Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help! Google redirecting all over the place!


  • This topic is locked This topic is locked
71 replies to this topic

#1 dschribs

dschribs

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 23 May 2011 - 06:13 PM

My computer started acting up yesterday. When I go to Google and search on something it redirects me to Yellow pages or Direct TV or all kinds of other web sites. None of which are those that I am searching for or even related to what I am searching for. It is driving me nuts!! I am able to get on some sites (this one for example) if I keep trying over and over again. Also, ALL of my internet favorites have been wiped out and the desk top shortcut I had for Google is gone.

I am also getting error message pop ups from the desktop tray icon at the bottom of the screen (the shield with the exclamation point) that says is can not save something "Delay Write Failed". What it's saying it can't save is different every time - usually a web site that I have never been on.

I ran Avira scan which came up empty. Also Malware Bytes and Super Anti-Spyware in safemode and both came up clear.

Please help! Both my wife and I need our computer for work.

I appreciate any help anyone could provide to me.

Hopefully I have done all the prep work (GMER, DDS etc) correctly.

Thank you!!!!!

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jim at 18:08:53 on 2011-05-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.131 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\PSLB0Z8B\dds[1].scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [EPSON Stylus CX6000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibia.exe /fu "c:\windows\temp\E_SCF.tmp" /EF "HKLM"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214840881978
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-19 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-19 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-19 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-19 61960]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-1-9 10384]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
.
=============== Created Last 30 ================
.
2011-05-22 19:25:20 -------- d-----w- c:\documents and settings\jim\application data\SUPERAntiSpyware.com
2011-05-22 19:25:20 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-22 19:24:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-22 16:26:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-22 16:26:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-06 23:02:11 -------- d-----w- C:\e
2011-05-06 23:02:11 -------- d-----w- C:\Data
2011-05-04 01:24:28 -------- d-----w- c:\windows\system32\LogFiles
2011-04-30 00:24:05 -------- d-----w- c:\documents and settings\jim\local settings\application data\Yahoo!
.
==================== Find3M ====================
.
2011-04-23 15:54:39 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-03-18 17:33:19 71072 ----a-w- c:\windows\CouponPrinter.ocx
.
============= FINISH: 18:09:55.39 ===============

Attached Files


Edited by dschribs, 23 May 2011 - 06:19 PM.


BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 24 May 2011 - 03:42 AM

Please help! Both my wife and I need our computer for work.

Does this computer belong to the company you work for?

I need another set of logs.

Step 1.
OTL-scan:


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans set the File Age to 30 Days
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, Use No-Company Name WhiteList, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %USERPROFILE%\..\*.
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    volsnap.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Step 2.
RKU-scan:

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Step 3.
aswMBR-scan:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply


Step 4.
Things I would like to see in your reply:

  • The content of OTL.txt and Extras.txt from step 1.
  • The content of the log from RKU in step 2
  • The content of the log from aswMBR in step 3.

Edited by heir, 25 May 2011 - 01:50 AM.
corrected customscan

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 dschribs

dschribs
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 24 May 2011 - 06:36 AM

Thanks Heir!!!


No this is not a work computer. It is our privately owned computer. We use Word and Excel for work projects. Also, we need internet browsing capability for some work projects.

I will run the suggested scans and post the results as soon as I am back home tonight.

Thanks for the help!!! I certainly do appreciate it.

Dan

#4 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 24 May 2011 - 07:49 AM

OK.

There is a 6h time difference. You are at GMT-4 and I'm at GMT+2.
That I'll give you a clue on when to expect replies. :wink:

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#5 dschribs

dschribs
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 24 May 2011 - 06:21 PM

I can't get OTL - Scan to finish. It scans for quite some time then gets stuck on "Checking manual scans" at the bottom of the scan tool. It stayed like that for at least twenty minutes both times I tried it. When I tried to get out of it my computer was totally locked up. I tried it twice and the same thing happened. I had to push and hold the button on the CPU to get it up and running again. Just won't work.

On the others, I did ok.

RKU Scan log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF8053000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF838D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF7F40000 C:\WINDOWS\system32\drivers\smwdm.sys 548864 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xAF301000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xAF266000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEC3A9000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB1E7D000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAF00D000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAF0B5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xEC407000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF84E9000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAF146000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8360000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAE602000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAF2D6000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB1E26000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAF240000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF8493000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAF37C000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7F1C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF801B000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7FC6000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB1E04000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xAF3A2000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF8443000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF84B9000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7FFD000 C:\WINDOWS\system32\DRIVERS\e1000325.sys 122880 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xF8346000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF847B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAF228000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8463000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF841A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7F05000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAF213000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xAEDA0000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7FE9000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF803F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB1F93000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8431000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF84D8000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7EF4000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8688000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8778000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8758000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8798000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8788000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAEED5000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF2555000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8578000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF87A8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8558000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF2545000 C:\WINDOWS\System32\Drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF85B8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8588000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF3A60000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8768000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8548000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF85A8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8538000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF329C000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF39D0000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8568000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7AF8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8748000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF85C8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8638000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAE69D000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF519D000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8890000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0xF87C8000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xB0258000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xB0250000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF1EF4000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8880000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8888000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF1F0C000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF87B8000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8898000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF34D1000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB0280000 C:\WINDOWS\System32\Drivers\LUsbFilt.Sys 24576 bytes (Logitech, Inc., Logitech USB Filter Driver.)
0xF1F14000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB0278000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF8938000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF8870000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF1F04000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB2733000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF1EFC000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF87C0000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF34E1000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF34D9000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF88A0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF1EE4000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF5433000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF4379000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB107B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF89E4000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8948000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEC3A5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB0958000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF819D000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF89E8000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEC3A1000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8A9A000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xB0F82000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF8A6A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8A3E000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB0F7E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8A68000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A3C000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8A38000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8A6C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xAF3D0000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8A6E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8AF4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A4E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A3A000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8C0D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8C51000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8B54000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xF2862000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8B00000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x822F6A91 Unknown page with executable code, 1391 bytes
0x822F5288 Unknown page with executable code, 3448 bytes
0x822F7191 Unknown page with executable code, 3695 bytes
0xF8558000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
0x822F9E7A Unknown thread object [ ETHREAD 0x8235BB08 ] TID: 124, 600 bytes
0x822FC008 Unknown thread object [ ETHREAD 0x8235B7C0 ] TID: 128, 600 bytes
0x822FB0DE Unknown thread object [ ETHREAD 0x822BF578 ] , 600 bytes
0x822F9B45 Unknown thread object [ ETHREAD 0x822BF230 ] , 600 bytes
0x822FBCDC Unknown page with executable code, 804 bytes


On the aswMBR log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-24 19:16:54
-----------------------------
19:16:54.453 OS Version: Windows 5.1.2600 Service Pack 3
19:16:54.453 Number of processors: 1 586 0x209
19:16:54.453 ComputerName: 3049PC UserName: Jim
19:16:55.562 Initialize success
19:17:02.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:17:02.640 Disk 0 Vendor: ST340014A 3.16 Size: 38146MB BusType: 3
19:17:03.671 Disk 0 MBR read successfully
19:17:03.671 Disk 0 MBR scan
19:17:03.671 Disk 0 Windows XP default MBR code
19:17:03.687 Disk 0 scanning sectors +78108030
19:17:03.734 Disk 0 scanning C:\WINDOWS\system32\drivers
19:17:08.765 Service scanning
19:17:10.625 Disk 0 trace - called modules:
19:17:10.625 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x822f51ed]<<
19:17:10.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823d0ab8]
19:17:10.640 3 CLASSPNP.SYS[f8578fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823a5b00]
19:17:10.640 \Driver\atapi[0x823ccf38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x822f51ed
19:17:10.640 Scan finished successfully
19:17:30.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jim\Desktop\MBR.dat"
19:17:30.656 The log file has been saved successfully to "C:\Documents and Settings\Jim\Desktop\aswMBR.txt"


Please let me know where we go from here. Does it look bad??

Thanks!!

#6 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 25 May 2011 - 02:18 AM

Please let me know where we go from here. Does it look bad??

When I get the result from the custom scan with OTL I'll know.
There is a combination of infections. One is hiding form us and one has manipulated your start menu and desktop.
Backups of the start menu and desktop should be found with that custom scan, however those backups can have been removed by other tools. We retrieved those backups.

There were a missing character in the custom scan box. I edited my previous post.
Please redo the scan with OTL in my previous post. It works now.

Edited by heir, 25 May 2011 - 02:22 AM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#7 dschribs

dschribs
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 25 May 2011 - 05:04 AM

Sucess!

OTL

OTL logfile created on: 5/25/2011 5:49:05 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 173.89 Mb Available Physical Memory | 34.10% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 19.69 Gb Free Space | 52.91% Space Free | Partition Type: NTFS

Computer Name: 3049PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/24 18:23:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
PRC - [2011/04/27 16:18:12 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 20:02:40 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/02 22:59:41 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2011/05/24 18:23:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/27 16:18:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 20:02:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/03/16 20:02:41 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 16:38:41 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214840881978 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/24 16:51:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 19:16:38 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2011/05/24 18:23:44 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2011/05/23 18:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\gmer
[2011/05/23 18:08:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\Administrative Tools
[2011/05/22 15:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\SUPERAntiSpyware.com
[2011/05/22 15:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/22 15:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/22 15:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/22 13:36:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent
[2011/05/06 19:02:11 | 000,000,000 | ---D | C] -- C:\e
[2011/05/06 19:02:11 | 000,000,000 | ---D | C] -- C:\Data
[2011/05/06 18:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/05/03 21:24:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/04/29 20:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\BrowserPlus
[2011/04/29 20:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Yahoo!
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 05:46:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 05:45:04 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-73586283-1383384898-725345543-1003.job
[2011/05/25 05:44:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 05:44:49 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 19:17:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\MBR.dat
[2011/05/24 19:16:41 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2011/05/24 19:11:56 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\RKUnhookerLE.EXE
[2011/05/24 18:23:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2011/05/23 18:17:23 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\gmer.zip
[2011/05/22 15:44:37 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/22 15:25:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/22 12:10:55 | 000,000,211 | -H-- | M] () -- C:\Documents and Settings\Jim\Desktop\Google.url
[2011/05/21 21:27:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-1383384898-725345543-1003.job
[2011/05/20 23:00:45 | 000,000,515 | -H-- | M] () -- C:\Documents and Settings\Jim\Desktop\Yahoo! Mail.url
[2011/05/14 18:46:12 | 000,011,932 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\6p74b12e5883bvnms7rio6x2hebdv36h
[2011/05/14 18:46:12 | 000,011,932 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6p74b12e5883bvnms7rio6x2hebdv36h
[2011/05/08 20:21:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/04 18:54:00 | 000,012,380 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\50ju5u2eib066e66otjs7gm
[2011/05/04 18:54:00 | 000,012,380 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\50ju5u2eib066e66otjs7gm
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 19:17:30 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\MBR.dat
[2011/05/24 19:11:55 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\RKUnhookerLE.EXE
[2011/05/23 18:17:21 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\gmer.zip
[2011/05/23 18:03:14 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/22 15:44:36 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/22 15:25:03 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/14 18:43:44 | 000,011,932 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6p74b12e5883bvnms7rio6x2hebdv36h
[2011/05/14 18:43:43 | 000,011,932 | -HS- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\6p74b12e5883bvnms7rio6x2hebdv36h
[2011/05/03 21:18:08 | 000,012,380 | -HS- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\50ju5u2eib066e66otjs7gm
[2011/05/03 21:18:08 | 000,012,380 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\50ju5u2eib066e66otjs7gm
[2011/04/08 22:12:22 | 000,000,043 | -H-- | C] () -- C:\Documents and Settings\Jim\Application Data\1.gif
[2011/02/09 21:12:13 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Speed.INI
[2010/11/11 19:49:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/24 20:06:39 | 000,058,592 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/22 20:31:30 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 17:37:56 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/08/22 17:37:56 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/08/22 17:37:56 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/08/22 17:37:56 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/08/22 17:37:56 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/08/22 17:37:56 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/08/22 17:37:56 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/08/22 17:37:56 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/08/22 17:37:56 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/08/22 17:37:56 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/08/22 17:37:56 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/08/22 17:37:56 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/08/22 17:37:56 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/08/22 17:37:56 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/08/22 17:37:56 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/08/22 17:37:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/08/22 17:34:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/08/22 17:33:21 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX6000.ini
[2010/08/20 21:03:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/30 11:08:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008/06/24 16:54:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/24 16:48:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/24 12:40:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/24 12:39:44 | 000,245,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/27 11:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,472,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,075,326 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/02/26 13:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/02/08 21:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2011/03/05 21:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/08/19 21:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/10/24 19:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/06 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GARMIN
[2010/10/24 19:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GetRightToGo
[2010/08/22 17:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech
[2011/02/08 21:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\MAGIX
[2010/10/17 21:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Softplicity
[2010/10/24 19:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Xilisoft

========== Purity Check ==========



========== Custom Scans ==========


< %USERPROFILE%\..\*. >
[2011/04/17 15:02:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jim\..\Administrator
[2011/05/04 18:59:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jim\..\Administrator.3049PC
[2011/05/14 19:33:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jim\..\Administrator.3049PC.000
[2011/05/22 13:36:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jim\..\Administrator.3049PC.001
[2011/05/22 14:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\..\Administrator.3049PC.002
[2008/06/24 16:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\..\All Users
[2011/04/23 16:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\..\Dan
[2008/07/02 15:43:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\..\Default User
[2011/05/22 13:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\..\Jim
[2011/05/22 12:26:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim\..\LocalService
[2011/05/22 12:26:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim\..\NetworkService

< %USERPROFILE%\..|smtmp;true;true;true /FP >
[2011/05/22 12:19:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\..\Jim\Local Settings\Temp\smtmp
[2011/05/22 12:19:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\..\Jim\Local Settings\Temp\smtmp\1
[2011/05/22 12:19:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\..\Jim\Local Settings\Temp\smtmp\2
[2011/05/22 12:19:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\..\Jim\Local Settings\Temp\smtmp\4

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2010/11/10 22:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/10/24 19:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/10/24 19:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/08/19 20:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/02/26 13:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/01/09 17:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2011/01/09 17:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/02/08 21:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/08/20 21:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/04 17:59:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/01/29 22:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/10/09 20:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/05/22 15:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/06/30 12:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/03/05 21:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/08/19 21:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/12/03 20:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/05/06 18:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/10/24 19:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2010/09/24 02:51:28 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
[2005/10/08 18:14:46 | 000,040,960 | ---- | M] (Magix AG) -- C:\Documents and Settings\All Users\Application Data\MAGIX\PhotoStory_on_CD_DVD_9\Default\fcdummy.exe
[2004/09/13 15:29:46 | 000,200,704 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MAGIX\PhotoStory_on_CD_DVD_9\DVD\Wmv_disc\licgen.exe
[1997/10/16 00:03:40 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MAGIX\PhotoStory_on_CD_DVD_9\DVD\Wmv_disc\components\shelexec.exe
[2003/11/04 20:20:34 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MAGIX\PhotoStory_on_CD_DVD_9\DVD\Wmv_disc\components\videowritetest.exe
[2011/04/17 15:07:24 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2010/11/10 22:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Adobe
[2010/11/21 19:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Apple Computer
[2011/02/03 20:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\ArcSoft
[2010/08/21 10:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Avira
[2011/04/06 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GARMIN
[2010/10/24 19:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GetRightToGo
[2008/06/24 16:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Identities
[2011/04/23 11:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\InstallShield
[2010/08/22 17:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech
[2011/01/09 17:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Logitech
[2010/08/20 20:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Macromedia
[2011/02/08 21:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\MAGIX
[2010/08/20 21:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Malwarebytes
[2011/01/15 19:32:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jim\Application Data\Microsoft
[2011/01/29 22:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Real
[2010/10/17 21:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Softplicity
[2010/10/09 20:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Sun
[2011/05/22 15:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\SUPERAntiSpyware.com
[2010/10/24 19:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Xilisoft
[2011/05/06 18:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2010/08/20 20:47:39 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Jim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/02 15:18:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/07/02 15:18:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 19:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/02 15:18:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/07/02 15:18:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 17:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/10/18 18:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\dell\nvraid\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/10/18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: NVRAID.SYS >
[2006/10/18 17:31:46 | 000,089,216 | ---- | M] (NVIDIA Corporation) MD5=EA4017441889A7E66D8A77BD41AC11C0 -- C:\WINDOWS\dell\nvraid\nvraid.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2007/02/09 23:06:00 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\WINDOWS\dell\symmpi\symmpi.sys

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\volsnap.sys

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/06/24 12:39:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/06/24 12:39:09 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/06/24 12:39:08 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/03/16 20:02:41 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys

< >

< >

< End of report >

Extras

OTL Extras logfile created on: 5/25/2011 5:49:06 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 173.89 Mb Available Physical Memory | 34.10% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 19.69 Gb Free Space | 52.91% Space Free | Partition Type: NTFS

Computer Name: 3049PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B0576C-638B-4D7E-8E58-C04B15062AB0}" = MAGIX Screenshare
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX6000 Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{312AB810-C924-4EEF-9780-6CCF85E3CF15}" = MAGIX PhotoStory on CD & DVD 9
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6B25BB26-A1EC-4A23-AB6C-211E57B67777}" = LightScribe System Software
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{99EE0AE2-605E-4F13-99D1-033504C2AD0E}" = MAGIX Speed 2 (MSI)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF06DE33-94CC-4385-85A4-47EB4A1FEF6F}" = MAGIX 3D Maker (embedded MSI)
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"HTC_WModemDriver" = WModem Driver Installer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"JFK Reloaded" = JFK Reloaded 1.1
"MAGIX_MSI_Fotos_auf_CD_DVD_9" = MAGIX PhotoStory on CD & DVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Adapters and Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Silent Package Run-Time Sample" = EPSON CX6000 Series User's Guide
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2011 3:08:11 AM | Computer Name = 3049PC | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{ec378a15-4207-11dd-9daf-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x8007045d.

Error - 5/24/2011 3:08:25 AM | Computer Name = 3049PC | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{ec378a15-4207-11dd-9daf-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x8007045d.

Error - 5/24/2011 3:08:37 AM | Computer Name = 3049PC | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{ec378a15-4207-11dd-9daf-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x8007045d.

Error - 5/24/2011 3:08:49 AM | Computer Name = 3049PC | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{ec378a15-4207-11dd-9daf-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x8007045d.

Error - 5/24/2011 3:09:01 AM | Computer Name = 3049PC | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{ec378a15-4207-11dd-9daf-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x8007045d.

Error - 5/24/2011 3:49:03 AM | Computer Name = 3049PC | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{ec378a15-4207-11dd-9daf-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x8007045d.

Error - 5/24/2011 3:49:16 AM | Computer Name = 3049PC | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{ec378a15-4207-11dd-9daf-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x8007045d.

Error - 5/24/2011 3:52:10 AM | Computer Name = 3049PC | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{ec378a15-4207-11dd-9daf-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x8007045d.

Error - 5/24/2011 7:11:33 PM | Computer Name = 3049PC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.23.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/24/2011 7:11:34 PM | Computer Name = 3049PC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.23.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/24/2011 3:23:01 AM | Computer Name = 3049PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/24/2011 3:40:49 AM | Computer Name = 3049PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/24/2011 6:26:29 PM | Computer Name = 3049PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/24/2011 6:27:54 PM | Computer Name = 3049PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/24/2011 6:27:55 PM | Computer Name = 3049PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/24/2011 6:27:55 PM | Computer Name = 3049PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/24/2011 6:27:56 PM | Computer Name = 3049PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/24/2011 6:31:29 PM | Computer Name = 3049PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/24/2011 6:31:29 PM | Computer Name = 3049PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/24/2011 6:38:02 PM | Computer Name = 3049PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.


< End of report >

#8 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 25 May 2011 - 08:35 AM

OK let's secure that backup, try the latest version of TDSSkiller and find information for the alternate approach.


< %USERPROFILE%\..\*. >
[2011/04/17 15:02:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jim\..\Administrator
[2011/05/04 18:59:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jim\..\Administrator.3049PC
[2011/05/14 19:33:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jim\..\Administrator.3049PC.000
[2011/05/22 13:36:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jim\..\Administrator.3049PC.001
[2011/05/22 14:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\..\Administrator.3049PC.002
[2008/06/24 16:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\..\All Users
[2011/04/23 16:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\..\Dan
[2008/07/02 15:43:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\..\Default User
[2011/05/22 13:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\..\Jim
[2011/05/22 12:26:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim\..\LocalService
[2011/05/22 12:26:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim\..\NetworkService

Have you created all those Administrator accounts?
You have two accounts beside that, Jim and Dan. Are both those used?


Step 1.
Make a backup:

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None -button at the top
  • Under the Custom Scan box paste this in

    XCOPY "%TEMP%\smtmp" ".\smtmp" /H /I /E /Y /C
    ATTRIB -H ".\smtmp" /C
    %TEMP%\smtmp\*. /S
    %TEMP%\smtmp\*.* /S
    .\SMTMP\*. /S
    .\SMTMP\*.* /S
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTL.Txt that's saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the content of that file and post it with your next reply.

A folder smtmp will be created on your desktop.
Zip that folder using this method

Attach smtmp.zip in your reply.


Step 2.
Bootcheck:

Please download BootCheck.exe to your desktop.
  • Double click BootCheck.exe to run the check
  • When complete, a Notepad window will open with some text in it
  • Save the Notepad file to your desktop as BootCheck.txt
  • Copy the contents of BootCheck.txt and post it in your next reply

Step 3.
TDSSKiller:

Let's make sure that you used the latest copy of TDSSKiller.
Delete your current copy of TDSSKiller.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4.
Things I would like to see in your reply:

  • Answers to the questions in the beginning of this post.
  • The content of OTL.txt from step 1.
  • The file smtmp.zip from step 1 attached.
  • The content of Bootcheck.txt from step 2.
  • The content of the log from TDSSkiller in step 3.

Edited by heir, 25 May 2011 - 08:54 AM.
added some custom scans

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#9 dschribs

dschribs
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 25 May 2011 - 08:43 AM

Hi heir:

Thanks for the quick response!!!!

In answer to your question: "Have you created all those Administrator accounts?
You have two accounts beside that, Jim and Dan. Are both those used?"


No. I have not created any administrator accounts that I know of other than Dan. That's me. This was my brother's computer (Jim) that he used for awhile before getting a Mac. That's why his name is on there I would think. The only one that is really used, I would think, is Dan. That's what the Welcome screen says and where I put my password.

I am in my office right now. When I get home tonight I will follow your instructions on the scans and post the requested information.

thanks!!!
Dan

#10 dschribs

dschribs
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 25 May 2011 - 08:46 AM

By the way, part of your instructions from today were to download OTL on my desk top. I already did that per your instructions from yesterday. It's still on my desktop.

Can I just use the version that is on my desk top from yesterday and proceed with your OTL instructions??

Thanks!

#11 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 25 May 2011 - 08:52 AM

Yes use the copy you have.
I'll edit my post.
I added a couple of custom scan entries as well.

Edited by heir, 25 May 2011 - 08:55 AM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#12 dschribs

dschribs
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 25 May 2011 - 05:17 PM

OTL logfile created on: 5/25/2011 6:05:42 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 207.04 Mb Available Physical Memory | 40.60% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.10% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 19.67 Gb Free Space | 52.85% Space Free | Partition Type: NTFS

Computer Name: 3049PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

========== LOP Check ==========

[2011/02/26 13:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/02/08 21:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2011/03/05 21:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/08/19 21:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/10/24 19:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/06 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GARMIN
[2010/10/24 19:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GetRightToGo
[2010/08/22 17:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech
[2011/02/08 21:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\MAGIX
[2010/10/17 21:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Softplicity
[2010/10/24 19:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Xilisoft

========== Purity Check ==========



========== Custom Scans ==========


< XCOPY "%TEMP%\smtmp" ".\smtmp" /H /I /E /Y /C >
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\desktop.ini
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\New Office Document.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Open Office Document.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Windows Catalog.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Windows Update.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Adobe Reader 9.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\desktop.ini
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Microsoft Excel (2).lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MSN.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\System Tools\Backup.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Administrative Tools\Local Security Policy.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\ArcSoft PhotoImpression 5\PhotoImpression 5.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\ArcSoft PhotoImpression 5\Registration.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Avira\AntiVir Desktop\AntiVir Help.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Avira\AntiVir Desktop\AntiVir on the Internet.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Avira\AntiVir Desktop\Display readme.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Avira\AntiVir Desktop\Start AntiVir.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Readme.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Uninstall.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Readme.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Uninstall.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Readme.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Uninstall.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\CameraWindow\RemoteCapture Task\RemoteCapture Task Uninstall.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\EOS Utility\EOS Utility Readme.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\EOS Utility\EOS Utility Uninstall.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\EOS Utility\EOS Utility.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Readme.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Uninstall.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Readme.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Uninstall.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\RAW Image Task\RAW Image Task Readme.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\RAW Image Task\Uninstall RAW Image Task.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Readme.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Uninstall.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Coupons\Coupons.com - Print Coupons.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\EPSON\EPSON Printer Software Uninstall.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\EPSON\EPSON Stylus CX6000 Series Buy Ink.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\EPSON\EPSON Stylus CX6000 Series Driver Update.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\EPSON\EPSON Stylus CX6000 Series Online Support.url
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\EPSON\CX6000 Series User's Guide\CX6000 Series User's Guide.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\EPSON\CX6000 Series User's Guide\Uninstall CX6000 Series User's Guide.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\EPSON Scan\EPSON Scan Settings.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\EPSON Scan\EPSON Scan.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\EPSON Scan\EPSON Stylus CX6000 Scanner Driver Update.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\desktop.ini
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\LightScribe Direct Disc Labeling\LightScribe Template Labeler.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Logitech\Mouse and Keyboard\Help Center.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Logitech\Mouse and Keyboard\Mouse and Keyboard Settings.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Logitech\Unifying\Logitech Unifying Software.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\MAGIX PhotoStory on CD & DVD 9.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\MAGIX Xtreme Print Studio.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Documentation\MAGIX PhotoStory on CD & DVD 9 Help.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Documentation\MAGIX PhotoStory on CD & DVD 9 Manual.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Documentation\MAGIX Xtreme Print Studio Help.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Order\Order.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\License Conditions.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\MAGIX Online Services.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Register Online.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Register.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Support.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Uninstall MAGIX PhotoStory on CD & DVD 9.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\MAGIX\MAGIX Screenshare\MAGIX Screenshare.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Microsoft Office Tools\Activate Product.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Microsoft Office Tools\Microsoft Office XP Language Settings.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Microsoft Office Tools\Save My Settings Wizard.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Startup\desktop.ini
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\1\Programs\Startup\Logitech SetPoint.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\2\desktop.ini
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\2\Show Desktop.scf
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\2\Windows Media Player.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\4\Adobe Reader 9.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\4\Avira AntiVir Control Center.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\4\CCleaner.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\4\EPSON Scan.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\4\iTunes.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\4\LightScribe.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\4\MAGIX PhotoStory on CD & DVD 9.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\4\Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\Jim\LOCALS~1\Temp\SMTMP\4\QuickTime Player.lnk
147 File(s) copied

< ATTRIB -H ".\smtmp" /C >

< %TEMP%\smtmp\*. /S >
[2011/05/22 12:19:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1
[2011/05/22 12:19:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\2
[2011/05/22 12:19:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\4
[2011/05/22 12:19:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs
[2011/05/22 12:18:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Accessories
[2011/05/22 12:18:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Administrative Tools
[2011/05/22 12:18:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\ArcSoft PhotoImpression 5
[2011/05/22 12:18:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Avira
[2011/05/22 12:18:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Canon Utilities
[2011/05/22 12:19:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Coupons
[2011/05/22 12:19:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\EPSON
[2011/05/22 12:19:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\EPSON Scan
[2011/05/22 12:19:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Games
[2011/05/22 12:19:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\iTunes
[2011/05/22 12:19:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling
[2011/05/22 12:19:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Logitech
[2011/05/22 12:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\MAGIX
[2011/05/22 12:19:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Microsoft Office Tools
[2011/05/22 12:19:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\QuickTime
[2011/05/22 12:19:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Startup
[2011/05/22 12:17:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Accessories\Accessibility
[2011/05/22 12:17:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Accessories\Communications
[2011/05/22 12:17:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Accessories\Entertainment
[2011/05/22 12:18:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Accessories\System Tools
[2011/05/22 12:18:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Avira\AntiVir Desktop
[2011/05/22 12:18:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow
[2011/05/22 12:18:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility
[2011/05/22 12:18:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task
[2011/05/22 12:18:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch
[2011/05/22 12:18:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task
[2011/05/22 12:18:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX
[2011/05/22 12:18:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC
[2011/05/22 12:18:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5
[2011/05/22 12:18:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6
[2011/05/22 12:18:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\RemoteCapture Task
[2011/05/22 12:19:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\EPSON\CX6000 Series User's Guide
[2011/05/22 12:19:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Logitech\Mouse and Keyboard
[2011/05/22 12:19:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Logitech\Unifying
[2011/05/22 12:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9
[2011/05/22 12:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\MAGIX\MAGIX Screenshare
[2011/05/22 12:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Documentation
[2011/05/22 12:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Order
[2011/05/22 12:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support

< %TEMP%\smtmp\*.* /S >
[2008/07/02 15:38:53 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\desktop.ini
[2010/08/20 21:03:08 | 000,001,992 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
[2010/08/20 21:03:08 | 000,002,002 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
[2008/07/02 15:38:53 | 000,001,563 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2008/06/24 16:51:27 | 000,000,398 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2008/06/24 16:51:27 | 000,001,507 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2010/11/10 22:43:53 | 000,001,804 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
[2010/10/24 19:52:14 | 000,001,830 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2008/06/24 16:49:53 | 000,000,150 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\desktop.ini
[2010/08/20 21:04:15 | 000,002,030 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Excel (2).lnk
[2008/06/24 16:47:56 | 000,001,986 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
[2008/06/24 16:48:19 | 000,000,609 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2008/06/24 16:49:53 | 000,000,786 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2010/08/22 12:06:27 | 000,001,498 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2010/11/21 21:24:22 | 000,000,255 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2010/10/01 20:38:32 | 000,001,515 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2008/07/02 15:38:45 | 000,001,585 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2010/11/21 21:24:22 | 000,000,710 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2008/06/24 16:48:19 | 000,000,879 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2008/06/24 16:48:19 | 000,001,520 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2008/06/24 16:48:19 | 000,000,090 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2008/07/02 15:40:32 | 000,000,516 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2008/06/24 16:48:19 | 000,000,786 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2008/06/24 16:46:47 | 000,001,757 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2008/06/24 16:49:44 | 000,001,640 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2008/06/24 16:46:47 | 000,001,646 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2008/07/02 15:40:32 | 000,001,656 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2008/06/24 16:48:19 | 000,000,146 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2008/06/24 16:48:19 | 000,001,528 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2008/06/24 16:48:19 | 000,001,528 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2008/06/24 16:51:27 | 000,001,532 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2008/06/24 16:48:19 | 000,001,521 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2008/06/24 16:51:27 | 000,000,757 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2008/06/24 16:49:50 | 000,001,532 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2008/06/24 16:49:48 | 000,001,572 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2010/08/18 19:46:08 | 000,001,591 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2008/06/24 16:49:50 | 000,001,753 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2008/06/24 16:49:48 | 000,001,070 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2008/06/24 16:49:49 | 000,001,616 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2008/06/24 16:48:02 | 000,001,582 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2008/06/24 16:51:27 | 000,001,602 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2008/06/24 16:51:27 | 000,001,596 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2008/06/24 16:51:27 | 000,000,545 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2008/06/24 16:51:27 | 000,001,592 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2008/06/24 16:51:27 | 000,001,590 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2008/06/24 16:51:27 | 000,001,591 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2008/06/24 16:51:27 | 000,001,602 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2010/08/22 17:39:18 | 000,001,720 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoImpression 5\PhotoImpression 5.lnk
[2010/08/22 17:39:20 | 000,001,943 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoImpression 5\Registration.lnk
[2010/08/19 20:52:35 | 000,001,702 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\AntiVir Help.lnk
[2010/08/19 20:52:35 | 000,001,718 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\AntiVir on the Internet.lnk
[2010/08/19 20:52:35 | 000,000,847 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\Display readme.lnk
[2010/08/19 20:52:35 | 000,001,725 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\Start AntiVir.lnk
[2010/08/22 17:44:36 | 000,000,957 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Readme.lnk
[2010/08/22 17:44:36 | 000,001,006 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Uninstall.lnk
[2010/08/22 17:44:36 | 000,001,009 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow.lnk
[2010/08/22 17:44:48 | 000,000,964 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Readme.lnk
[2010/08/22 17:44:48 | 000,001,008 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Uninstall.lnk
[2010/08/22 17:44:41 | 000,000,971 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Readme.lnk
[2010/08/22 17:44:41 | 000,001,010 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Uninstall.lnk
[2010/08/22 17:44:41 | 000,001,013 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow.lnk
[2010/08/22 17:44:44 | 000,001,018 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\RemoteCapture Task\RemoteCapture Task Uninstall.lnk
[2010/08/22 17:45:00 | 000,000,723 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility Readme.lnk
[2010/08/22 17:45:00 | 000,000,968 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility Uninstall.lnk
[2010/08/22 17:45:00 | 000,000,750 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility.lnk
[2010/08/22 17:44:52 | 000,000,931 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Readme.lnk
[2010/08/22 17:44:52 | 000,001,088 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Uninstall.lnk
[2010/08/22 17:44:57 | 000,000,793 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Readme.lnk
[2010/08/22 17:44:57 | 000,000,968 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Uninstall.lnk
[2010/08/22 17:44:57 | 000,000,815 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch.lnk
[2010/08/22 17:44:50 | 000,000,856 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task\RAW Image Task Readme.lnk
[2010/08/22 17:44:50 | 000,000,974 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task\Uninstall RAW Image Task.lnk
[2010/08/22 17:44:29 | 000,000,914 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Readme.lnk
[2010/08/22 17:44:29 | 000,000,990 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Uninstall.lnk
[2010/08/22 17:44:29 | 000,000,941 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX.lnk
[2011/04/23 11:54:35 | 000,001,572 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Coupons\Coupons.com - Print Coupons.lnk
[2011/04/23 11:54:36 | 000,001,724 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk
[2010/08/22 17:33:45 | 000,000,670 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scan\EPSON Scan Settings.lnk
[2010/08/22 17:33:45 | 000,000,677 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scan\EPSON Scan.lnk
[2010/08/22 17:33:56 | 000,001,713 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scan\EPSON Stylus CX6000 Scanner Driver Update.lnk
[2010/08/22 17:37:46 | 000,001,731 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Printer Software Uninstall.lnk
[2010/08/22 17:37:46 | 000,001,858 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Stylus CX6000 Series Buy Ink.lnk
[2010/08/22 17:37:46 | 000,001,821 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Stylus CX6000 Series Driver Update.lnk
[2010/08/22 17:34:21 | 000,000,160 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Stylus CX6000 Series Online Support.url
[2010/08/22 17:39:36 | 000,000,827 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\EPSON\CX6000 Series User's Guide\CX6000 Series User's Guide.lnk
[2010/08/22 17:39:36 | 000,000,871 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\EPSON\CX6000 Series User's Guide\Uninstall CX6000 Series User's Guide.lnk
[2008/06/24 16:48:19 | 000,000,798 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Games\desktop.ini
[2008/06/24 16:48:19 | 000,001,522 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2008/06/24 16:48:19 | 000,001,520 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2008/06/24 16:48:19 | 000,000,913 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2008/06/24 16:48:19 | 000,000,913 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2008/06/24 16:48:19 | 000,000,913 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2008/06/24 16:48:19 | 000,000,913 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2008/06/24 16:48:19 | 000,000,913 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2008/06/24 16:48:19 | 000,001,515 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2008/06/24 16:48:19 | 000,000,885 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2008/06/24 16:48:19 | 000,001,491 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2008/06/24 16:48:19 | 000,001,502 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2010/10/24 19:56:16 | 000,001,814 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2010/10/24 19:56:16 | 000,001,804 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2011/02/26 13:16:53 | 000,001,790 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk
[2011/02/26 13:16:54 | 000,001,851 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk
[2011/02/26 13:18:04 | 000,001,785 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Template Labeler.lnk
[2011/02/26 13:16:54 | 000,001,969 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk
[2011/02/26 13:16:53 | 000,001,882 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk
[2011/01/09 17:54:52 | 000,001,693 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Mouse and Keyboard\Help Center.lnk
[2011/01/09 17:54:52 | 000,001,699 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Mouse and Keyboard\Mouse and Keyboard Settings.lnk
[2011/01/09 17:57:06 | 000,000,946 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Unifying\Logitech Unifying Software.lnk
[2011/02/08 21:24:50 | 000,000,771 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\MAGIX PhotoStory on CD & DVD 9.lnk
[2011/02/08 21:24:50 | 000,000,896 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\MAGIX Xtreme Print Studio.lnk
[2011/02/08 21:24:50 | 000,000,777 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Documentation\MAGIX PhotoStory on CD & DVD 9 Help.lnk
[2011/02/08 21:24:50 | 000,000,784 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Documentation\MAGIX PhotoStory on CD & DVD 9 Manual.lnk
[2011/02/08 21:24:50 | 000,001,059 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Documentation\MAGIX Xtreme Print Studio Help.lnk
[2011/02/08 21:24:50 | 000,000,777 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Order\Order.lnk
[2011/02/08 21:24:51 | 000,000,789 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\License Conditions.lnk
[2011/02/08 21:24:50 | 000,000,957 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\MAGIX Online Services.lnk
[2011/02/08 21:24:51 | 000,001,109 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Register Online.lnk
[2011/02/08 21:24:51 | 000,000,796 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Register.lnk
[2011/02/08 21:24:51 | 000,000,789 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Support.lnk
[2011/02/08 21:24:51 | 000,000,906 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Uninstall MAGIX PhotoStory on CD & DVD 9.lnk
[2011/02/08 21:20:16 | 000,000,750 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\MAGIX\MAGIX Screenshare\MAGIX Screenshare.lnk
[2010/08/20 21:03:08 | 000,001,834 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Activate Product.lnk
[2010/08/20 21:03:08 | 000,001,988 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2010/08/20 21:03:08 | 000,001,876 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
[2010/08/20 21:03:08 | 000,002,138 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
[2010/08/20 21:03:08 | 000,002,090 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
[2010/08/20 21:03:08 | 000,001,902 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office XP Language Settings.lnk
[2010/08/20 21:03:08 | 000,001,908 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Save My Settings Wizard.lnk
[2010/10/24 19:53:18 | 000,001,802 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2010/10/24 19:53:18 | 000,001,812 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2011/02/11 21:08:45 | 000,002,199 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2010/10/24 19:53:18 | 000,001,639 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2008/06/24 16:51:27 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\1\Programs\Startup\desktop.ini
[2011/01/09 17:54:52 | 000,001,687 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\1\Programs\Startup\Logitech SetPoint.lnk
[2008/07/02 15:43:40 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\Temp\smtmp\2\desktop.ini
[2010/08/19 21:19:44 | 000,000,815 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2008/06/24 16:56:18 | 000,000,079 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2010/08/27 19:42:50 | 000,000,804 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2010/11/10 22:43:55 | 000,001,729 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\4\Adobe Reader 9.lnk
[2010/08/19 20:52:35 | 000,001,707 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\4\Avira AntiVir Control Center.lnk
[2010/12/17 22:47:32 | 000,000,682 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\4\CCleaner.lnk
[2010/08/22 17:33:45 | 000,000,665 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\4\EPSON Scan.lnk
[2011/05/08 20:21:54 | 000,002,137 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\4\iTunes.lnk
[2011/02/26 13:16:53 | 000,001,774 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\4\LightScribe.lnk
[2011/02/08 21:24:50 | 000,000,753 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\4\MAGIX PhotoStory on CD & DVD 9.lnk
[2010/08/20 21:07:48 | 000,000,696 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
[2010/10/24 19:53:18 | 000,001,604 | -H-- | M] () -- C:\DOCUME~1\Jim\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk

< .\SMTMP\*. /S >
[2011/05/25 18:05:44 | 000,000,000 | -H-D | M] -- .\SMTMP\1
[2011/05/25 18:05:50 | 000,000,000 | -H-D | M] -- .\SMTMP\2
[2011/05/25 18:05:50 | 000,000,000 | -H-D | M] -- .\SMTMP\4
[2011/05/25 18:05:49 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs
[2011/05/25 18:05:45 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Accessories
[2011/05/25 18:05:45 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Administrative Tools
[2011/05/25 18:05:45 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\ArcSoft PhotoImpression 5
[2011/05/25 18:05:45 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Avira
[2011/05/25 18:05:46 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Canon Utilities
[2011/05/25 18:05:46 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Coupons
[2011/05/25 18:05:47 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\EPSON
[2011/05/25 18:05:47 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\EPSON Scan
[2011/05/25 18:05:47 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Games
[2011/05/25 18:05:47 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\iTunes
[2011/05/25 18:05:48 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\LightScribe Direct Disc Labeling
[2011/05/25 18:05:48 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Logitech
[2011/05/25 18:05:48 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\MAGIX
[2011/05/25 18:05:49 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Microsoft Office Tools
[2011/05/25 18:05:49 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\QuickTime
[2011/05/25 18:05:49 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Startup
[2011/05/25 18:05:45 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Accessories\Accessibility
[2011/05/25 18:05:45 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Accessories\Communications
[2011/05/25 18:05:45 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Accessories\Entertainment
[2011/05/25 18:05:45 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Accessories\System Tools
[2011/05/25 18:05:45 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Avira\AntiVir Desktop
[2011/05/25 18:05:46 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow
[2011/05/25 18:05:46 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Canon Utilities\EOS Utility
[2011/05/25 18:05:46 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Canon Utilities\MovieEdit Task
[2011/05/25 18:05:46 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Canon Utilities\PhotoStitch
[2011/05/25 18:05:46 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Canon Utilities\RAW Image Task
[2011/05/25 18:05:46 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Canon Utilities\ZoomBrowser EX
[2011/05/25 18:05:45 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC
[2011/05/25 18:05:46 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5
[2011/05/25 18:05:46 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6
[2011/05/25 18:05:46 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\RemoteCapture Task
[2011/05/25 18:05:47 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\EPSON\CX6000 Series User's Guide
[2011/05/25 18:05:48 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Logitech\Mouse and Keyboard
[2011/05/25 18:05:48 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\Logitech\Unifying
[2011/05/25 18:05:48 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9
[2011/05/25 18:05:48 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\MAGIX\MAGIX Screenshare
[2011/05/25 18:05:48 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Documentation
[2011/05/25 18:05:48 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Order
[2011/05/25 18:05:48 | 000,000,000 | -H-D | M] -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support

< .\SMTMP\*.* /S >
[2008/07/02 15:38:53 | 000,000,272 | -HS- | M] () -- .\SMTMP\1\desktop.ini
[2010/08/20 21:03:08 | 000,001,992 | -H-- | M] () -- .\SMTMP\1\New Office Document.lnk
[2010/08/20 21:03:08 | 000,002,002 | -H-- | M] () -- .\SMTMP\1\Open Office Document.lnk
[2008/07/02 15:38:53 | 000,001,563 | -H-- | M] () -- .\SMTMP\1\Set Program Access and Defaults.lnk
[2008/06/24 16:51:27 | 000,000,398 | -H-- | M] () -- .\SMTMP\1\Windows Catalog.lnk
[2008/06/24 16:51:27 | 000,001,507 | -H-- | M] () -- .\SMTMP\1\Windows Update.lnk
[2010/11/10 22:43:53 | 000,001,804 | -H-- | M] () -- .\SMTMP\1\Programs\Adobe Reader 9.lnk
[2010/10/24 19:52:14 | 000,001,830 | -H-- | M] () -- .\SMTMP\1\Programs\Apple Software Update.lnk
[2008/06/24 16:49:53 | 000,000,150 | -HS- | M] () -- .\SMTMP\1\Programs\desktop.ini
[2010/08/20 21:04:15 | 000,002,030 | -H-- | M] () -- .\SMTMP\1\Programs\Microsoft Excel (2).lnk
[2008/06/24 16:47:56 | 000,001,986 | -H-- | M] () -- .\SMTMP\1\Programs\MSN.lnk
[2008/06/24 16:48:19 | 000,000,609 | -H-- | M] () -- .\SMTMP\1\Programs\Windows Messenger.lnk
[2008/06/24 16:49:53 | 000,000,786 | -H-- | M] () -- .\SMTMP\1\Programs\Windows Movie Maker.lnk
[2010/08/22 12:06:27 | 000,001,498 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Calculator.lnk
[2010/11/21 21:24:22 | 000,000,255 | -HS- | M] () -- .\SMTMP\1\Programs\Accessories\desktop.ini
[2010/10/01 20:38:32 | 000,001,515 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Paint.lnk
[2008/07/02 15:38:45 | 000,001,585 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Remote Desktop Connection.lnk
[2010/11/21 21:24:22 | 000,000,710 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2008/06/24 16:48:19 | 000,000,879 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\WordPad.lnk
[2008/06/24 16:48:19 | 000,001,520 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2008/06/24 16:48:19 | 000,000,090 | -HS- | M] () -- .\SMTMP\1\Programs\Accessories\Accessibility\desktop.ini
[2008/07/02 15:40:32 | 000,000,516 | -HS- | M] () -- .\SMTMP\1\Programs\Accessories\Communications\desktop.ini
[2008/06/24 16:48:19 | 000,000,786 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2008/06/24 16:46:47 | 000,001,757 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Communications\Network Connections.lnk
[2008/06/24 16:49:44 | 000,001,640 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2008/06/24 16:46:47 | 000,001,646 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2008/07/02 15:40:32 | 000,001,656 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2008/06/24 16:48:19 | 000,000,146 | -HS- | M] () -- .\SMTMP\1\Programs\Accessories\Entertainment\desktop.ini
[2008/06/24 16:48:19 | 000,001,528 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2008/06/24 16:48:19 | 000,001,528 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2008/06/24 16:51:27 | 000,001,532 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\System Tools\Backup.lnk
[2008/06/24 16:48:19 | 000,001,521 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\System Tools\Character Map.lnk
[2008/06/24 16:51:27 | 000,000,757 | -HS- | M] () -- .\SMTMP\1\Programs\Accessories\System Tools\desktop.ini
[2008/06/24 16:49:50 | 000,001,532 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2008/06/24 16:49:48 | 000,001,572 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2010/08/18 19:46:08 | 000,001,591 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2008/06/24 16:49:50 | 000,001,753 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2008/06/24 16:49:48 | 000,001,070 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\System Tools\System Information.lnk
[2008/06/24 16:49:49 | 000,001,616 | -H-- | M] () -- .\SMTMP\1\Programs\Accessories\System Tools\System Restore.lnk
[2008/06/24 16:48:02 | 000,001,582 | -H-- | M] () -- .\SMTMP\1\Programs\Administrative Tools\Component Services.lnk
[2008/06/24 16:51:27 | 000,001,602 | -H-- | M] () -- .\SMTMP\1\Programs\Administrative Tools\Computer Management.lnk
[2008/06/24 16:51:27 | 000,001,596 | -H-- | M] () -- .\SMTMP\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2008/06/24 16:51:27 | 000,000,545 | -HS- | M] () -- .\SMTMP\1\Programs\Administrative Tools\desktop.ini
[2008/06/24 16:51:27 | 000,001,592 | -H-- | M] () -- .\SMTMP\1\Programs\Administrative Tools\Event Viewer.lnk
[2008/06/24 16:51:27 | 000,001,590 | -H-- | M] () -- .\SMTMP\1\Programs\Administrative Tools\Local Security Policy.lnk
[2008/06/24 16:51:27 | 000,001,591 | -H-- | M] () -- .\SMTMP\1\Programs\Administrative Tools\Performance.lnk
[2008/06/24 16:51:27 | 000,001,602 | -H-- | M] () -- .\SMTMP\1\Programs\Administrative Tools\Services.lnk
[2010/08/22 17:39:18 | 000,001,720 | -H-- | M] () -- .\SMTMP\1\Programs\ArcSoft PhotoImpression 5\PhotoImpression 5.lnk
[2010/08/22 17:39:20 | 000,001,943 | -H-- | M] () -- .\SMTMP\1\Programs\ArcSoft PhotoImpression 5\Registration.lnk
[2010/08/19 20:52:35 | 000,001,702 | -H-- | M] () -- .\SMTMP\1\Programs\Avira\AntiVir Desktop\AntiVir Help.lnk
[2010/08/19 20:52:35 | 000,001,718 | -H-- | M] () -- .\SMTMP\1\Programs\Avira\AntiVir Desktop\AntiVir on the Internet.lnk
[2010/08/19 20:52:35 | 000,000,847 | -H-- | M] () -- .\SMTMP\1\Programs\Avira\AntiVir Desktop\Display readme.lnk
[2010/08/19 20:52:35 | 000,001,725 | -H-- | M] () -- .\SMTMP\1\Programs\Avira\AntiVir Desktop\Start AntiVir.lnk
[2010/08/22 17:44:36 | 000,000,957 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Readme.lnk
[2010/08/22 17:44:36 | 000,001,006 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Uninstall.lnk
[2010/08/22 17:44:36 | 000,001,009 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow.lnk
[2010/08/22 17:44:48 | 000,000,964 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Readme.lnk
[2010/08/22 17:44:48 | 000,001,008 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5\CameraWindow DC_DV 5 Uninstall.lnk
[2010/08/22 17:44:41 | 000,000,971 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Readme.lnk
[2010/08/22 17:44:41 | 000,001,010 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Uninstall.lnk
[2010/08/22 17:44:41 | 000,001,013 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow.lnk
[2010/08/22 17:44:44 | 000,001,018 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\CameraWindow\RemoteCapture Task\RemoteCapture Task Uninstall.lnk
[2010/08/22 17:45:00 | 000,000,723 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\EOS Utility\EOS Utility Readme.lnk
[2010/08/22 17:45:00 | 000,000,968 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\EOS Utility\EOS Utility Uninstall.lnk
[2010/08/22 17:45:00 | 000,000,750 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\EOS Utility\EOS Utility.lnk
[2010/08/22 17:44:52 | 000,000,931 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Readme.lnk
[2010/08/22 17:44:52 | 000,001,088 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Uninstall.lnk
[2010/08/22 17:44:57 | 000,000,793 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Readme.lnk
[2010/08/22 17:44:57 | 000,000,968 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Uninstall.lnk
[2010/08/22 17:44:57 | 000,000,815 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch.lnk
[2010/08/22 17:44:50 | 000,000,856 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\RAW Image Task\RAW Image Task Readme.lnk
[2010/08/22 17:44:50 | 000,000,974 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\RAW Image Task\Uninstall RAW Image Task.lnk
[2010/08/22 17:44:29 | 000,000,914 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Readme.lnk
[2010/08/22 17:44:29 | 000,000,990 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Uninstall.lnk
[2010/08/22 17:44:29 | 000,000,941 | -H-- | M] () -- .\SMTMP\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX.lnk
[2011/04/23 11:54:35 | 000,001,572 | -H-- | M] () -- .\SMTMP\1\Programs\Coupons\Coupons.com - Print Coupons.lnk
[2011/04/23 11:54:36 | 000,001,724 | -H-- | M] () -- .\SMTMP\1\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk
[2010/08/22 17:33:45 | 000,000,670 | -H-- | M] () -- .\SMTMP\1\Programs\EPSON Scan\EPSON Scan Settings.lnk
[2010/08/22 17:33:45 | 000,000,677 | -H-- | M] () -- .\SMTMP\1\Programs\EPSON Scan\EPSON Scan.lnk
[2010/08/22 17:33:56 | 000,001,713 | -H-- | M] () -- .\SMTMP\1\Programs\EPSON Scan\EPSON Stylus CX6000 Scanner Driver Update.lnk
[2010/08/22 17:37:46 | 000,001,731 | -H-- | M] () -- .\SMTMP\1\Programs\EPSON\EPSON Printer Software Uninstall.lnk
[2010/08/22 17:37:46 | 000,001,858 | -H-- | M] () -- .\SMTMP\1\Programs\EPSON\EPSON Stylus CX6000 Series Buy Ink.lnk
[2010/08/22 17:37:46 | 000,001,821 | -H-- | M] () -- .\SMTMP\1\Programs\EPSON\EPSON Stylus CX6000 Series Driver Update.lnk
[2010/08/22 17:34:21 | 000,000,160 | -H-- | M] () -- .\SMTMP\1\Programs\EPSON\EPSON Stylus CX6000 Series Online Support.url
[2010/08/22 17:39:36 | 000,000,827 | -H-- | M] () -- .\SMTMP\1\Programs\EPSON\CX6000 Series User's Guide\CX6000 Series User's Guide.lnk
[2010/08/22 17:39:36 | 000,000,871 | -H-- | M] () -- .\SMTMP\1\Programs\EPSON\CX6000 Series User's Guide\Uninstall CX6000 Series User's Guide.lnk
[2008/06/24 16:48:19 | 000,000,798 | -HS- | M] () -- .\SMTMP\1\Programs\Games\desktop.ini
[2008/06/24 16:48:19 | 000,001,522 | -H-- | M] () -- .\SMTMP\1\Programs\Games\Freecell.lnk
[2008/06/24 16:48:19 | 000,001,520 | -H-- | M] () -- .\SMTMP\1\Programs\Games\Hearts.lnk
[2008/06/24 16:48:19 | 000,000,913 | -H-- | M] () -- .\SMTMP\1\Programs\Games\Internet Backgammon.lnk
[2008/06/24 16:48:19 | 000,000,913 | -H-- | M] () -- .\SMTMP\1\Programs\Games\Internet Checkers.lnk
[2008/06/24 16:48:19 | 000,000,913 | -H-- | M] () -- .\SMTMP\1\Programs\Games\Internet Hearts.lnk
[2008/06/24 16:48:19 | 000,000,913 | -H-- | M] () -- .\SMTMP\1\Programs\Games\Internet Reversi.lnk
[2008/06/24 16:48:19 | 000,000,913 | -H-- | M] () -- .\SMTMP\1\Programs\Games\Internet Spades.lnk
[2008/06/24 16:48:19 | 000,001,515 | -H-- | M] () -- .\SMTMP\1\Programs\Games\Minesweeper.lnk
[2008/06/24 16:48:19 | 000,000,885 | -H-- | M] () -- .\SMTMP\1\Programs\Games\Pinball.lnk
[2008/06/24 16:48:19 | 000,001,491 | -H-- | M] () -- .\SMTMP\1\Programs\Games\Solitaire.lnk
[2008/06/24 16:48:19 | 000,001,502 | -H-- | M] () -- .\SMTMP\1\Programs\Games\Spider Solitaire.lnk
[2010/10/24 19:56:16 | 000,001,814 | -H-- | M] () -- .\SMTMP\1\Programs\iTunes\About iTunes.lnk
[2010/10/24 19:56:16 | 000,001,804 | -H-- | M] () -- .\SMTMP\1\Programs\iTunes\iTunes.lnk
[2011/02/26 13:16:53 | 000,001,790 | -H-- | M] () -- .\SMTMP\1\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk
[2011/02/26 13:16:54 | 000,001,851 | -H-- | M] () -- .\SMTMP\1\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk
[2011/02/26 13:18:04 | 000,001,785 | -H-- | M] () -- .\SMTMP\1\Programs\LightScribe Direct Disc Labeling\LightScribe Template Labeler.lnk
[2011/02/26 13:16:54 | 000,001,969 | -H-- | M] () -- .\SMTMP\1\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk
[2011/02/26 13:16:53 | 000,001,882 | -H-- | M] () -- .\SMTMP\1\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk
[2011/01/09 17:54:52 | 000,001,693 | -H-- | M] () -- .\SMTMP\1\Programs\Logitech\Mouse and Keyboard\Help Center.lnk
[2011/01/09 17:54:52 | 000,001,699 | -H-- | M] () -- .\SMTMP\1\Programs\Logitech\Mouse and Keyboard\Mouse and Keyboard Settings.lnk
[2011/01/09 17:57:06 | 000,000,946 | -H-- | M] () -- .\SMTMP\1\Programs\Logitech\Unifying\Logitech Unifying Software.lnk
[2011/02/08 21:24:50 | 000,000,771 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\MAGIX PhotoStory on CD & DVD 9.lnk
[2011/02/08 21:24:50 | 000,000,896 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\MAGIX Xtreme Print Studio.lnk
[2011/02/08 21:24:50 | 000,000,777 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Documentation\MAGIX PhotoStory on CD & DVD 9 Help.lnk
[2011/02/08 21:24:50 | 000,000,784 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Documentation\MAGIX PhotoStory on CD & DVD 9 Manual.lnk
[2011/02/08 21:24:50 | 000,001,059 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Documentation\MAGIX Xtreme Print Studio Help.lnk
[2011/02/08 21:24:50 | 000,000,777 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Order\Order.lnk
[2011/02/08 21:24:51 | 000,000,789 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\License Conditions.lnk
[2011/02/08 21:24:50 | 000,000,957 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\MAGIX Online Services.lnk
[2011/02/08 21:24:51 | 000,001,109 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Register Online.lnk
[2011/02/08 21:24:51 | 000,000,796 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Register.lnk
[2011/02/08 21:24:51 | 000,000,789 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Support.lnk
[2011/02/08 21:24:51 | 000,000,906 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX PhotoStory on CD & DVD 9\Service and Support\Uninstall MAGIX PhotoStory on CD & DVD 9.lnk
[2011/02/08 21:20:16 | 000,000,750 | -H-- | M] () -- .\SMTMP\1\Programs\MAGIX\MAGIX Screenshare\MAGIX Screenshare.lnk
[2010/08/20 21:03:08 | 000,001,834 | -H-- | M] () -- .\SMTMP\1\Programs\Microsoft Office Tools\Activate Product.lnk
[2010/08/20 21:03:08 | 000,001,988 | -H-- | M] () -- .\SMTMP\1\Programs\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2010/08/20 21:03:08 | 000,001,876 | -H-- | M] () -- .\SMTMP\1\Programs\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
[2010/08/20 21:03:08 | 000,002,138 | -H-- | M] () -- .\SMTMP\1\Programs\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
[2010/08/20 21:03:08 | 000,002,090 | -H-- | M] () -- .\SMTMP\1\Programs\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
[2010/08/20 21:03:08 | 000,001,902 | -H-- | M] () -- .\SMTMP\1\Programs\Microsoft Office Tools\Microsoft Office XP Language Settings.lnk
[2010/08/20 21:03:08 | 000,001,908 | -H-- | M] () -- .\SMTMP\1\Programs\Microsoft Office Tools\Save My Settings Wizard.lnk
[2010/10/24 19:53:18 | 000,001,802 | -H-- | M] () -- .\SMTMP\1\Programs\QuickTime\About QuickTime.lnk
[2010/10/24 19:53:18 | 000,001,812 | -H-- | M] () -- .\SMTMP\1\Programs\QuickTime\PictureViewer.lnk
[2011/02/11 21:08:45 | 000,002,199 | -H-- | M] () -- .\SMTMP\1\Programs\QuickTime\QuickTime Player.lnk
[2010/10/24 19:53:18 | 000,001,639 | -H-- | M] () -- .\SMTMP\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2008/06/24 16:51:27 | 000,000,084 | -HS- | M] () -- .\SMTMP\1\Programs\Startup\desktop.ini
[2011/01/09 17:54:52 | 000,001,687 | -H-- | M] () -- .\SMTMP\1\Programs\Startup\Logitech SetPoint.lnk
[2008/07/02 15:43:40 | 000,000,119 | -HS- | M] () -- .\SMTMP\2\desktop.ini
[2010/08/19 21:19:44 | 000,000,815 | -H-- | M] () -- .\SMTMP\2\Launch Internet Explorer Browser.lnk
[2008/06/24 16:56:18 | 000,000,079 | -H-- | M] () -- .\SMTMP\2\Show Desktop.scf
[2010/08/27 19:42:50 | 000,000,804 | -H-- | M] () -- .\SMTMP\2\Windows Media Player.lnk
[2010/11/10 22:43:55 | 000,001,729 | -H-- | M] () -- .\SMTMP\4\Adobe Reader 9.lnk
[2010/08/19 20:52:35 | 000,001,707 | -H-- | M] () -- .\SMTMP\4\Avira AntiVir Control Center.lnk
[2010/12/17 22:47:32 | 000,000,682 | -H-- | M] () -- .\SMTMP\4\CCleaner.lnk
[2010/08/22 17:33:45 | 000,000,665 | -H-- | M] () -- .\SMTMP\4\EPSON Scan.lnk
[2011/05/08 20:21:54 | 000,002,137 | -H-- | M] () -- .\SMTMP\4\iTunes.lnk
[2011/02/26 13:16:53 | 000,001,774 | -H-- | M] () -- .\SMTMP\4\LightScribe.lnk
[2011/02/08 21:24:50 | 000,000,753 | -H-- | M] () -- .\SMTMP\4\MAGIX PhotoStory on CD & DVD 9.lnk
[2010/08/20 21:07:48 | 000,000,696 | -H-- | M] () -- .\SMTMP\4\Malwarebytes' Anti-Malware.lnk
[2010/10/24 19:53:18 | 000,001,604 | -H-- | M] () -- .\SMTMP\4\QuickTime Player.lnk

< >

< >

< >

< End of report >

Attached Files



#13 dschribs

dschribs
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 25 May 2011 - 05:19 PM

Here's the Bootcheck log:

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !

Contents of C:\boot.ini:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

#14 dschribs

dschribs
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 25 May 2011 - 05:24 PM

2011/05/25 18:10:09.0546 1748 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/25 18:10:09.0843 1748 ================================================================================
2011/05/25 18:10:09.0843 1748 SystemInfo:
2011/05/25 18:10:09.0843 1748
2011/05/25 18:10:09.0843 1748 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/25 18:10:09.0843 1748 Product type: Workstation
2011/05/25 18:10:09.0843 1748 ComputerName: 3049PC
2011/05/25 18:10:09.0843 1748 UserName: Jim
2011/05/25 18:10:09.0843 1748 Windows directory: C:\WINDOWS
2011/05/25 18:10:09.0843 1748 System windows directory: C:\WINDOWS
2011/05/25 18:10:09.0843 1748 Processor architecture: Intel x86
2011/05/25 18:10:09.0843 1748 Number of processors: 1
2011/05/25 18:10:09.0843 1748 Page size: 0x1000
2011/05/25 18:10:09.0843 1748 Boot type: Normal boot
2011/05/25 18:10:09.0843 1748 ================================================================================
2011/05/25 18:10:11.0078 1748 Initialize success
2011/05/25 18:10:19.0703 0972 ================================================================================
2011/05/25 18:10:19.0703 0972 Scan started
2011/05/25 18:10:19.0703 0972 Mode: Manual;
2011/05/25 18:10:19.0703 0972 ================================================================================
2011/05/25 18:10:21.0109 0972 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/25 18:10:21.0312 0972 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/25 18:10:21.0703 0972 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/25 18:10:21.0953 0972 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/25 18:10:22.0218 0972 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/05/25 18:10:22.0468 0972 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/05/25 18:10:22.0687 0972 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/25 18:10:24.0468 0972 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/25 18:10:24.0765 0972 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/25 18:10:25.0218 0972 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/25 18:10:25.0468 0972 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/25 18:10:25.0562 0972 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/25 18:10:25.0843 0972 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/25 18:10:26.0109 0972 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/25 18:10:26.0375 0972 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/25 18:10:26.0609 0972 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/25 18:10:27.0015 0972 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/25 18:10:27.0250 0972 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/25 18:10:27.0468 0972 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/25 18:10:27.0703 0972 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/05/25 18:10:28.0828 0972 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/25 18:10:29.0265 0972 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/25 18:10:29.0765 0972 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/25 18:10:30.0062 0972 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/25 18:10:30.0281 0972 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/25 18:10:30.0703 0972 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/25 18:10:30.0968 0972 E1000 (a8b3ec8ee13cbe14f067c72110155a1b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/05/25 18:10:31.0312 0972 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/25 18:10:31.0593 0972 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/25 18:10:31.0843 0972 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/25 18:10:32.0093 0972 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/25 18:10:32.0343 0972 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/25 18:10:32.0609 0972 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/25 18:10:32.0875 0972 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/25 18:10:33.0140 0972 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/25 18:10:33.0375 0972 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/25 18:10:33.0640 0972 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/25 18:10:34.0093 0972 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/25 18:10:34.0656 0972 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/25 18:10:35.0250 0972 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/25 18:10:35.0890 0972 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/25 18:10:36.0312 0972 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/25 18:10:36.0531 0972 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/25 18:10:36.0781 0972 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/25 18:10:37.0015 0972 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/25 18:10:37.0281 0972 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/25 18:10:37.0500 0972 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/25 18:10:37.0734 0972 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/25 18:10:37.0984 0972 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/25 18:10:38.0218 0972 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/25 18:10:38.0421 0972 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/25 18:10:38.0687 0972 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/25 18:10:39.0000 0972 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/25 18:10:39.0203 0972 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/05/25 18:10:39.0609 0972 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/05/25 18:10:39.0906 0972 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/05/25 18:10:40.0171 0972 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/05/25 18:10:40.0406 0972 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/25 18:10:40.0640 0972 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/25 18:10:40.0890 0972 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/25 18:10:41.0093 0972 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/25 18:10:41.0312 0972 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/25 18:10:41.0734 0972 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/25 18:10:42.0156 0972 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/25 18:10:42.0437 0972 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/25 18:10:42.0656 0972 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/25 18:10:42.0937 0972 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/25 18:10:43.0140 0972 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/25 18:10:43.0359 0972 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/25 18:10:43.0609 0972 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/25 18:10:43.0906 0972 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/25 18:10:44.0203 0972 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/25 18:10:44.0437 0972 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/25 18:10:44.0687 0972 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/25 18:10:44.0953 0972 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/25 18:10:45.0171 0972 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/25 18:10:45.0421 0972 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/25 18:10:45.0734 0972 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/25 18:10:46.0109 0972 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/25 18:10:46.0500 0972 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/25 18:10:47.0234 0972 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/25 18:10:48.0109 0972 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/25 18:10:48.0343 0972 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/25 18:10:48.0593 0972 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/25 18:10:48.0828 0972 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/25 18:10:49.0046 0972 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/25 18:10:49.0281 0972 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/25 18:10:49.0671 0972 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/25 18:10:49.0937 0972 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/25 18:10:51.0265 0972 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/25 18:10:51.0515 0972 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/25 18:10:51.0734 0972 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/25 18:10:52.0781 0972 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/25 18:10:53.0046 0972 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/25 18:10:53.0296 0972 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/25 18:10:53.0531 0972 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/25 18:10:53.0796 0972 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/25 18:10:54.0046 0972 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/25 18:10:54.0312 0972 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/25 18:10:54.0625 0972 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/25 18:10:54.0921 0972 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/25 18:10:55.0062 0972 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/25 18:10:55.0187 0972 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/25 18:10:55.0437 0972 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/25 18:10:55.0671 0972 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/25 18:10:55.0921 0972 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/25 18:10:56.0171 0972 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/25 18:10:56.0718 0972 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/25 18:10:57.0156 0972 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/25 18:10:57.0406 0972 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/25 18:10:57.0750 0972 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/25 18:10:58.0031 0972 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/25 18:10:58.0250 0972 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/25 18:10:58.0468 0972 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/25 18:10:59.0406 0972 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/25 18:10:59.0750 0972 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/25 18:11:00.0015 0972 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/25 18:11:00.0250 0972 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/25 18:11:00.0468 0972 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/25 18:11:00.0937 0972 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/25 18:11:01.0421 0972 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/25 18:11:01.0796 0972 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/25 18:11:02.0062 0972 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/25 18:11:02.0296 0972 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/25 18:11:02.0531 0972 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/25 18:11:02.0859 0972 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/25 18:11:03.0093 0972 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/25 18:11:03.0343 0972 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/25 18:11:03.0562 0972 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/25 18:11:03.0781 0972 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/25 18:11:04.0203 0972 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/25 18:11:04.0218 0972 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/25 18:11:04.0234 0972 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/25 18:11:04.0468 0972 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/25 18:11:04.0843 0972 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/25 18:11:05.0453 0972 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/25 18:11:05.0609 0972 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/25 18:11:05.0812 0972 ================================================================================
2011/05/25 18:11:05.0812 0972 Scan finished
2011/05/25 18:11:05.0812 0972 ================================================================================
2011/05/25 18:11:05.0843 0604 Detected object count: 1
2011/05/25 18:11:05.0843 0604 Actual detected object count: 1
2011/05/25 18:11:16.0890 0604 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/25 18:11:16.0890 0604 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/25 18:11:20.0218 0604 Backup copy found, using it..
2011/05/25 18:11:20.0281 0604 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/05/25 18:11:20.0281 0604 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/05/25 18:11:39.0296 0664 Deinitialize success

#15 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 25 May 2011 - 05:29 PM

Please rerun TDSSKiller and post the log.

Are the redirects gone?

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users