qb /package {65BCF909-6AF7-4B01-8EB3-713CE2873DC8} /uninstall {474A21E3-EC39-4051-9ACA-79AFCABD5D45} MSIUNINSTALLSUPERSEDEDCOMPONENTS=1
Microsoft Expression Web 3-->"c:\Program Files\Microsoft Expression\Web 3\XSetup.exe" -x -AppLangId:1033 "-manifest:WebManifest.cab" "-source:c:\Program Files\Microsoft Expression\Web 3\Setup\;"
Microsoft Expression Web 3-->MsiExec.exe /I{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}
Microsoft FrontPage 2000-->MsiExec.exe /I{00120409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PUBLISHERR /dll OSETUP.DLL
Microsoft Office Publisher 2007-->MsiExec.exe /X{91120000-0019-0000-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight 3 SDK-->MsiExec.exe /X{2012098D-EEE9-4769-8DD3-B038050854D4}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mozilla Firefox (3.6.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{10C69612-017B-45F5-B986-7D113D5A2EA3}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Paint.NET v3.5-->MsiExec.exe /X{D3E7A2A5-A059-4A44-949B-21FBD371A8B8}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PhotoPC 700-->C:\Windows\IsUninst.exe -f"C:\Program Files\Sierra Imaging\PhotoPC 700\Image Expert\Uninst.isu" -c"C:\Program Files\Sierra Imaging\PhotoPC 700\Image Expert\uninstall.dll
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PhotoshopdotcomInspirationBrowser-->MsiExec.exe /I{AFBBF30D-ADA9-4313-464E-14458B6BE034}
Pivot Software-->"C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -runfromtemp -l0x0009 -removeonly
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
Print Workshop 2009-->MsiExec.exe /I{2FDF57C2-7D7C-4952-8141-E561F9A80405}
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Roll-->C:\Windows\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
RollerCoaster Tycoon 2 Triple Thrill Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C5D15D2-5351-4F05-A96E-56C20554F977}\Setup.exe" -l0x9
RollerCoaster Tycoon 3 Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{990036E7-D647-45A4-8F7F-1CB277EF0ABD}\Setup.exe" -l0x9
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Safari-->MsiExec.exe /I{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}
Salehoo Alert 1.1.3-->"C:\Program Files\Salehoo Alert\unins000.exe"
SDK-->"C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -runfromtemp -l0x0009
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
SEMToolBar-->MsiExec.exe /I{BE1AEA89-26CF-447F-B75F-A809D0C66EE1}
SendBlaster-->MsiExec.exe /X{6C6E880E-FFD4-47C4-A5CE-DFE225662995}
Shipping Assistant 3.6-->MsiExec.exe /X{15C77FC3-8137-4A5E-8F81-F559045DD6B0}
Snapfish Media Detector-->MsiExec.exe /X{4EF6FDB0-3B11-4820-9860-8E08E9965195}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cx.INF
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SpyHunter-->MsiExec.exe /X{41EBC322-660F-4D16-A0DF-53147210CBDB}
Staples EasyPrint MSI-->MsiExec.exe /I{721C0B3A-3E8E-445B-B81E-651699B87945}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TD AMERITRADE StrategyDesk 2.2-->C:\Windows\IsUninst.exe -f"C:\Program Files\TD AMERITRADE\StrategyDesk\Uninst.isu"
TdScopeRT-->"C:\Program Files\TdScopeRT\unins000.exe"
TradeStation 8.3 (Build 1631)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6CEFB63-C4A7-479C-89B9-15EA5DCB739E} TradeStation Uninstall
TradeStation 8.5 (Build 2289)-->MsiExec.exe /I{A16D1342-A3EE-456C-8506-0B0B99E2C48D}
TradeStation 8.6 (Build 2612)-->MsiExec.exe /I{DD7DAFE2-EC2C-4128-AC44-4FDE894540BA}
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Expression Web 2 (KB957827)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {DCA28998-1FE8-4CEA-818D-027D8B15F119}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Verizon FiOS Activation-->"C:\Windows\FIOS\unins000.exe"
Verizon Help and Support Tool-->C:\Program Files\Verizon\Uninstall.exe
Verizon Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Verizon Yahoo! Applications-->C:\Program Files\Yahoo!\Common\uninstall.exe
Vz In Home Agent-->MsiExec.exe /I{2746B4DE-A2EE-4B33-A7CE-B33BAD5EF6FE}
WaltDisney Screen Saver-->C:\WALTDCS\WISE.EXE C:\Windows\INSTALL.LOG
WebLog Expert Lite 5.8-->"C:\Program Files\WebLog Expert Lite\unins000.exe"
WordPerfect Office 11-->MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
WPF Toolkit June 2009 (Version 3.5.40619.1)-->MsiExec.exe /X{5EE6E987-1B79-4A93-832B-27472C7D1579}
XStandard-->C:\Program Files\XStandard\Uninstall.exe
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! SiteBuilder-->"C:\Program Files\Yahoo SiteBuilder\uninstall.exe"
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

======System event log======

Computer Name: Hayley-PC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for the 2007 Microsoft Office System (KB981715).
Record Number: 205049
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20100416100223.696454-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Hayley-PC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office OneNote 2007 (KB980729).
Record Number: 205047
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20100416100150.468396-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Hayley-PC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Publisher 2007 (KB980470).
Record Number: 205045
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20100416100115.555535-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Hayley-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 204927
Source Name: Service Control Manager
Time Written: 20100415212945.718215-000
Event Type: Error
User:

Computer Name: Hayley-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 204701
Source Name: Service Control Manager
Time Written: 20100415102541.018202-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Hayley-PC
Event Code: 1000
Message:
Record Number: 88501
Source Name: Application Error
Time Written: 20090821191302.000000-000
Event Type: Error
User:

Computer Name: Hayley-PC
Event Code: 1000
Message:
Record Number: 88499
Source Name: Application Error
Time Written: 20090821190845.000000-000
Event Type: Error
User:

Computer Name: Hayley-PC
Event Code: 1530
Message:
Record Number: 88270
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090820163945.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Hayley-PC
Event Code: 1530
Message:
Record Number: 88269
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090820163944.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Hayley-PC
Event Code: 1002
Message:
Record Number: 88195
Source Name: Application Hang
Time Written: 20090820034036.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Hayley-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2188c5b3
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: YOUR-BFD9D8BD0F
Source Network Address: 192.168.1.2
Source Port: 4877

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 152756
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091121022926.539000-000
Event Type: Audit Success
User:

Computer Name: Hayley-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2137acd8

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 152755
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091121015726.591000-000
Event Type: Audit Success
User:

Computer Name: Hayley-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2137acd8
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: YOUR-BFD9D8BD0F
Source Network Address: 192.168.1.2
Source Port: 4842

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 152754
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091121015726.586000-000
Event Type: Audit Success
User:

Computer Name: Hayley-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 152753
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091121015612.040000-000
Event Type: Audit Success
User:

Computer Name: Hayley-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: HAYLEY-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x274
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 152752
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091121015612.040000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"OnlineServices"=Online Services
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\12.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
"PCBRAND"=Pavilion
"PLATFORM"=HPD
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CW_UPDATE"=Y
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------



LOG.TXT FILE

Logfile of random's system information tool 1.08 (written by random/random)
Run by Hayley at 2011-01-02 16:30:18
Microsoft Windows 7 Home Premium
System drive C: has 236 GB (80%) free of 296 GB
Total RAM: 2038 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:30:47 PM, on 1/2/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Hayley\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxext.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\Toolbar\CAGlobal.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\Light\CAGlobalLight.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Users\Hayley\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Hayley.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.my.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SEMToolBar - {aa6d5589-d43b-4990-a329-a2add2fe93a0} - C:\Program Files\Bruce Clay Inc\SEMToolBar\adxloader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Updater For My.Freeze.com Toolbar - {C26CD490-5F01-41E3-B150-EB29F19DA056} - C:\Program Files\myfreezetoolbar\auxi\myfreezetoolbAu.dll (file missing)
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\Toolbar\CallingIDIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll
O3 - Toolbar: SEMToolBar - {000d96fb-8270-41fd-96c2-34807ca97d9c} - C:\Program Files\Bruce Clay Inc\SEMToolBar\adxloader.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Wallchanger] C:\WALTDCS\wallchanger.exe
O4 - HKLM\..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o remindLater
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hayley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {4D690BF2-361C-46AB-948F-8EE44D5AD631} (TSIntraSocket Control) - https://www.tradestation.com/chatclient/livechat/ClientPlugIn/TSChat.Cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540002} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: callingid - {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\Toolbar\CallingIDToolbar.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: WinSock Extention Manager (WinExtManager) - Unknown owner - C:\Windows\System32\mdmcls32.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\Windows\System32\svcprs32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 18338 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124306064-959407867-2446713946-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124306064-959407867-2446713946-1001UA.job
C:\Windows\tasks\HP WEP.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll [2010-03-22 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-02 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa6d5589-d43b-4990-a329-a2add2fe93a0}]
SEMToolBar - C:\Program Files\Bruce Clay Inc\SEMToolBar\adxloader.dll [2009-07-01 391656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-21 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C26CD490-5F01-41E3-B150-EB29F19DA056}]
Updater For My.Freeze.com Toolbar - C:\Program Files\myfreezetoolbar\auxi\myfreezetoolbAu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84}]
CA Toolbar Helper - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\Toolbar\CallingIDIE.dll [2010-03-22 767416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll [2010-03-22 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{000d96fb-8270-41fd-96c2-34807ca97d9c} - SEMToolBar - C:\Program Files\Bruce Clay Inc\SEMToolBar\adxloader.dll [2009-07-01 391656]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll [2010-03-22 1205560]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-02 297648]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - CA Toolbar - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\Toolbar\CallingIDIE.dll [2010-03-22 767416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"DT HPW"=C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe [2007-05-02 281088]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-11 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-11 150552]
"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2010-07-21 1778064]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2010-07-21 1797008]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"hpbdfawep"=C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 954368]
"SnapfishMediaDetector"=C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-03-02 1441792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2010-12-02 126976]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Wallchanger"=C:\WALTDCS\wallchanger.exe [2000-12-04 90112]
"HPPQVideo"=C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o remindLater []
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"PivotSoftware"=C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2009-07-29 846448]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2007-08-28 53248]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\casc.exe [2010-12-29 1721680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-13 1173504]
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 []
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-13 354304]
"Google Update"=C:\Users\Hayley\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-07-13 144384]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RMTray.exe /H []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-11-24 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-08-05 1644088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2010-04-08 5248312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
C:\Program Files\Verizon\McciTrayApp.exe [2010-03-17 1565696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
C:\PROGRA~1\MCAFEE~1\10DF39~1.150\SSSCHE~1.EXE []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="UmxSbxExw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-11 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\Windows\system32\UmxWnp.Dll [2009-03-27 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"=C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\LinkAdvisor\CIDLinkAdvisor.dll [2010-03-22 1852856]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-02 16:30:19 ----D---- C:\Program Files\trend micro
2011-01-02 16:30:18 ----D---- C:\rsit
2011-01-02 15:52:26 ----D---- C:\ProgramData\Sun
2011-01-02 15:50:54 ----A---- C:\Windows\system32\javaws.exe
2011-01-02 15:50:54 ----A---- C:\Windows\system32\javaw.exe
2011-01-02 15:50:54 ----A---- C:\Windows\system32\java.exe
2011-01-02 15:50:54 ----A---- C:\Windows\system32\deployJava1.dll
2011-01-02 12:09:06 ----D---- C:\4c43aef4f8ef082486d115c288
2011-01-01 15:27:53 ----A---- C:\Windows\system32\drivers\hitmanpro35.sys
2011-01-01 15:27:50 ----D---- C:\Program Files\Hitman Pro 3.5
2011-01-01 15:27:32 ----D---- C:\ProgramData\Hitman Pro
2011-01-01 14:52:13 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-01-01 14:52:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-01 14:52:08 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-12-29 15:12:57 ----A---- C:\Windows\system32\mkghj.dll
2010-12-29 14:45:45 ----D---- C:\ProgramData\Logs
2010-12-29 14:22:06 ----D---- C:\Program Files\ISSThirdParty
2010-12-29 14:21:46 ----A---- C:\Windows\system32\Vetredir.dll
2010-12-29 14:21:46 ----A---- C:\Windows\system32\Isafprod.dll
2010-12-29 14:21:46 ----A---- C:\Windows\system32\Isafeif.dll
2010-12-29 14:21:45 ----A---- C:\Windows\system32\cfgmig32.dll
2010-12-29 14:21:31 ----A---- C:\Windows\system32\winsflte.dll
2010-12-29 14:21:31 ----A---- C:\Windows\system32\winsflt_x64.dll
2010-12-29 14:21:31 ----A---- C:\Windows\system32\winsflt.dll
2010-12-29 14:21:31 ----A---- C:\Windows\system32\winsfinst.exe
2010-12-29 14:21:31 ----A---- C:\Windows\system32\win32cpr.dll
2010-12-29 14:21:31 ----A---- C:\Windows\system32\svcprs32.exe
2010-12-29 14:21:31 ----A---- C:\Windows\system32\ssleay32.dll
2010-12-29 14:21:31 ----A---- C:\Windows\system32\mdmcls32.exe
2010-12-29 14:21:31 ----A---- C:\Windows\system32\libeay32.dll
2010-12-29 14:21:30 ----D---- C:\Windows\rnapxs
2010-12-29 14:21:30 ----A---- C:\Windows\system32\sporder.dll
2010-12-29 14:20:45 ----D---- C:\Program Files\CA
2010-12-29 14:19:58 ----D---- C:\ProgramData\CA
2010-12-29 14:19:58 ----A---- C:\caisslog.txt
2010-12-29 10:27:30 ----D---- C:\ProgramData\STOPzilla!
2010-12-29 10:00:56 ----D---- C:\sh4ldr
2010-12-29 10:00:56 ----D---- C:\Program Files\Enigma Software Group
2010-12-29 10:00:42 ----D---- C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2010-12-29 10:00:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-12-28 22:58:12 ----D---- C:\Users\Hayley\AppData\Roaming\Malwarebytes
2010-12-28 22:57:54 ----D---- C:\ProgramData\Malwarebytes
2010-12-20 18:39:05 ----D---- C:\NOVOTNY - Copy (2)
2010-12-18 18:53:13 ----D---- C:\PERSONAL
2010-12-15 21:51:26 ----D---- C:\8d2162cfa57af651a34db507e54f
2010-12-15 06:01:17 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 06:00:54 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 06:00:54 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 06:00:54 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 06:00:53 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 06:00:52 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 06:00:51 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 06:00:51 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 06:00:51 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 06:00:51 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 06:00:51 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 06:00:50 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 06:00:50 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 06:00:50 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 06:00:50 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 06:00:50 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 06:00:47 ----A---- C:\Windows\system32\webio.dll
2010-12-15 06:00:46 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 06:00:46 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 06:00:44 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 06:00:44 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 06:00:44 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 06:00:44 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 06:00:43 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 06:00:43 ----A---- C:\Windows\system32\schtasks.exe
2010-12-15 06:00:39 ----A---- C:\Windows\system32\consent.exe
2010-12-15 06:00:38 ----A---- C:\Windows\system32\win32k.sys
2010-12-13 15:55:56 ----D---- C:\DEROUIN 12-13-10

======List of files/folders modified in the last 1 months======

2011-01-02 16:30:37 ----D---- C:\Windows\Prefetch
2011-01-02 16:30:34 ----D---- C:\Windows\Temp
2011-01-02 16:30:19 ----RD---- C:\Program Files
2011-01-02 16:05:10 ----D---- C:\Windows\system32\config
2011-01-02 16:01:02 ----D---- C:\Windows\Tasks
2011-01-02 15:54:59 ----SHD---- C:\Windows\Installer
2011-01-02 15:53:33 ----SHD---- C:\System Volume Information
2011-01-02 15:52:26 ----HD---- C:\ProgramData
2011-01-02 15:52:24 ----HD---- C:\Config.Msi
2011-01-02 15:52:24 ----D---- C:\Program Files\Common Files\Java
2011-01-02 15:50:54 ----D---- C:\Windows\System32
2011-01-02 15:50:49 ----D---- C:\Program Files\Java
2011-01-02 15:42:19 ----D---- C:\Program Files\Common Files\Akamai
2011-01-02 13:00:02 ----D---- C:\Windows\system32\Tasks
2011-01-02 12:09:35 ----D---- C:\Windows\winsxs
2011-01-01 19:38:15 ----D---- C:\Windows\system32\drivers
2011-01-01 15:12:05 ----D---- C:\Windows\system32\catroot2
2011-01-01 15:11:20 ----D---- C:\Windows\SMINST
2010-12-31 13:20:03 ----D---- C:\Windows\system32\NDF
2010-12-31 13:09:25 ----A---- C:\Windows\ntbtlog.txt
2010-12-30 10:29:30 ----D---- C:\HITLER
2010-12-29 15:23:06 ----D---- C:\Program Files\Common Files
2010-12-29 14:45:29 ----D---- C:\Windows\inf
2010-12-29 14:45:27 ----D---- C:\Windows\system32\DriverStore
2010-12-29 14:45:27 ----D---- C:\Windows\system32\catroot
2010-12-29 14:21:30 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-29 14:21:30 ----D---- C:\Windows
2010-12-29 14:05:21 ----D---- C:\Windows\Minidump
2010-12-29 12:56:00 ----D---- C:\Windows\system32\LogFiles
2010-12-29 12:46:13 ----D---- C:\ProgramData\Norton
2010-12-29 12:43:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-12-29 12:43:24 ----D---- C:\Program Files\Symantec
2010-12-29 11:24:00 ----D---- C:\Program Files\HP
2010-12-28 20:49:24 ----D---- C:\Windows\system32\wbem
2010-12-28 20:48:20 ----D---- C:\Windows\system32\wfp
2010-12-28 20:48:15 ----D---- C:\Windows\registration
2010-12-28 18:00:31 ----D---- C:\NOVOTNYFILES
2010-12-24 11:47:15 ----A---- C:\Windows\win.ini
2010-12-24 11:47:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-22 14:16:30 ----D---- C:\Windows\system32\FxsTmp
2010-12-21 11:56:30 ----D---- C:\1SEO BUSINESS
2010-12-20 18:33:08 ----D---- C:\NOVOTNY
2010-12-19 17:26:22 ----D---- C:\AUCTIONFORMS
2010-12-19 15:25:58 ----D---- C:\EBAY-ITEMS
2010-12-18 19:22:39 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-18 12:01:27 ----D---- C:\AUCTION PIX
2010-12-16 16:47:27 ----D---- C:\AUCTIONS
2010-12-16 04:03:35 ----D---- C:\Windows\rescache
2010-12-16 03:19:02 ----D---- C:\Windows\system32\migration
2010-12-16 03:19:02 ----D---- C:\Windows\system32\en-US
2010-12-16 03:19:02 ----D---- C:\Program Files\Windows Mail
2010-12-16 03:19:02 ----D---- C:\Program Files\Internet Explorer
2010-12-15 22:14:08 ----D---- C:\Users\Hayley\AppData\Roaming\Apple Computer
2010-12-15 21:51:28 ----A---- C:\Windows\system32\MRT.exe
2010-12-14 14:55:33 ----D---- C:\ProgramData\Microsoft Help
2010-12-13 15:36:45 ----SD---- C:\DEROUIN 9-27
2010-12-11 11:38:21 ----D---- C:\LONEE's FILES
2010-12-10 17:03:29 ----D---- C:\A VIDEO CLIPS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-06-02 305688]
R0 KmxAMRT;KmxAMRT; C:\Windows\system32\DRIVERS\KmxAMRT.sys [2009-12-23 132088]
R0 KmxFw;KmxFw; C:\Windows\System32\DRIVERS\kmxfw.sys [2009-08-07 107512]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R1 KmxAgent;KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [2009-12-23 78840]
R1 KmxFile;KmxFile; C:\Windows\System32\DRIVERS\KmxFile.sys [2009-09-02 53240]
R1 KmxFilter;HIPS Core Filter Driver; C:\Windows\system32\DRIVERS\KmxFilter.sys [2009-06-08 58360]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2009-09-16 73312]
R2 KmxCF;KmxCF; C:\Windows\System32\DRIVERS\KmxCF.sys [2009-08-14 150520]
R2 KmxSbx;KmxSbx; C:\Windows\System32\DRIVERS\KmxSbx.sys [2009-09-30 60920]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-17 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2009-04-29 8704]
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
R3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-13 159232]
R3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2010-01-27 5248]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-12-20 26600]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2009-02-13 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2009-02-13 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-11 4805120]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 KmxCfg;KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [2009-09-30 239608]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\System32\Drivers\PdiPorts.sys [2009-06-23 17136]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2010-07-21 40848]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2009-02-13 661504]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 2WXG7053;2W 802.11g XG705 SP3 Driver; C:\Windows\system32\DRIVERS\WlanUIG.sys [2007-04-24 358304]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-13 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 36864]
S3 HPFXBULK;HPFXBULK; C:\Windows\system32\drivers\hpfxbulk.sys [2006-04-04 9344]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 KmxAMVet;KmxAMVet; \??\C:\WINDOWS\system32\Drivers\KmxAMVet.sys [2009-03-27 598656]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2010-03-17 21248]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2010-03-17 20096]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS []
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-05-02 73728]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-03-17 319488]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-06-23 109168]
R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-11-05 327000]
R2 WinExtManager;WinSock Extention Manager; C:\Windows\System32\mdmcls32.exe [2010-02-28 2347760]
R2 WinSvchostManager;WinSock Svchost Manager; C:\Windows\System32\svcprs32.exe [2010-02-28 1377008]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2010-03-20 212992]
S2 ccSchedulerSVC;CA Common Scheduler Service; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2010-04-06 206160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-08-04 887288]
S2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2009-07-13 760664]
S2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2009-07-31 150008]
S2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2009-07-27 227832]
S3 AlertService;Intel® Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2010-04-06 251216]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-19 867080]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-24 182768]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S3 ISSM;Intel® Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264]
S3 M1 Server;Intel® Viiv™ Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-08-31 26624]
S3 MCLServiceATL;Intel® Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Remote UI Service;Intel® Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:15 PM

Posted 09 January 2011 - 11:51 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 torchy99

torchy99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 10 January 2011 - 02:02 PM

Thank you for replying. I downloaded both DDS files, disabled my AV and disconnected from the internet, but when I tried to run the DDS.scr or DDS.pif file, I got a black error box with white letters that said "This tool does not your support your Operating System Press any key to continue..." At the top of the black box it said "Administrator: D.D.S." Can you help?

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:15 AM

Posted 11 January 2011 - 12:05 PM

Hello, torchy99
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

Posted Image

Then select Start OTL. OTL will now run

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Click the Internet Explorer button, post these logs in your Virus Removal topic.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 torchy99

torchy99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 11 January 2011 - 01:57 PM

OTL logfile created on: 1/11/2011 10:42:00 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Hayley\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 26.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.26 Gb Total Space | 225.05 Gb Free Space | 77.80% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 1.01 Gb Free Space | 11.39% Space Free | Partition Type: NTFS

Computer Name: HAYLEY-PC | User Name: Hayley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/11 10:09:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.scr
PRC - [2011/01/11 10:08:53 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTH.scr
PRC - [2010/10/21 12:20:53 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/06 04:12:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2010/04/06 04:12:22 | 000,251,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/03/20 01:41:08 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2010/02/28 19:37:38 | 001,377,008 | ---- | M] () -- C:\Windows\System32\svcprs32.exe
PRC - [2010/02/28 19:33:56 | 002,347,760 | ---- | M] () -- C:\Windows\System32\mdmcls32.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/07/27 15:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2009/07/13 10:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2009/06/23 14:44:44 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2007/05/02 14:16:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2006/09/03 09:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (SafeList) ==========

MOD - [2011/01/11 10:09:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.scr
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/01 10:55:58 | 000,113,144 | ---- | M] (CA) -- C:\Windows\System32\UmxSbxExw.dll
MOD - [2009/04/01 09:45:50 | 000,272,888 | ---- | M] (CA) -- C:\Windows\System32\UmxSbxw.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/04/20 02:01:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/06 04:12:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2010/04/06 04:12:22 | 000,251,216 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/03/20 01:41:08 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/28 19:37:38 | 001,377,008 | ---- | M] () [Auto | Running] -- C:\Windows\System32\svcprs32.exe -- (WinSvchostManager)
SRV - [2010/02/28 19:33:56 | 002,347,760 | ---- | M] () [Auto | Running] -- C:\Windows\System32\mdmcls32.exe -- (WinExtManager)
SRV - [2009/11/19 12:42:03 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/07/31 16:30:14 | 000,150,008 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2009/07/27 15:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/13 10:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2009/06/23 14:44:44 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/04/29 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/05/02 14:16:14 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006/09/11 15:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 15:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 14:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 14:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 09:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/31 22:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 08:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/07/07 17:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2009/12/23 11:29:36 | 000,132,088 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2009/12/23 11:29:36 | 000,078,840 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/12/10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/30 16:51:00 | 000,239,608 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2009/09/30 16:51:00 | 000,060,920 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2009/09/16 16:26:41 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2009/09/11 16:00:26 | 004,805,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/02 17:29:58 | 000,053,240 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2009/08/14 11:43:50 | 000,150,520 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2009/08/07 12:03:46 | 000,107,512 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\kmxfw.sys -- (KmxFw)
DRV - [2009/08/04 09:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 14:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/23 14:44:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009/06/08 10:02:10 | 000,058,360 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\System32\drivers\KmxFilter.sys -- (KmxFilter)
DRV - [2009/05/28 14:46:18 | 000,391,296 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/27 15:27:04 | 000,598,656 | ---- | M] (Computer Associates International, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2009/02/13 04:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 04:57:28 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2009/02/13 04:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/06/02 17:49:48 | 000,305,688 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/04/24 08:33:00 | 000,358,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wlanUIG.sys -- (2WXG7053)
DRV - [2006/04/04 21:20:36 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.my.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox
IE - HKCU\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\Firefox [2011/01/03 20:40:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\LinkAdvisor\Firefox [2011/01/03 20:40:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/05 16:38:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 22:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 22:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\LinkAdvisor\Firefox [2011/01/03 20:40:32 | 000,000,000 | ---D | M]

[2011/01/06 19:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions
[2011/01/06 19:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions\finder@auctionsensor.com
[2010/01/31 19:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions\MediaCoder-MCEX
[2010/01/31 19:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2011/01/10 12:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions
[2009/11/24 17:29:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/27 20:36:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/19 12:11:01 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/08/19 11:59:27 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\firebug@software.joehewitt.com
[2011/01/10 12:31:19 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\toolbar@ask.com
[2011/01/02 15:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/02 15:50:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (SEMToolBar) - {aa6d5589-d43b-4990-a329-a2add2fe93a0} - C:\Program Files\Bruce Clay Inc\SEMToolBar\adxloader.dll (Bruce Clay, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No CLSID value found.
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (SEMToolBar) - {000d96fb-8270-41fd-96c2-34807ca97d9c} - C:\Program Files\Bruce Clay Inc\SEMToolBar\adxloader.dll (Bruce Clay, Inc.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.12 Toolbar) - {38542454-DFB6-44F5-B052-D4E071A3D073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe ()
O4 - HKLM..\Run: [Wallchanger] C:\WALTDCS\WALLCHANGER.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: macromedia.com ([www] http in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4D690BF2-361C-46AB-948F-8EE44D5AD631} https://www.tradestation.com/chatclient/livechat/ClientPlugIn/TSChat.Cab (TSIntraSocket Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540002} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\Windows\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\System32\UmxWNP.dll (CA)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Annie in the Sink.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Annie in the Sink.jpg
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/11 10:09:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.scr
[2011/01/11 10:08:48 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTH.scr
[2011/01/06 20:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/01/06 20:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/01/06 20:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Elf_1.12
[2011/01/06 20:51:46 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\Conduit
[2011/01/06 20:14:35 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\SalehooAlert
[2011/01/06 19:46:38 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\AuctionSensor.com
[2011/01/06 19:46:38 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\AuctionSensor.com
[2011/01/06 19:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AuctionSensor eBay Deal Finder
[2011/01/06 19:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\AuctionSensor eBay Deal Finder
[2011/01/06 19:38:21 | 007,826,666 | ---- | C] (AuctionSensor.com ) -- C:\Users\Hayley\Desktop\as-1.0.1-app-win.exe
[2011/01/06 09:43:36 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\bluescreenview
[2011/01/05 18:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/05 18:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/05 18:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/05 18:20:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Hayley\Desktop\spybotsd162.exe
[2011/01/05 16:45:13 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\HP
[2011/01/05 16:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/01/05 13:27:21 | 000,000,000 | ---D | C] -- C:\SYSTEM.SAV
[2011/01/04 22:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/04 22:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/04 22:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/04 22:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/04 22:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/04 22:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/04 21:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/01/04 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
[2011/01/04 20:55:50 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\IObit
[2011/01/04 20:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/01/04 20:54:19 | 010,160,048 | ---- | C] (IObit ) -- C:\Users\Hayley\Desktop\asc-setup.exe
[2011/01/04 20:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/04 20:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/04 20:19:39 | 002,976,440 | ---- | C] (Piriform Ltd) -- C:\Users\Hayley\Desktop\ccsetup302.exe
[2011/01/04 19:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner Free
[2011/01/04 19:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2011/01/04 19:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/01/04 19:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner Free
[2011/01/04 19:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2011/01/04 19:52:34 | 004,322,272 | ---- | C] (ZhiQing Soft, Inc. ) -- C:\Users\Hayley\Desktop\WRCFree.exe
[2011/01/04 18:26:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2011/01/04 18:16:16 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\Autoruns
[2011/01/03 22:07:02 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\Uniblue
[2011/01/03 22:06:10 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\PackageAware
[2011/01/03 20:39:58 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\Windows\System32\Isafprod.dll
[2011/01/03 20:39:57 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Isafeif.dll
[2011/01/03 20:39:37 | 002,654,208 | ---- | C] (PureSight Technologies Ltd) -- C:\Windows\System32\winsflte.dll
[2011/01/03 19:28:27 | 000,000,000 | ---D | C] -- C:\Swsetup
[2011/01/03 17:19:51 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\{D9B1A630-1548-45A4-9380-4F68B7672000}
[2011/01/03 17:10:56 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/01/03 17:08:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/01/03 17:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/01/03 17:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/01/03 17:03:00 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\Windows Live
[2011/01/02 16:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/02 16:30:18 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/02 15:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/01/02 12:07:56 | 036,317,368 | ---- | C] (PC Tools ) -- C:\Users\Hayley\Desktop\spdoc.exe
[2011/01/01 19:37:05 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/01 15:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/01/01 15:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/12/30 21:45:28 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\gmer
[2010/12/29 16:28:38 | 006,347,584 | ---- | C] (SurfRight B.V.) -- C:\Users\Hayley\Desktop\HitmanPro35.exe
[2010/12/29 14:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2010/12/29 14:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\ISSThirdParty
[2010/12/29 14:21:46 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Vetredir.dll
[2010/12/29 14:21:31 | 001,028,096 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2010/12/29 14:21:31 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\ssleay32.dll
[2010/12/29 14:21:30 | 000,000,000 | ---D | C] -- C:\Windows\rnapxs
[2010/12/29 14:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
[2010/12/29 14:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2010/12/29 14:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2010/12/29 10:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/12/29 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2010/12/29 10:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/12/29 10:00:42 | 000,000,000 | ---D | C] -- C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP
[2010/12/29 10:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/12/28 22:58:12 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\Malwarebytes
[2010/12/28 22:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/28 22:55:36 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup.exe
[2010/12/20 18:39:05 | 000,000,000 | ---D | C] -- C:\NOVOTNY - Copy (2)
[2010/12/18 18:53:13 | 000,000,000 | ---D | C] -- C:\PERSONAL
[2010/12/15 21:51:26 | 000,000,000 | ---D | C] -- C:\8d2162cfa57af651a34db507e54f
[2010/12/13 15:55:56 | 000,000,000 | --SD | C] -- C:\DEROUIN 12-13-10
[3 C:\Users\Hayley\Documents\*.tmp files -> C:\Users\Hayley\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/11 10:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/11 10:40:34 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/01/11 10:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124306064-959407867-2446713946-1001UA.job
[2011/01/11 10:20:01 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2011/01/11 10:09:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.scr
[2011/01/11 10:08:53 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTH.scr
[2011/01/10 23:42:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 19:12:51 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 19:12:51 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 19:03:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/10 19:03:44 | 1603,112,960 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/10 19:02:49 | 000,985,031 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2011/01/10 19:02:49 | 000,120,796 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2011/01/10 19:02:49 | 000,008,621 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2011/01/10 19:02:49 | 000,000,289 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2011/01/10 19:02:49 | 000,000,241 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/01/10 19:02:49 | 000,000,241 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/01/10 19:02:49 | 000,000,241 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/01/10 19:02:49 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2011/01/10 19:02:49 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2011/01/10 19:02:49 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2011/01/10 19:02:49 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2011/01/10 19:02:49 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2011/01/10 19:02:49 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/01/10 19:02:49 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/01/10 19:02:49 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/01/10 19:02:49 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/01/10 19:02:49 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/01/10 11:36:40 | 000,011,996 | ---- | M] () -- C:\Users\Hayley\Documents\DISNEYbigfigs.docx
[2011/01/10 11:30:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124306064-959407867-2446713946-1001Core.job
[2011/01/10 10:34:57 | 000,624,640 | ---- | M] () -- C:\Users\Hayley\Desktop\dds.pif
[2011/01/07 12:16:07 | 000,010,495 | ---- | M] () -- C:\Users\Hayley\Documents\ANSWER.docx
[2011/01/07 11:05:52 | 000,624,128 | ---- | M] () -- C:\Users\Hayley\Desktop\dds.scr
[2011/01/07 11:01:14 | 000,719,873 | ---- | M] () -- C:\Users\Hayley\Desktop\rkill.com
[2011/01/06 20:51:08 | 002,677,072 | ---- | M] () -- C:\Users\Hayley\Desktop\Elf_1.12.exe
[2011/01/06 20:20:58 | 002,165,222 | ---- | M] () -- C:\Users\Hayley\Desktop\SalehooAlert.zip
[2011/01/06 20:07:25 | 000,000,960 | ---- | M] () -- C:\Users\Hayley\Desktop\Auction Alert.lnk
[2011/01/06 19:46:18 | 000,001,013 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\AuctionSensor.lnk
[2011/01/06 19:46:18 | 000,000,989 | ---- | M] () -- C:\Users\Hayley\Desktop\AuctionSensor.lnk
[2011/01/06 19:38:31 | 007,826,666 | ---- | M] (AuctionSensor.com ) -- C:\Users\Hayley\Desktop\as-1.0.1-app-win.exe
[2011/01/06 19:27:05 | 002,636,646 | ---- | M] () -- C:\Users\Hayley\Desktop\AuctionAlert.zip
[2011/01/06 11:45:31 | 000,010,442 | ---- | M] () -- C:\Users\Hayley\Documents\rickpillslost.docx
[2011/01/06 11:29:22 | 000,007,607 | ---- | M] () -- C:\Users\Hayley\AppData\Local\Resmon.ResmonCfg
[2011/01/06 09:43:20 | 000,058,862 | ---- | M] () -- C:\Users\Hayley\Desktop\bluescreenview.zip
[2011/01/05 18:22:25 | 000,001,242 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/05 18:22:25 | 000,001,218 | ---- | M] () -- C:\Users\Hayley\Desktop\Spybot - Search & Destroy.lnk
[2011/01/05 18:20:11 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Hayley\Desktop\spybotsd162.exe
[2011/01/05 17:24:37 | 000,011,520 | ---- | M] () -- C:\Users\Hayley\Documents\old5hool.docx
[2011/01/05 16:53:54 | 000,938,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/05 16:47:25 | 000,202,520 | ---- | M] () -- C:\Windows\hpoins18.dat
[2011/01/05 16:45:11 | 000,130,911 | ---- | M] () -- C:\Windows\hppins03.dat
[2011/01/05 16:44:38 | 000,647,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/05 16:44:38 | 000,116,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/05 16:36:19 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/05 16:34:27 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/01/05 16:33:55 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/01/05 16:14:59 | 000,000,240 | ---- | M] () -- C:\Users\Hayley\Desktop\HP Windows 7 Full Feature Printer Software alert 1.url
[2011/01/05 13:02:11 | 000,012,820 | ---- | M] () -- C:\Users\Hayley\Documents\reply.docx
[2011/01/04 22:55:16 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/04 22:44:37 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/04 20:55:56 | 000,000,136 | ---- | M] () -- C:\Users\Hayley\Desktop\IObit Freeware.url
[2011/01/04 20:55:55 | 000,001,205 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2011/01/04 20:55:55 | 000,001,181 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2011/01/04 20:54:51 | 010,160,048 | ---- | M] (IObit ) -- C:\Users\Hayley\Desktop\asc-setup.exe
[2011/01/04 20:24:30 | 000,070,584 | ---- | M] () -- C:\Users\Hayley\Desktop\cc_20110104_202406.reg
[2011/01/04 20:20:19 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/04 20:19:45 | 002,976,440 | ---- | M] (Piriform Ltd) -- C:\Users\Hayley\Desktop\ccsetup302.exe
[2011/01/04 19:55:27 | 000,001,963 | ---- | M] () -- C:\Users\Hayley\Desktop\Wise Disk Cleaner Free.lnk
[2011/01/04 19:55:27 | 000,001,949 | ---- | M] () -- C:\Users\Hayley\Desktop\Clean disk with 1 click.lnk
[2011/01/04 19:55:27 | 000,001,089 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011/01/04 19:54:02 | 000,001,137 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/01/04 19:52:48 | 004,322,272 | ---- | M] (ZhiQing Soft, Inc. ) -- C:\Users\Hayley\Desktop\WRCFree.exe
[2011/01/04 18:15:16 | 000,620,465 | ---- | M] () -- C:\Users\Hayley\Desktop\Autoruns.zip
[2011/01/03 20:39:39 | 005,845,744 | ---- | M] () -- C:\Windows\System32\win32cpr.dll
[2011/01/03 20:39:39 | 001,872,624 | ---- | M] () -- C:\Windows\System32\winsflt.dll
[2011/01/03 20:32:11 | 000,460,296 | ---- | M] () -- C:\Users\Hayley\Desktop\CA2010Install.exe
[2011/01/03 16:58:12 | 000,657,920 | ---- | M] () -- C:\Users\Hayley\Desktop\MicrosoftFixit50461.msi
[2011/01/03 15:54:28 | 612,324,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/03 11:40:18 | 000,058,007 | ---- | M] () -- C:\Users\Hayley\Documents\viruswin7.docx
[2011/01/02 17:39:16 | 000,288,107 | ---- | M] () -- C:\Users\Hayley\Desktop\gmer.zip
[2011/01/02 16:29:02 | 000,339,991 | ---- | M] () -- C:\Users\Hayley\Desktop\RSIT.exe
[2011/01/02 16:00:16 | 000,000,335 | ---- | M] () -- C:\Users\Hayley\Desktop\FixExe.reg
[2011/01/02 12:07:56 | 036,317,368 | ---- | M] (PC Tools ) -- C:\Users\Hayley\Desktop\spdoc.exe
[2011/01/01 19:52:54 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/01/01 19:37:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/01 15:39:00 | 000,002,700 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/01/01 15:27:13 | 006,347,584 | ---- | M] (SurfRight B.V.) -- C:\Users\Hayley\Desktop\HitmanPro35.exe
[2011/01/01 15:07:48 | 000,010,523 | ---- | M] () -- C:\Users\Hayley\Documents\MBAMquick.docx
[2010/12/30 22:33:22 | 000,011,892 | ---- | M] () -- C:\Users\Hayley\Documents\VIRUSexplanation.docx
[2010/12/30 18:12:07 | 000,050,477 | ---- | M] () -- C:\Users\Hayley\Desktop\Defogger.exe
[2010/12/29 15:21:58 | 000,001,016 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/12/29 15:16:47 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010/12/29 15:12:57 | 000,000,007 | ---- | M] () -- C:\Windows\System32\mkghj.dll
[2010/12/28 22:56:35 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup.exe
[2010/12/28 22:27:04 | 000,780,283 | ---- | M] () -- C:\Users\Hayley\Desktop\iExplore.exe
[2010/12/28 15:33:24 | 000,011,446 | ---- | M] () -- C:\Users\Hayley\Documents\frontierland.docx
[2010/12/28 15:33:15 | 000,000,162 | -H-- | M] () -- C:\Users\Hayley\Documents\~$ontierland.docx
[2010/12/25 12:07:27 | 000,011,149 | ---- | M] () -- C:\Users\Hayley\Documents\zoey.docx
[2010/12/18 19:17:00 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/16 14:54:10 | 001,256,847 | ---- | M] () -- C:\Users\Hayley\Desktop\dynamo_blog_v2.zip
[2010/12/16 14:34:19 | 006,946,504 | ---- | M] () -- C:\Users\Hayley\Desktop\Keynote_Blue-_Accounting.zip
[2010/12/16 14:32:58 | 007,158,054 | ---- | M] () -- C:\Users\Hayley\Desktop\Landscape_Green-_Accounting.zip
[2010/12/15 17:59:39 | 000,010,523 | ---- | M] () -- C:\Users\Hayley\Documents\mavis2.docx
[2010/12/14 21:54:38 | 000,013,611 | ---- | M] () -- C:\Users\Hayley\Documents\mavis1214.docx
[2010/12/14 17:31:05 | 000,002,407 | ---- | M] () -- C:\Users\Hayley\Desktop\Google Chrome.lnk
[3 C:\Users\Hayley\Documents\*.tmp files -> C:\Users\Hayley\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/10 19:15:59 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2011/01/07 11:46:42 | 000,010,495 | ---- | C] () -- C:\Users\Hayley\Documents\ANSWER.docx
[2011/01/07 11:09:24 | 000,624,640 | ---- | C] () -- C:\Users\Hayley\Desktop\dds.pif
[2011/01/06 20:51:01 | 002,677,072 | ---- | C] () -- C:\Users\Hayley\Desktop\Elf_1.12.exe
[2011/01/06 20:14:06 | 002,165,222 | ---- | C] () -- C:\Users\Hayley\Desktop\SalehooAlert.zip
[2011/01/06 20:06:28 | 000,000,960 | ---- | C] () -- C:\Users\Hayley\Desktop\Auction Alert.lnk
[2011/01/06 19:46:18 | 000,001,013 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\AuctionSensor.lnk
[2011/01/06 19:46:18 | 000,000,989 | ---- | C] () -- C:\Users\Hayley\Desktop\AuctionSensor.lnk
[2011/01/06 19:26:54 | 002,636,646 | ---- | C] () -- C:\Users\Hayley\Desktop\AuctionAlert.zip
[2011/01/06 11:41:40 | 000,010,442 | ---- | C] () -- C:\Users\Hayley\Documents\rickpillslost.docx
[2011/01/06 09:43:15 | 000,058,862 | ---- | C] () -- C:\Users\Hayley\Desktop\bluescreenview.zip
[2011/01/05 18:22:25 | 000,001,242 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/05 18:22:25 | 000,001,218 | ---- | C] () -- C:\Users\Hayley\Desktop\Spybot - Search & Destroy.lnk
[2011/01/05 17:14:40 | 000,011,520 | ---- | C] () -- C:\Users\Hayley\Documents\old5hool.docx
[2011/01/05 16:36:19 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/05 16:33:55 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/01/05 16:22:55 | 000,130,866 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2011/01/05 16:22:55 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2011/01/05 16:14:59 | 000,000,240 | ---- | C] () -- C:\Users\Hayley\Desktop\HP Windows 7 Full Feature Printer Software alert 1.url
[2011/01/05 12:20:16 | 000,012,820 | ---- | C] () -- C:\Users\Hayley\Documents\reply.docx
[2011/01/04 22:55:16 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/04 22:44:37 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/04 20:56:08 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2011/01/04 20:55:56 | 000,000,136 | ---- | C] () -- C:\Users\Hayley\Desktop\IObit Freeware.url
[2011/01/04 20:55:55 | 000,001,205 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2011/01/04 20:55:55 | 000,001,181 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2011/01/04 20:24:13 | 000,070,584 | ---- | C] () -- C:\Users\Hayley\Desktop\cc_20110104_202406.reg
[2011/01/04 20:20:19 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/04 19:55:27 | 000,001,963 | ---- | C] () -- C:\Users\Hayley\Desktop\Wise Disk Cleaner Free.lnk
[2011/01/04 19:55:27 | 000,001,949 | ---- | C] () -- C:\Users\Hayley\Desktop\Clean disk with 1 click.lnk
[2011/01/04 19:55:27 | 000,001,089 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011/01/04 19:54:02 | 000,001,137 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/01/03 22:24:04 | 000,620,465 | ---- | C] () -- C:\Users\Hayley\Desktop\Autoruns.zip
[2011/01/03 20:39:45 | 005,845,744 | ---- | C] () -- C:\Windows\System32\win32cpr.dll
[2011/01/03 20:39:45 | 002,347,760 | ---- | C] () -- C:\Windows\System32\mdmcls32.exe
[2011/01/03 20:39:45 | 001,872,624 | ---- | C] () -- C:\Windows\System32\winsflt.dll
[2011/01/03 20:39:45 | 001,377,008 | ---- | C] () -- C:\Windows\System32\svcprs32.exe
[2011/01/03 20:32:08 | 000,460,296 | ---- | C] () -- C:\Users\Hayley\Desktop\CA2010Install.exe
[2011/01/03 16:58:08 | 000,657,920 | ---- | C] () -- C:\Users\Hayley\Desktop\MicrosoftFixit50461.msi
[2011/01/02 17:16:53 | 000,058,007 | ---- | C] () -- C:\Users\Hayley\Documents\viruswin7.docx
[2011/01/02 16:28:56 | 000,339,991 | ---- | C] () -- C:\Users\Hayley\Desktop\RSIT.exe
[2011/01/02 16:00:13 | 000,000,335 | ---- | C] () -- C:\Users\Hayley\Desktop\FixExe.reg
[2011/01/01 15:39:00 | 000,002,700 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/01/01 15:27:53 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/01/01 15:07:47 | 000,010,523 | ---- | C] () -- C:\Users\Hayley\Documents\MBAMquick.docx
[2011/01/01 14:18:57 | 000,120,796 | ---- | C] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2010/12/30 22:10:19 | 000,011,892 | ---- | C] () -- C:\Users\Hayley\Documents\VIRUSexplanation.docx
[2010/12/30 21:43:38 | 000,288,107 | ---- | C] () -- C:\Users\Hayley\Desktop\gmer.zip
[2010/12/30 21:35:22 | 000,624,128 | ---- | C] () -- C:\Users\Hayley\Desktop\dds.scr
[2010/12/30 18:12:06 | 000,050,477 | ---- | C] () -- C:\Users\Hayley\Desktop\Defogger.exe
[2010/12/29 15:16:47 | 000,000,136 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010/12/29 15:15:05 | 000,985,031 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2010/12/29 15:15:05 | 000,008,621 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2010/12/29 15:15:05 | 000,000,289 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2010/12/29 15:15:05 | 000,000,241 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2010/12/29 15:15:05 | 000,000,241 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2010/12/29 15:15:05 | 000,000,241 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2010/12/29 15:14:52 | 000,001,016 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/12/29 15:12:57 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2010/12/29 14:21:45 | 001,054,032 | ---- | C] () -- C:\Windows\System32\cfgmig32.dll
[2010/12/29 14:21:31 | 002,385,136 | ---- | C] () -- C:\Windows\System32\winsflt_x64.dll
[2010/12/29 14:21:31 | 000,286,208 | ---- | C] () -- C:\Windows\System32\winsfinst.exe
[2010/12/29 11:22:09 | 000,004,780 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/12/29 10:47:49 | 612,324,287 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/28 22:37:38 | 000,719,873 | ---- | C] () -- C:\Users\Hayley\Desktop\rkill.com
[2010/12/28 22:26:59 | 000,780,283 | ---- | C] () -- C:\Users\Hayley\Desktop\iExplore.exe
[2010/12/28 15:33:15 | 000,011,446 | ---- | C] () -- C:\Users\Hayley\Documents\frontierland.docx
[2010/12/28 15:33:15 | 000,000,162 | -H-- | C] () -- C:\Users\Hayley\Documents\~$ontierland.docx
[2010/12/25 09:52:27 | 000,011,149 | ---- | C] () -- C:\Users\Hayley\Documents\zoey.docx
[2010/12/16 14:54:07 | 001,256,847 | ---- | C] () -- C:\Users\Hayley\Desktop\dynamo_blog_v2.zip
[2010/12/16 14:34:18 | 006,946,504 | ---- | C] () -- C:\Users\Hayley\Desktop\Keynote_Blue-_Accounting.zip
[2010/12/16 14:32:53 | 007,158,054 | ---- | C] () -- C:\Users\Hayley\Desktop\Landscape_Green-_Accounting.zip
[2010/12/15 17:59:37 | 000,010,523 | ---- | C] () -- C:\Users\Hayley\Documents\mavis2.docx
[2010/12/14 21:21:44 | 000,013,611 | ---- | C] () -- C:\Users\Hayley\Documents\mavis1214.docx
[2010/07/16 20:21:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\YCRWin32.dll
[2010/06/30 16:58:24 | 000,007,607 | ---- | C] () -- C:\Users\Hayley\AppData\Local\Resmon.ResmonCfg
[2010/05/22 15:48:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/15 13:57:32 | 000,000,576 | ---- | C] () -- C:\ProgramData\afl.log
[2009/12/29 12:14:21 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/28 19:27:42 | 000,000,094 | ---- | C] () -- C:\Users\Hayley\AppData\Local\fusioncache.dat
[2009/09/18 01:15:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 14:50:37 | 000,000,062 | ---- | C] () -- C:\Windows\PrintWorkShop2009.ini
[2008/06/20 17:41:51 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2008/06/20 09:30:43 | 000,000,392 | ---- | C] () -- C:\Users\Hayley\AppData\Roaming\wklnhst.dat
[2008/06/16 12:07:11 | 000,000,011 | ---- | C] () -- C:\Windows\EPF_UPLD.INI
[2008/06/16 12:07:10 | 000,000,254 | ---- | C] () -- C:\Windows\PHOTO!2.INI
[2008/01/14 15:54:04 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/08/24 11:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/06/28 17:34:31 | 000,061,678 | ---- | C] () -- C:\Users\Hayley\AppData\Roaming\PFP110JPR.{PB
[2007/06/28 17:34:31 | 000,012,358 | ---- | C] () -- C:\Users\Hayley\AppData\Roaming\PFP110JCM.{PB
[2007/06/28 17:24:52 | 000,000,871 | ---- | C] () -- C:\Windows\WaltDisney.INI
[2007/06/28 17:24:52 | 000,000,059 | ---- | C] () -- C:\Windows\WALTDCS.INI
[2007/06/28 16:05:38 | 000,000,258 | ---- | C] () -- C:\Windows\System32\BDEMERGE.INI
[2007/06/28 12:26:13 | 000,007,432 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2007/05/15 00:06:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/05/14 23:28:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/05/14 23:21:50 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/05/14 23:21:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 00:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 06:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 06:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 19:42:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\hppapr02.dll
[2006/06/23 09:09:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2004/11/18 09:16:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\nktwab.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini

========== LOP Check ==========

[2009/11/24 17:25:30 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Ace
[2009/11/24 17:25:37 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Atari
[2011/01/06 19:46:38 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\AuctionSensor.com
[2010/01/25 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Broad Intelligence
[2009/11/24 17:25:38 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Bruce Clay
[2009/11/24 17:25:38 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Centra
[2010/07/29 12:42:10 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/24 17:25:38 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\CoffeeCup Software
[2010/09/24 11:51:02 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\FileZilla
[2009/11/24 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\GetRightToGo
[2011/01/04 22:06:22 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\IObit
[2009/11/24 17:25:40 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Leadertech
[2009/11/24 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Saba
[2010/09/27 11:42:04 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Salehoo
[2009/11/24 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Snapfish
[2010/05/28 19:08:12 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Softland
[2009/11/24 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\TD AMERITRADE
[2010/02/11 16:17:09 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\TechWizard
[2009/11/24 17:29:42 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Template
[2009/11/24 17:29:42 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\TradeStation Technologies
[2011/01/03 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Uniblue
[2010/09/09 14:02:09 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\WeatherBug
[2009/11/24 17:29:42 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\WinBatch
[2011/01/11 10:40:34 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2011/01/06 11:26:06 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 335 bytes -> C:\Users\Hayley\Documents\test3.eml:OECustomProperty
@Alternate Data Stream - 323 bytes -> C:\Users\Hayley\Documents\test.eml:OECustomProperty
@Alternate Data Stream - 192 bytes -> C:\Users\Hayley\Documents\test2.eml:OECustomProperty
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >







I'll go find extras.txt

#6 torchy99

torchy99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 11 January 2011 - 01:59 PM

Here's the extras.txt file:


OTL Extras logfile created on: 1/11/2011 10:42:00 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Hayley\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 26.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.26 Gb Total Space | 225.05 Gb Free Space | 77.80% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 1.01 Gb Free Space | 11.39% Space Free | Partition Type: NTFS

Computer Name: HAYLEY-PC | User Name: Hayley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Hayley\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{01A3E75B-54C0-407F-8B95-B77705C7DCC4}" = AMRT
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C432DEB-FBF2-A5E0-FDB7-4B39F7FAF0D4}" = Adobe Community Help
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0DEF8C02-2EAB-4BFE-A7E0-7990665DF1A9}" = C6100
"{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2681A52E-FCFA-4982-A030-7B652BDD346C}" = CA Personal Firewall
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 23
"{2746B4DE-A2EE-4B33-A7CE-B33BAD5EF6FE}" = Vz In Home Agent
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{2FDF57C2-7D7C-4952-8141-E561F9A80405}" = Print Workshop 2009
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{474A21E3-EC39-4051-9ACA-79AFCABD5D45}" = Microsoft Expression Web 3 SP2
"{47B588CB-B42A-41E2-9825-D29B358C8CBB}" = hppTLBXFX2605
"{491D49D0-FE50-482C-AAD0-2500060E0F97}" = hppCLJ2605
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}" = c6100_Help
"{4C5D15D2-5351-4F05-A96E-56C20554F977}" = RollerCoaster Tycoon 2 Triple Thrill Pack
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57DA304D-27B0-40D1-A796-92CEFF20FA32}" = hppIOFiles
"{5A05B328-35EB-4CED-B16F-62FA5A2642E6}" =
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C6E880E-FFD4-47C4-A5CE-DFE225662995}" = SendBlaster
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{721C0B3A-3E8E-445B-B81E-651699B87945}" = Staples EasyPrint MSI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779A19AC-A302-425D-B295-F12116C2D731}" = DGOControls
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8595BCF5-FCE0-4ECE-9FBA-E5FBB741D4F1}" = hppusg2605
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9203AC41-0E7B-445A-98E6-AB3072CB4A10}" = HPCarePackProducts
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{990036E7-D647-45A4-8F7F-1CB277EF0ABD}" = RollerCoaster Tycoon 3 Demo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A16D1342-A3EE-456C-8506-0B0B99E2C48D}" = TradeStation 8.5 (Build 2289)
"{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF397F20-24BB-11D7-AC6F-0050DA09345C}" = Advanced Analyzer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B932A416-28A7-4D08-89A6-7A0464DAD37D}" = hpzTLBXFX
"{B94C6815-7BCC-4124-AC39-9208A06FFFA7}" = Disney-Pixar WALL-E
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE1AEA89-26CF-447F-B75F-A809D0C66EE1}" = SEMToolBar
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CA Website Inspector
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF969A8C-052F-401F-A2C8-C8819757C001}" = hppManuals2605
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3E7A2A5-A059-4A44-949B-21FBD371A8B8}" = Paint.NET v3.5
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD7DAFE2-EC2C-4128-AC44-4FDE894540BA}" = TradeStation 8.6 (Build 2612)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}" = HP Driver Diagnostics
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F1A2AD-A1CE-4D9D-B510-31F280B45E0B}" = Microsoft Expression Encoder 3
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Auction Alert_is1" = Auction Alert 2.0.2
"AuctionSensor-XUL-WIN_is1" = AuctionSensor eBay Deal Finder version 1.0.1
"Blend_3.0.1927.0" = Microsoft Expression Blend 3
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"CCleaner" = CCleaner
"CentraClient" = Centra Client
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Copernicus Software 32 Screen Saver" = WaltDisney Screen Saver
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Design_6.0.1739.0" = Microsoft Expression Design 3
"Elf_1.12 Toolbar" = Elf 1.12 Toolbar
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"eTrust Suite Personal" = CA Internet Security Suite
"ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
"FileZilla Client" = FileZilla Client 3.3.4.1
"GameSpotDownloadManager" = GameSpot Download Manager
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Color LaserJet 2605" = HP Color LaserJet 2605 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Intel® Configuration Center" = Intel® Viiv™ Software
"MediaCoder" = MediaCoder 0.7.2.4582
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PhotoPC 700" = PhotoPC 700
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"RollerCoaster Tycoon Setup" = Roll
"Shop for HP Supplies" = Shop for HP Supplies
"SystemRequirementsLab" = System Requirements Lab
"TD AMERITRADE StrategyDesk 2.2" = TD AMERITRADE StrategyDesk 2.2
"TdScopeRT_is1" = TdScopeRT
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"Web_3.0.3816.0" = Microsoft Expression Web 3
"WebLog Expert Lite_is1" = WebLog Expert Lite 5.8
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.82
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.9
"XStandard" = XStandard
"XWeb" = Microsoft Expression Web 2 Trial
"Yahoo! Applications" = Verizon Yahoo! Applications
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{FCDA0E22-A85B-4C47-8E69-1D26C6E9D652}" = TD AMERITRADE StrategyDesk 2.3
"{FEBC8332-09E1-4B4B-BD61-1338747BF4AC}" = TD AMERITRADE StrategyDesk 2.3_2 (C:\Users\Hayley\AppData\Roaming\TD AMERITRADE\StrategyDesk)
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:15 AM

Posted 12 January 2011 - 01:16 PM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 torchy99

torchy99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 12 January 2011 - 02:31 PM

Hi again, and thanks for replying.

I followed your instructions, disabled my antivirus and tried to run combofix 3 TIMES and here's what happened. I got an error message that said:

!!ALERT!! It is NOT SAFE to continue:
The contents of the combofix package has been comprised.
Please download a fresh copy from:
http://www.bleepingcomptuer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus 'Virut'




Like I said, I tried this three times, including going to the address listed in the error message above and downloading combofix from there.


Is this a real error message, and if so, what should I do? I won't do anything until I hear from you.

Thanks so much.

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:15 AM

Posted 13 January 2011 - 11:46 AM

Hi,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\Windows\System32\svchost.exe
C:\Windows\explorer.exe

The copy of Combofix on your desktop

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 torchy99

torchy99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 13 January 2011 - 01:47 PM

Hi, Tom:

I did the scans at Jotti, and the results were "O out of 19 scanners reported malware" (nothing found).

But, when I tried to run Combofix after downloading a fresh copy, I got that error again:

!!ALERT!! It is NOT SAFE to continue:
The contents of the combofix package has been comprised....

and it deleted itself from my desktop.

What next?

Thanks in advance,

#11 torchy99

torchy99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 13 January 2011 - 01:57 PM

Hi again, Tom:

I just realized you wanted me to use Jotti to scan the copy of Combofix on my desktop, too, so when I did that, it said that VBA32 found one:

VBS.StartPage.nam



Thanks again for any help you can give me.

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:15 AM

Posted 14 January 2011 - 11:46 AM

Hi,


Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)





Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 torchy99

torchy99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 15 January 2011 - 10:16 PM

Whew! Did that, but Dr. Web took OVER 24 HOURS to do the Complete scan.

Here are the results:

First, TDSSKiller:

2011/01/14 11:06:21.0384 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/14 11:06:21.0394 ================================================================================
2011/01/14 11:06:21.0394 SystemInfo:
2011/01/14 11:06:21.0394
2011/01/14 11:06:21.0394 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/14 11:06:21.0394 Product type: Workstation
2011/01/14 11:06:21.0394 ComputerName: HAYLEY-PC
2011/01/14 11:06:21.0397 UserName: Hayley
2011/01/14 11:06:21.0397 Windows directory: C:\Windows
2011/01/14 11:06:21.0397 System windows directory: C:\Windows
2011/01/14 11:06:21.0397 Processor architecture: Intel x86
2011/01/14 11:06:21.0397 Number of processors: 2
2011/01/14 11:06:21.0397 Page size: 0x1000
2011/01/14 11:06:21.0397 Boot type: Normal boot
2011/01/14 11:06:21.0397 ================================================================================
2011/01/14 11:06:23.0497 Initialize success
2011/01/14 11:06:30.0150 ================================================================================
2011/01/14 11:06:30.0150 Scan started
2011/01/14 11:06:30.0150 Mode: Manual;
2011/01/14 11:06:30.0150 ================================================================================
2011/01/14 11:06:31.0279 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/14 11:06:31.0388 2WXG7053 (576af12c5fed35d8afac2a5ee49d0dff) C:\Windows\system32\DRIVERS\WlanUIG.sys
2011/01/14 11:06:31.0579 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/14 11:06:31.0659 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/14 11:06:31.0873 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
2011/01/14 11:06:31.0975 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/14 11:06:32.0176 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/14 11:06:32.0276 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/14 11:06:32.0456 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/01/14 11:06:32.0546 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/14 11:06:32.0672 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/01/14 11:06:32.0783 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/14 11:06:32.0924 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/01/14 11:06:32.0973 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/14 11:06:33.0078 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/14 11:06:33.0260 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/14 11:06:33.0384 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/14 11:06:33.0574 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/14 11:06:33.0633 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/14 11:06:33.0753 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/01/14 11:06:33.0996 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/01/14 11:06:34.0074 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/14 11:06:34.0284 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/14 11:06:34.0378 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/14 11:06:34.0649 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/01/14 11:06:34.0771 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/14 11:06:34.0928 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/01/14 11:06:35.0149 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/14 11:06:35.0333 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/14 11:06:35.0437 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/14 11:06:35.0487 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/14 11:06:35.0671 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/01/14 11:06:35.0799 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/14 11:06:35.0907 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/14 11:06:36.0128 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/14 11:06:36.0223 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/14 11:06:36.0485 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/14 11:06:36.0587 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/14 11:06:36.0749 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/14 11:06:36.0880 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/01/14 11:06:37.0066 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/14 11:06:37.0130 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/14 11:06:37.0322 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/01/14 11:06:37.0502 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/14 11:06:37.0688 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/14 11:06:37.0876 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/14 11:06:38.0142 dc3d (91c1736e77cff029302728b431d0eedb) C:\Windows\system32\DRIVERS\dc3d.sys
2011/01/14 11:06:38.0359 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/01/14 11:06:38.0458 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/01/14 11:06:38.0710 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/01/14 11:06:38.0878 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2011/01/14 11:06:39.0091 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/01/14 11:06:39.0215 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/01/14 11:06:39.0390 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/01/14 11:06:39.0510 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/14 11:06:39.0792 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
2011/01/14 11:06:39.0955 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/01/14 11:06:40.0241 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/14 11:06:40.0356 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/14 11:06:40.0677 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/01/14 11:06:40.0758 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/01/14 11:06:40.0920 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/14 11:06:41.0100 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/01/14 11:06:41.0178 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/01/14 11:06:41.0288 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/14 11:06:41.0451 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/01/14 11:06:41.0514 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/01/14 11:06:41.0696 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/01/14 11:06:41.0835 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/14 11:06:42.0047 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/14 11:06:42.0184 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/14 11:06:42.0375 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/14 11:06:42.0625 hcw18bda (2edbcbf69f9a3512ddab978067be4d20) C:\Windows\system32\drivers\hcw18bda.sys
2011/01/14 11:06:42.0723 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/14 11:06:42.0870 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/14 11:06:42.0948 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/14 11:06:43.0029 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/14 11:06:43.0233 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/14 11:06:43.0400 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/14 11:06:43.0569 HPFXBULK (9e3944a558ab84853ef985988e23a8a4) C:\Windows\system32\drivers\hpfxbulk.sys
2011/01/14 11:06:43.0701 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/14 11:06:43.0815 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\Windows\system32\DRIVERS\HPZius12.sys
2011/01/14 11:06:44.0100 HSF_DP (0f5ed510a6c361420bc319e0cf96c1dc) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/01/14 11:06:44.0297 HSXHWBS2 (186c11d0ca0e53b1ee266633b9d8b393) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/01/14 11:06:44.0464 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/01/14 11:06:44.0598 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/14 11:06:44.0764 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/14 11:06:45.0091 iaStor (25c3d5f66a74a7bddeca56085f040d2e) C:\Windows\system32\DRIVERS\iaStor.sys
2011/01/14 11:06:45.0229 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/14 11:06:45.0769 igfx (a79416044080f5ade931517c45be9d58) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/01/14 11:06:46.0190 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/14 11:06:46.0559 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
2011/01/14 11:06:46.0922 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/14 11:06:47.0012 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/14 11:06:47.0182 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/14 11:06:47.0239 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/14 11:06:47.0336 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/01/14 11:06:47.0529 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/01/14 11:06:47.0622 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/14 11:06:47.0699 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/14 11:06:47.0890 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/14 11:06:48.0054 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/14 11:06:48.0379 KmxAgent (45ab8298ffb922fb36ba52f7dc956de4) C:\Windows\system32\DRIVERS\kmxagent.sys
2011/01/14 11:06:48.0527 KmxAMRT (88c521675724bd9d9eced840112279ab) C:\Windows\system32\DRIVERS\KmxAMRT.sys
2011/01/14 11:06:48.0699 KmxAMVet (041b29c8e3bed6e833ade367ecfa51f9) C:\WINDOWS\system32\Drivers\KmxAMVet.sys
2011/01/14 11:06:48.0845 KmxCF (d67ead05bcdaacc1162838681fca8406) C:\Windows\system32\DRIVERS\KmxCF.sys
2011/01/14 11:06:49.0007 KmxCfg (0c14fc849eebb15ea4de6a62ccdd34e0) C:\Windows\system32\DRIVERS\kmxcfg.sys
2011/01/14 11:06:49.0120 KmxFile (c69b4a3bc8d2c7b6398ad38aacff98c9) C:\Windows\system32\DRIVERS\KmxFile.sys
2011/01/14 11:06:49.0348 KmxFilter (0034a4498f3dfbe119c9e2c503650b5d) C:\Windows\system32\DRIVERS\KmxFilter.sys
2011/01/14 11:06:49.0433 KmxFw (a92d919a88a763ea32a23b65888e593f) C:\Windows\system32\DRIVERS\kmxfw.sys
2011/01/14 11:06:49.0571 KmxSbx (cb390a8aee3a142b1662f1115bc02394) C:\Windows\system32\DRIVERS\KmxSbx.sys
2011/01/14 11:06:49.0659 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/14 11:06:49.0825 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/14 11:06:50.0223 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/14 11:06:50.0446 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/14 11:06:50.0592 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/14 11:06:50.0794 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/14 11:06:50.0891 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/14 11:06:51.0009 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/01/14 11:06:51.0212 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/01/14 11:06:51.0313 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/14 11:06:51.0492 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/14 11:06:51.0614 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/01/14 11:06:51.0715 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/14 11:06:51.0881 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/14 11:06:51.0938 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/14 11:06:52.0082 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/01/14 11:06:52.0151 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/14 11:06:52.0263 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/14 11:06:52.0843 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/14 11:06:52.0991 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/14 11:06:53.0163 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/14 11:06:53.0276 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/14 11:06:53.0495 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/14 11:06:53.0572 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/14 11:06:53.0685 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/01/14 11:06:53.0901 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/14 11:06:54.0002 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/14 11:06:54.0088 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/14 11:06:54.0306 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/14 11:06:54.0394 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/01/14 11:06:54.0476 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/01/14 11:06:54.0688 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/14 11:06:54.0799 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/01/14 11:06:54.0889 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/14 11:06:54.0971 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/01/14 11:06:55.0214 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/14 11:06:55.0400 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/01/14 11:06:55.0601 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/14 11:06:55.0713 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/14 11:06:55.0879 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/14 11:06:55.0951 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/14 11:06:56.0178 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/01/14 11:06:56.0259 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/14 11:06:56.0456 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/14 11:06:56.0573 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/14 11:06:56.0794 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/01/14 11:06:56.0912 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/14 11:06:57.0033 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/01/14 11:06:57.0296 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/01/14 11:06:57.0379 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/14 11:06:57.0502 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/14 11:06:57.0680 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/14 11:06:57.0845 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/14 11:06:58.0157 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/01/14 11:06:58.0265 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/01/14 11:06:58.0397 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/14 11:06:58.0508 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/01/14 11:06:58.0696 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/14 11:06:58.0822 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/14 11:06:58.0963 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/01/14 11:06:59.0201 PdiPorts (9a19e0669ac4e15741d8fd2cfde5c1f4) C:\Windows\system32\Drivers\PdiPorts.sys
2011/01/14 11:06:59.0389 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/01/14 11:06:59.0768 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
2011/01/14 11:07:00.0056 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/14 11:07:00.0160 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/01/14 11:07:00.0430 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/01/14 11:07:00.0560 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/14 11:07:00.0758 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/01/14 11:07:00.0990 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/14 11:07:01.0284 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/14 11:07:01.0360 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/14 11:07:01.0563 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/14 11:07:01.0680 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/14 11:07:01.0902 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/14 11:07:02.0026 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/14 11:07:02.0221 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/14 11:07:02.0326 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/14 11:07:02.0555 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/14 11:07:02.0629 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/14 11:07:02.0724 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/14 11:07:02.0873 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/14 11:07:03.0080 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/01/14 11:07:03.0223 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/01/14 11:07:03.0485 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/14 11:07:03.0602 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/14 11:07:03.0817 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/14 11:07:03.0924 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/14 11:07:04.0219 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/14 11:07:04.0311 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/01/14 11:07:04.0573 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/14 11:07:04.0779 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/14 11:07:04.0969 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/14 11:07:05.0061 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/14 11:07:05.0179 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/14 11:07:05.0367 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/01/14 11:07:05.0459 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/14 11:07:05.0626 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/14 11:07:05.0816 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/01/14 11:07:05.0952 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/01/14 11:07:06.0121 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/14 11:07:06.0351 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/14 11:07:06.0545 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/14 11:07:06.0776 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/14 11:07:06.0866 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/14 11:07:07.0148 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/01/14 11:07:07.0481 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/14 11:07:07.0659 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/14 11:07:07.0725 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/01/14 11:07:07.0801 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/14 11:07:07.0885 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/14 11:07:08.0050 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/14 11:07:08.0251 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/14 11:07:08.0412 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/14 11:07:08.0523 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/14 11:07:08.0629 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/14 11:07:08.0808 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/14 11:07:08.0902 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/14 11:07:08.0988 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/14 11:07:09.0290 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/14 11:07:09.0402 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/14 11:07:09.0543 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/14 11:07:09.0645 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/14 11:07:09.0769 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/14 11:07:09.0968 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/14 11:07:10.0103 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/14 11:07:10.0182 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/14 11:07:10.0372 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/14 11:07:10.0477 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/14 11:07:10.0564 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/14 11:07:10.0762 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/01/14 11:07:10.0915 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/14 11:07:11.0097 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/01/14 11:07:11.0205 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/01/14 11:07:11.0274 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/14 11:07:11.0474 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/14 11:07:11.0544 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/01/14 11:07:11.0680 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/14 11:07:11.0880 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/14 11:07:11.0979 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/01/14 11:07:12.0215 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/01/14 11:07:12.0442 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/01/14 11:07:12.0618 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/14 11:07:12.0722 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/14 11:07:12.0829 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/14 11:07:12.0969 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/01/14 11:07:13.0067 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/14 11:07:13.0355 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/14 11:07:13.0429 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/01/14 11:07:13.0579 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/01/14 11:07:14.0046 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/14 11:07:14.0235 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/14 11:07:14.0396 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/01/14 11:07:14.0510 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/14 11:07:14.0760 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/01/14 11:07:14.0942 ================================================================================
2011/01/14 11:07:14.0943 Scan finished
2011/01/14 11:07:14.0943 ================================================================================
2011/01/14 11:07:45.0128 Deinitialize success

DR. WEB: (I moved all those that were not curable)

cdn.apture[1].xml C:\Documents and Settings\Hayley\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\US0PRLM3 Probably SCRIPT.Virus

cdn.apture[1].xml C:\Documents and Settings\Hayley\DoctorWeb\Quarantine Probably SCRIPT.Virus

penguins-WT.exe C:\Program Files\HP Games\Penguins! Trojan.DownLoader1.15090 Deleted.

cdn.apture[1].xml C:\Users\Hayley\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\US0PRLM3 Probably SCRIPT.Virus

CouponPrinter.ocx C:\Windows Adware.Coupons.34

#14 torchy99

torchy99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 15 January 2011 - 10:42 PM

OTL logfile created on: 1/15/2011 7:24:26 PM - Run 4
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Hayley\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.26 Gb Total Space | 227.42 Gb Free Space | 78.62% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 1.01 Gb Free Space | 11.39% Space Free | Partition Type: NTFS

Computer Name: HAYLEY-PC | User Name: Hayley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/15 19:22:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.scr
PRC - [2011/01/15 19:22:45 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTH.scr
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/06 04:12:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2010/04/06 04:12:22 | 000,251,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/03/20 01:41:08 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2010/02/28 19:37:38 | 001,377,008 | ---- | M] () -- C:\Windows\System32\svcprs32.exe
PRC - [2010/02/28 19:33:56 | 002,347,760 | ---- | M] () -- C:\Windows\System32\mdmcls32.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/07/31 16:30:14 | 000,150,008 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2009/07/27 15:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2009/07/13 10:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2009/06/23 14:44:44 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2007/05/02 14:16:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2006/09/03 09:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (SafeList) ==========

MOD - [2011/01/15 19:22:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.scr
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/01 10:55:58 | 000,113,144 | ---- | M] (CA) -- C:\Windows\System32\UmxSbxExw.dll
MOD - [2009/04/01 09:45:50 | 000,272,888 | ---- | M] (CA) -- C:\Windows\System32\UmxSbxw.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/01 20:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/04/20 02:01:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/06 04:12:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2010/04/06 04:12:22 | 000,251,216 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/03/20 01:41:08 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/28 19:37:38 | 001,377,008 | ---- | M] () [Auto | Running] -- C:\Windows\System32\svcprs32.exe -- (WinSvchostManager)
SRV - [2010/02/28 19:33:56 | 002,347,760 | ---- | M] () [Auto | Running] -- C:\Windows\System32\mdmcls32.exe -- (WinExtManager)
SRV - [2009/11/19 12:42:03 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/07/31 16:30:14 | 000,150,008 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2009/07/27 15:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/13 10:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2009/06/23 14:44:44 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/04/29 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/05/02 14:16:14 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006/09/11 15:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 15:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 14:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 14:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 09:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/31 22:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 08:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/07/07 17:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2009/12/23 11:29:36 | 000,132,088 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2009/12/23 11:29:36 | 000,078,840 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/12/10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/30 16:51:00 | 000,239,608 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2009/09/30 16:51:00 | 000,060,920 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2009/09/16 16:26:41 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2009/09/11 16:00:26 | 004,805,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/02 17:29:58 | 000,053,240 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2009/08/14 11:43:50 | 000,150,520 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2009/08/07 12:03:46 | 000,107,512 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\kmxfw.sys -- (KmxFw)
DRV - [2009/08/04 09:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 14:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/23 14:44:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009/06/08 10:02:10 | 000,058,360 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\System32\drivers\KmxFilter.sys -- (KmxFilter)
DRV - [2009/05/28 14:46:18 | 000,391,296 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/27 15:27:04 | 000,598,656 | ---- | M] (Computer Associates International, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2009/02/13 04:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 04:57:28 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2009/02/13 04:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/06/02 17:49:48 | 000,305,688 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/04/24 08:33:00 | 000,358,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wlanUIG.sys -- (2WXG7053)
DRV - [2006/04/04 21:20:36 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.my.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox
IE - HKCU\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\Firefox [2011/01/03 20:40:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\LinkAdvisor\Firefox [2011/01/03 20:40:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/05 16:38:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 22:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 22:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\LinkAdvisor\Firefox [2011/01/03 20:40:32 | 000,000,000 | ---D | M]

[2011/01/06 19:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions
[2011/01/06 19:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions\finder@auctionsensor.com
[2010/01/31 19:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions\MediaCoder-MCEX
[2010/01/31 19:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2011/01/10 12:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions
[2009/11/24 17:29:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/27 20:36:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/19 12:11:01 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/08/19 11:59:27 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\firebug@software.joehewitt.com
[2011/01/10 12:31:19 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\7m9rkat6.default\extensions\toolbar@ask.com
[2011/01/02 15:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/02 15:50:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (SEMToolBar) - {aa6d5589-d43b-4990-a329-a2add2fe93a0} - C:\Program Files\Bruce Clay Inc\SEMToolBar\adxloader.dll (Bruce Clay, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No CLSID value found.
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (SEMToolBar) - {000d96fb-8270-41fd-96c2-34807ca97d9c} - C:\Program Files\Bruce Clay Inc\SEMToolBar\adxloader.dll (Bruce Clay, Inc.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.12 Toolbar) - {38542454-DFB6-44F5-B052-D4E071A3D073} - C:\Program Files\Elf_1.12\prxtbElf_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: macromedia.com ([www] http in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4D690BF2-361C-46AB-948F-8EE44D5AD631} https://www.tradestation.com/chatclient/livechat/ClientPlugIn/TSChat.Cab (TSIntraSocket Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540002} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\Windows\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\System32\UmxWNP.dll (CA)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Annie in the Sink.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Annie in the Sink.jpg
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00724593\1.2.1.24.01604127\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/15 19:22:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.scr
[2011/01/15 19:22:41 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTH.scr
[2011/01/15 18:15:35 | 000,000,000 | ---D | C] -- C:\New folder
[2011/01/14 16:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/01/14 16:23:14 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Hayley\Desktop\HJTInstall.exe
[2011/01/14 11:16:24 | 000,000,000 | ---D | C] -- C:\Users\Hayley\DoctorWeb
[2011/01/14 11:04:55 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\tdsskiller
[2011/01/13 16:00:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/13 16:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/13 16:00:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/13 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/13 14:33:47 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/01/13 10:59:03 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2011/01/12 10:53:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/06 20:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/01/06 20:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/01/06 20:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Elf_1.12
[2011/01/06 20:51:46 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\Conduit
[2011/01/06 20:14:35 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\SalehooAlert
[2011/01/06 19:46:38 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\AuctionSensor.com
[2011/01/06 19:46:38 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\AuctionSensor.com
[2011/01/06 19:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AuctionSensor eBay Deal Finder
[2011/01/06 19:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\AuctionSensor eBay Deal Finder
[2011/01/06 19:38:21 | 007,826,666 | ---- | C] (AuctionSensor.com ) -- C:\Users\Hayley\Desktop\as-1.0.1-app-win.exe
[2011/01/06 09:43:36 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\bluescreenview
[2011/01/05 18:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/05 18:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/05 18:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/05 18:20:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Hayley\Desktop\spybotsd162.exe
[2011/01/05 16:45:13 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\HP
[2011/01/05 16:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/01/05 13:27:21 | 000,000,000 | ---D | C] -- C:\SYSTEM.SAV
[2011/01/04 22:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/04 22:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/04 22:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/04 22:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/04 22:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/04 22:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/04 21:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/01/04 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
[2011/01/04 20:55:50 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\IObit
[2011/01/04 20:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/01/04 20:54:19 | 010,160,048 | ---- | C] (IObit ) -- C:\Users\Hayley\Desktop\asc-setup.exe
[2011/01/04 20:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/04 20:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/04 20:19:39 | 002,976,440 | ---- | C] (Piriform Ltd) -- C:\Users\Hayley\Desktop\ccsetup302.exe
[2011/01/04 19:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner Free
[2011/01/04 19:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2011/01/04 19:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/01/04 19:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner Free
[2011/01/04 19:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2011/01/04 19:52:34 | 004,322,272 | ---- | C] (ZhiQing Soft, Inc. ) -- C:\Users\Hayley\Desktop\WRCFree.exe
[2011/01/04 18:26:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2011/01/04 18:16:16 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\Autoruns
[2011/01/03 22:07:02 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\Uniblue
[2011/01/03 22:06:10 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\PackageAware
[2011/01/03 20:39:58 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\Windows\System32\Isafprod.dll
[2011/01/03 20:39:57 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Isafeif.dll
[2011/01/03 20:39:37 | 002,654,208 | ---- | C] (PureSight Technologies Ltd) -- C:\Windows\System32\winsflte.dll
[2011/01/03 19:28:27 | 000,000,000 | ---D | C] -- C:\Swsetup
[2011/01/03 17:19:51 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\{D9B1A630-1548-45A4-9380-4F68B7672000}
[2011/01/03 17:10:56 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/01/03 17:08:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/01/03 17:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/01/03 17:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/01/03 17:03:00 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Local\Windows Live
[2011/01/02 16:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/02 16:30:18 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/02 15:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/01/02 12:07:56 | 036,317,368 | ---- | C] (PC Tools ) -- C:\Users\Hayley\Desktop\spdoc.exe
[2011/01/01 19:37:05 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/01 15:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/01/01 15:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/12/30 21:45:28 | 000,000,000 | ---D | C] -- C:\Users\Hayley\Desktop\gmer
[2010/12/29 16:28:38 | 006,347,584 | ---- | C] (SurfRight B.V.) -- C:\Users\Hayley\Desktop\HitmanPro35.exe
[2010/12/29 14:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2010/12/29 14:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\ISSThirdParty
[2010/12/29 14:21:46 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Vetredir.dll
[2010/12/29 14:21:31 | 001,028,096 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2010/12/29 14:21:31 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\ssleay32.dll
[2010/12/29 14:21:30 | 000,000,000 | ---D | C] -- C:\Windows\rnapxs
[2010/12/29 14:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
[2010/12/29 14:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2010/12/29 14:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2010/12/29 10:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/12/29 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2010/12/29 10:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/12/29 10:00:42 | 000,000,000 | ---D | C] -- C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP
[2010/12/29 10:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/12/28 22:58:12 | 000,000,000 | ---D | C] -- C:\Users\Hayley\AppData\Roaming\Malwarebytes
[2010/12/28 22:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/28 22:55:36 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup.exe
[2010/12/20 18:39:05 | 000,000,000 | ---D | C] -- C:\NOVOTNY - Copy (2)
[2010/12/18 18:53:13 | 000,000,000 | ---D | C] -- C:\PERSONAL
[3 C:\Users\Hayley\Documents\*.tmp files -> C:\Users\Hayley\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/15 19:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124306064-959407867-2446713946-1001UA.job
[2011/01/15 19:23:17 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/01/15 19:22:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTL.scr
[2011/01/15 19:22:45 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Hayley\Desktop\OTH.scr
[2011/01/15 18:42:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/15 18:21:52 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/15 18:21:52 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/15 18:13:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/15 18:12:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/15 18:12:52 | 1603,112,960 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/15 18:12:00 | 000,999,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2011/01/15 18:12:00 | 000,128,620 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2011/01/15 18:12:00 | 000,008,621 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2011/01/15 18:12:00 | 000,000,289 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2011/01/15 18:12:00 | 000,000,241 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/01/15 18:12:00 | 000,000,241 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/01/15 18:12:00 | 000,000,241 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/01/15 18:12:00 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2011/01/15 18:12:00 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2011/01/15 18:12:00 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2011/01/15 18:12:00 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2011/01/15 18:12:00 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2011/01/15 18:12:00 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/01/15 18:12:00 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/01/15 18:12:00 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/01/15 18:12:00 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/01/15 18:12:00 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/01/15 18:07:50 | 000,000,496 | ---- | M] () -- C:\DrWeb.csv
[2011/01/15 11:30:03 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124306064-959407867-2446713946-1001Core.job
[2011/01/14 17:26:03 | 000,007,607 | ---- | M] () -- C:\Users\Hayley\AppData\Local\Resmon.ResmonCfg
[2011/01/14 16:47:13 | 000,002,041 | ---- | M] () -- C:\Users\Hayley\Desktop\HijackThis.lnk
[2011/01/14 16:23:26 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Hayley\Desktop\HJTInstall.exe
[2011/01/14 11:14:08 | 054,630,248 | ---- | M] () -- C:\Users\Hayley\Desktop\drweb-cureit.exe
[2011/01/14 11:04:33 | 001,231,390 | ---- | M] () -- C:\Users\Hayley\Desktop\tdsskiller.zip
[2011/01/13 19:41:22 | 042,376,192 | ---- | M] () -- C:\Users\Hayley\Desktop\eav_nt32_enu.msi
[2011/01/13 16:00:59 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 15:51:24 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Hayley\Desktop\spybotsd162.exe
[2011/01/13 06:30:54 | 000,002,407 | ---- | M] () -- C:\Users\Hayley\Desktop\Google Chrome.lnk
[2011/01/12 19:09:01 | 000,133,632 | ---- | M] () -- C:\Users\Hayley\Desktop\RKUnhookerLE.EXE
[2011/01/10 11:36:40 | 000,011,996 | ---- | M] () -- C:\Users\Hayley\Documents\DISNEYbigfigs.docx
[2011/01/10 10:34:57 | 000,624,640 | ---- | M] () -- C:\Users\Hayley\Desktop\dds.pif
[2011/01/07 12:16:07 | 000,010,495 | ---- | M] () -- C:\Users\Hayley\Documents\ANSWER.docx
[2011/01/07 11:05:52 | 000,624,128 | ---- | M] () -- C:\Users\Hayley\Desktop\dds.scr
[2011/01/07 11:01:14 | 000,719,873 | ---- | M] () -- C:\Users\Hayley\Desktop\rkill.com
[2011/01/06 20:51:08 | 002,677,072 | ---- | M] () -- C:\Users\Hayley\Desktop\Elf_1.12.exe
[2011/01/06 20:20:58 | 002,165,222 | ---- | M] () -- C:\Users\Hayley\Desktop\SalehooAlert.zip
[2011/01/06 20:07:25 | 000,000,960 | ---- | M] () -- C:\Users\Hayley\Desktop\Auction Alert.lnk
[2011/01/06 19:46:18 | 000,001,013 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\AuctionSensor.lnk
[2011/01/06 19:46:18 | 000,000,989 | ---- | M] () -- C:\Users\Hayley\Desktop\AuctionSensor.lnk
[2011/01/06 19:38:31 | 007,826,666 | ---- | M] (AuctionSensor.com ) -- C:\Users\Hayley\Desktop\as-1.0.1-app-win.exe
[2011/01/06 19:27:05 | 002,636,646 | ---- | M] () -- C:\Users\Hayley\Desktop\AuctionAlert.zip
[2011/01/06 11:45:31 | 000,010,442 | ---- | M] () -- C:\Users\Hayley\Documents\rickpillslost.docx
[2011/01/06 09:43:20 | 000,058,862 | ---- | M] () -- C:\Users\Hayley\Desktop\bluescreenview.zip
[2011/01/05 18:22:25 | 000,001,242 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/05 18:22:25 | 000,001,218 | ---- | M] () -- C:\Users\Hayley\Desktop\Spybot - Search & Destroy.lnk
[2011/01/05 17:24:37 | 000,011,520 | ---- | M] () -- C:\Users\Hayley\Documents\old5hool.docx
[2011/01/05 16:53:54 | 000,938,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/05 16:47:25 | 000,202,520 | ---- | M] () -- C:\Windows\hpoins18.dat
[2011/01/05 16:45:11 | 000,130,911 | ---- | M] () -- C:\Windows\hppins03.dat
[2011/01/05 16:44:38 | 000,647,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/05 16:44:38 | 000,116,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/05 16:36:19 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/05 16:34:27 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/01/05 16:33:55 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/01/05 16:14:59 | 000,000,240 | ---- | M] () -- C:\Users\Hayley\Desktop\HP Windows 7 Full Feature Printer Software alert 1.url
[2011/01/05 13:02:11 | 000,012,820 | ---- | M] () -- C:\Users\Hayley\Documents\reply.docx
[2011/01/04 22:55:16 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/04 22:44:37 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/04 20:55:56 | 000,000,136 | ---- | M] () -- C:\Users\Hayley\Desktop\IObit Freeware.url
[2011/01/04 20:55:55 | 000,001,205 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2011/01/04 20:55:55 | 000,001,181 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2011/01/04 20:54:51 | 010,160,048 | ---- | M] (IObit ) -- C:\Users\Hayley\Desktop\asc-setup.exe
[2011/01/04 20:24:30 | 000,070,584 | ---- | M] () -- C:\Users\Hayley\Desktop\cc_20110104_202406.reg
[2011/01/04 20:20:19 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/04 20:19:45 | 002,976,440 | ---- | M] (Piriform Ltd) -- C:\Users\Hayley\Desktop\ccsetup302.exe
[2011/01/04 19:55:27 | 000,001,963 | ---- | M] () -- C:\Users\Hayley\Desktop\Wise Disk Cleaner Free.lnk
[2011/01/04 19:55:27 | 000,001,949 | ---- | M] () -- C:\Users\Hayley\Desktop\Clean disk with 1 click.lnk
[2011/01/04 19:55:27 | 000,001,089 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011/01/04 19:54:02 | 000,001,137 | ---- | M] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/01/04 19:52:48 | 004,322,272 | ---- | M] (ZhiQing Soft, Inc. ) -- C:\Users\Hayley\Desktop\WRCFree.exe
[2011/01/04 18:15:16 | 000,620,465 | ---- | M] () -- C:\Users\Hayley\Desktop\Autoruns.zip
[2011/01/03 20:39:39 | 005,845,744 | ---- | M] () -- C:\Windows\System32\win32cpr.dll
[2011/01/03 20:39:39 | 001,872,624 | ---- | M] () -- C:\Windows\System32\winsflt.dll
[2011/01/03 20:32:11 | 000,460,296 | ---- | M] () -- C:\Users\Hayley\Desktop\CA2010Install.exe
[2011/01/03 16:58:12 | 000,657,920 | ---- | M] () -- C:\Users\Hayley\Desktop\MicrosoftFixit50461.msi
[2011/01/03 15:54:28 | 612,324,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/03 11:40:18 | 000,058,007 | ---- | M] () -- C:\Users\Hayley\Documents\viruswin7.docx
[2011/01/02 17:39:16 | 000,288,107 | ---- | M] () -- C:\Users\Hayley\Desktop\gmer.zip
[2011/01/02 16:29:02 | 000,339,991 | ---- | M] () -- C:\Users\Hayley\Desktop\RSIT.exe
[2011/01/02 16:00:16 | 000,000,335 | ---- | M] () -- C:\Users\Hayley\Desktop\FixExe.reg
[2011/01/02 12:07:56 | 036,317,368 | ---- | M] (PC Tools ) -- C:\Users\Hayley\Desktop\spdoc.exe
[2011/01/01 19:52:54 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/01/01 19:37:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/01 15:39:00 | 000,002,700 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/01/01 15:27:13 | 006,347,584 | ---- | M] (SurfRight B.V.) -- C:\Users\Hayley\Desktop\HitmanPro35.exe
[2011/01/01 15:07:48 | 000,010,523 | ---- | M] () -- C:\Users\Hayley\Documents\MBAMquick.docx
[2010/12/30 22:33:22 | 000,011,892 | ---- | M] () -- C:\Users\Hayley\Documents\VIRUSexplanation.docx
[2010/12/30 18:12:07 | 000,050,477 | ---- | M] () -- C:\Users\Hayley\Desktop\Defogger.exe
[2010/12/29 15:21:58 | 000,001,016 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/12/29 15:16:47 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010/12/29 15:12:57 | 000,000,007 | ---- | M] () -- C:\Windows\System32\mkghj.dll
[2010/12/28 22:56:35 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hayley\Desktop\mbam-setup.exe
[2010/12/28 22:27:04 | 000,780,283 | ---- | M] () -- C:\Users\Hayley\Desktop\iExplore.exe
[2010/12/28 15:33:24 | 000,011,446 | ---- | M] () -- C:\Users\Hayley\Documents\frontierland.docx
[2010/12/28 15:33:15 | 000,000,162 | -H-- | M] () -- C:\Users\Hayley\Documents\~$ontierland.docx
[2010/12/25 12:07:27 | 000,011,149 | ---- | M] () -- C:\Users\Hayley\Documents\zoey.docx
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/18 19:17:00 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[3 C:\Users\Hayley\Documents\*.tmp files -> C:\Users\Hayley\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/15 18:07:49 | 000,000,496 | ---- | C] () -- C:\DrWeb.csv
[2011/01/14 16:25:30 | 000,002,041 | ---- | C] () -- C:\Users\Hayley\Desktop\HijackThis.lnk
[2011/01/14 11:14:05 | 054,630,248 | ---- | C] () -- C:\Users\Hayley\Desktop\drweb-cureit.exe
[2011/01/14 11:04:19 | 001,231,390 | ---- | C] () -- C:\Users\Hayley\Desktop\tdsskiller.zip
[2011/01/13 19:41:22 | 042,376,192 | ---- | C] () -- C:\Users\Hayley\Desktop\eav_nt32_enu.msi
[2011/01/13 16:00:59 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/12 19:09:01 | 000,133,632 | ---- | C] () -- C:\Users\Hayley\Desktop\RKUnhookerLE.EXE
[2011/01/07 11:46:42 | 000,010,495 | ---- | C] () -- C:\Users\Hayley\Documents\ANSWER.docx
[2011/01/07 11:09:24 | 000,624,640 | ---- | C] () -- C:\Users\Hayley\Desktop\dds.pif
[2011/01/06 20:51:01 | 002,677,072 | ---- | C] () -- C:\Users\Hayley\Desktop\Elf_1.12.exe
[2011/01/06 20:14:06 | 002,165,222 | ---- | C] () -- C:\Users\Hayley\Desktop\SalehooAlert.zip
[2011/01/06 20:06:28 | 000,000,960 | ---- | C] () -- C:\Users\Hayley\Desktop\Auction Alert.lnk
[2011/01/06 19:46:18 | 000,001,013 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\AuctionSensor.lnk
[2011/01/06 19:46:18 | 000,000,989 | ---- | C] () -- C:\Users\Hayley\Desktop\AuctionSensor.lnk
[2011/01/06 19:26:54 | 002,636,646 | ---- | C] () -- C:\Users\Hayley\Desktop\AuctionAlert.zip
[2011/01/06 11:41:40 | 000,010,442 | ---- | C] () -- C:\Users\Hayley\Documents\rickpillslost.docx
[2011/01/06 09:43:15 | 000,058,862 | ---- | C] () -- C:\Users\Hayley\Desktop\bluescreenview.zip
[2011/01/05 18:22:25 | 000,001,242 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/05 18:22:25 | 000,001,218 | ---- | C] () -- C:\Users\Hayley\Desktop\Spybot - Search & Destroy.lnk
[2011/01/05 17:14:40 | 000,011,520 | ---- | C] () -- C:\Users\Hayley\Documents\old5hool.docx
[2011/01/05 16:36:19 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/05 16:33:55 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/01/05 16:22:55 | 000,130,866 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2011/01/05 16:22:55 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2011/01/05 16:14:59 | 000,000,240 | ---- | C] () -- C:\Users\Hayley\Desktop\HP Windows 7 Full Feature Printer Software alert 1.url
[2011/01/05 12:20:16 | 000,012,820 | ---- | C] () -- C:\Users\Hayley\Documents\reply.docx
[2011/01/04 22:55:16 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/04 22:44:37 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/04 20:56:08 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2011/01/04 20:55:56 | 000,000,136 | ---- | C] () -- C:\Users\Hayley\Desktop\IObit Freeware.url
[2011/01/04 20:55:55 | 000,001,205 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2011/01/04 20:55:55 | 000,001,181 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2011/01/04 20:24:13 | 000,070,584 | ---- | C] () -- C:\Users\Hayley\Desktop\cc_20110104_202406.reg
[2011/01/04 20:20:19 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/04 19:55:27 | 000,001,963 | ---- | C] () -- C:\Users\Hayley\Desktop\Wise Disk Cleaner Free.lnk
[2011/01/04 19:55:27 | 000,001,949 | ---- | C] () -- C:\Users\Hayley\Desktop\Clean disk with 1 click.lnk
[2011/01/04 19:55:27 | 000,001,089 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011/01/04 19:54:02 | 000,001,137 | ---- | C] () -- C:\Users\Hayley\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/01/04 19:54:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/01/03 22:24:04 | 000,620,465 | ---- | C] () -- C:\Users\Hayley\Desktop\Autoruns.zip
[2011/01/03 20:39:45 | 005,845,744 | ---- | C] () -- C:\Windows\System32\win32cpr.dll
[2011/01/03 20:39:45 | 002,347,760 | ---- | C] () -- C:\Windows\System32\mdmcls32.exe
[2011/01/03 20:39:45 | 001,872,624 | ---- | C] () -- C:\Windows\System32\winsflt.dll
[2011/01/03 20:39:45 | 001,377,008 | ---- | C] () -- C:\Windows\System32\svcprs32.exe
[2011/01/03 20:32:08 | 000,460,296 | ---- | C] () -- C:\Users\Hayley\Desktop\CA2010Install.exe
[2011/01/03 16:58:08 | 000,657,920 | ---- | C] () -- C:\Users\Hayley\Desktop\MicrosoftFixit50461.msi
[2011/01/02 17:16:53 | 000,058,007 | ---- | C] () -- C:\Users\Hayley\Documents\viruswin7.docx
[2011/01/02 16:28:56 | 000,339,991 | ---- | C] () -- C:\Users\Hayley\Desktop\RSIT.exe
[2011/01/02 16:00:13 | 000,000,335 | ---- | C] () -- C:\Users\Hayley\Desktop\FixExe.reg
[2011/01/01 15:39:00 | 000,002,700 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/01/01 15:27:53 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/01/01 15:07:47 | 000,010,523 | ---- | C] () -- C:\Users\Hayley\Documents\MBAMquick.docx
[2011/01/01 14:18:57 | 000,128,620 | ---- | C] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2010/12/30 22:10:19 | 000,011,892 | ---- | C] () -- C:\Users\Hayley\Documents\VIRUSexplanation.docx
[2010/12/30 21:43:38 | 000,288,107 | ---- | C] () -- C:\Users\Hayley\Desktop\gmer.zip
[2010/12/30 21:35:22 | 000,624,128 | ---- | C] () -- C:\Users\Hayley\Desktop\dds.scr
[2010/12/30 18:12:06 | 000,050,477 | ---- | C] () -- C:\Users\Hayley\Desktop\Defogger.exe
[2010/12/29 15:16:47 | 000,000,136 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010/12/29 15:15:05 | 000,999,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2010/12/29 15:15:05 | 000,008,621 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2010/12/29 15:15:05 | 000,000,289 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2010/12/29 15:15:05 | 000,000,241 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2010/12/29 15:15:05 | 000,000,241 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2010/12/29 15:15:05 | 000,000,241 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2010/12/29 15:15:05 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2010/12/29 15:15:05 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2010/12/29 15:14:52 | 000,001,016 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/12/29 15:12:57 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2010/12/29 14:21:45 | 001,054,032 | ---- | C] () -- C:\Windows\System32\cfgmig32.dll
[2010/12/29 14:21:31 | 002,385,136 | ---- | C] () -- C:\Windows\System32\winsflt_x64.dll
[2010/12/29 14:21:31 | 000,286,208 | ---- | C] () -- C:\Windows\System32\winsfinst.exe
[2010/12/29 11:22:09 | 000,004,780 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/12/29 10:47:49 | 612,324,287 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/28 22:37:38 | 000,719,873 | ---- | C] () -- C:\Users\Hayley\Desktop\rkill.com
[2010/12/28 22:26:59 | 000,780,283 | ---- | C] () -- C:\Users\Hayley\Desktop\iExplore.exe
[2010/12/28 15:33:15 | 000,011,446 | ---- | C] () -- C:\Users\Hayley\Documents\frontierland.docx
[2010/12/28 15:33:15 | 000,000,162 | -H-- | C] () -- C:\Users\Hayley\Documents\~$ontierland.docx
[2010/12/25 09:52:27 | 000,011,149 | ---- | C] () -- C:\Users\Hayley\Documents\zoey.docx
[2010/07/16 20:21:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\YCRWin32.dll
[2010/06/30 16:58:24 | 000,007,607 | ---- | C] () -- C:\Users\Hayley\AppData\Local\Resmon.ResmonCfg
[2010/05/22 15:48:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/15 13:57:32 | 000,000,576 | ---- | C] () -- C:\ProgramData\afl.log
[2009/12/29 12:14:21 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/28 19:27:42 | 000,000,094 | ---- | C] () -- C:\Users\Hayley\AppData\Local\fusioncache.dat
[2009/09/18 01:15:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 14:50:37 | 000,000,062 | ---- | C] () -- C:\Windows\PrintWorkShop2009.ini
[2008/06/20 17:41:51 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2008/06/20 09:30:43 | 000,000,392 | ---- | C] () -- C:\Users\Hayley\AppData\Roaming\wklnhst.dat
[2008/06/16 12:07:11 | 000,000,011 | ---- | C] () -- C:\Windows\EPF_UPLD.INI
[2008/06/16 12:07:10 | 000,000,254 | ---- | C] () -- C:\Windows\PHOTO!2.INI
[2008/01/14 15:54:04 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/08/24 11:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/06/28 17:34:31 | 000,061,678 | ---- | C] () -- C:\Users\Hayley\AppData\Roaming\PFP110JPR.{PB
[2007/06/28 17:34:31 | 000,012,358 | ---- | C] () -- C:\Users\Hayley\AppData\Roaming\PFP110JCM.{PB
[2007/06/28 17:24:52 | 000,000,871 | ---- | C] () -- C:\Windows\WaltDisney.INI
[2007/06/28 17:24:52 | 000,000,059 | ---- | C] () -- C:\Windows\WALTDCS.INI
[2007/06/28 16:05:38 | 000,000,258 | ---- | C] () -- C:\Windows\System32\BDEMERGE.INI
[2007/06/28 12:26:13 | 000,007,432 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2007/05/15 00:06:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/05/14 23:28:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/05/14 23:21:50 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/05/14 23:21:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 00:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 06:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 06:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 19:42:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\hppapr02.dll
[2006/06/23 09:09:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2004/11/18 09:16:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\nktwab.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini

========== LOP Check ==========

[2009/11/24 17:25:30 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Ace
[2009/11/24 17:25:37 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Atari
[2011/01/06 19:46:38 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\AuctionSensor.com
[2010/01/25 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Broad Intelligence
[2009/11/24 17:25:38 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Bruce Clay
[2009/11/24 17:25:38 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Centra
[2010/07/29 12:42:10 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/24 17:25:38 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\CoffeeCup Software
[2010/09/24 11:51:02 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\FileZilla
[2009/11/24 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\GetRightToGo
[2011/01/04 22:06:22 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\IObit
[2009/11/24 17:25:40 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Leadertech
[2009/11/24 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Saba
[2010/09/27 11:42:04 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Salehoo
[2009/11/24 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Snapfish
[2010/05/28 19:08:12 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Softland
[2009/11/24 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\TD AMERITRADE
[2010/02/11 16:17:09 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\TechWizard
[2009/11/24 17:29:42 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Template
[2009/11/24 17:29:42 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\TradeStation Technologies
[2011/01/03 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\Uniblue
[2010/09/09 14:02:09 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\WeatherBug
[2009/11/24 17:29:42 | 000,000,000 | ---D | M] -- C:\Users\Hayley\AppData\Roaming\WinBatch
[2011/01/15 19:23:17 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2011/01/06 11:26:06 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 335 bytes -> C:\Users\Hayley\Documents\test3.eml:OECustomProperty
@Alternate Data Stream - 323 bytes -> C:\Users\Hayley\Documents\test.eml:OECustomProperty
@Alternate Data Stream - 192 bytes -> C:\Users\Hayley\Documents\test2.eml:OECustomProperty
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:15 AM

Posted 16 January 2011 - 11:16 AM

Hi :)


Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users