Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services.exe Error Plus Random Ads etc


  • This topic is locked This topic is locked
24 replies to this topic

#1 911Response

911Response

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 27 May 2011 - 09:54 AM

When booting, HP Windows XP shows a pop-up screen with:

"services.exe - Application Error

The instruction at "0x003f27f0" referenced memory at "0x1000a64f". The

memory could not be "read".

Click on OK to terminate the program
Click on CANCEL to debug the program"

When I click on either option, the computer then shows another pop up which

indicates the computer will shut down in 60 seconds. Launching in Safe Mode

generates the same result.

I've run various spyware/virus scans, and all show the computer is clean.

Prior to this error occurring I had the Windows Recovery Malware issue. After running multiple malware
programs and anti-virus I was able to resolve the Windows Recovery Malware, however there are still issues
listed as follows;

1.) Services.exe Error

2.) Random Ads playing in background

3.) Google Redirects

4.) No program icons in Start Menu

5.) No Admin User Login available

6.) Desktop wallpaper gone

7.) Firefox bookmarks gone

Clearly Malware and/or Virus still exists, however MBAM and AVG scan show nothing.

Any recommendations would be appreciated? Thanks!

Here is my HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:46 AM, on 5/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\regedit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.firehouse.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://firehousesoftware.webex.com/client/T27L/support/ieatgpc.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

--
End of file - 3683 bytes

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,436 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:22 AM

Posted 27 May 2011 - 03:37 PM

Hi :)

:welcome:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in


    netsvcs
    set /c
    /md5start
    UXTHEME.DLL
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    services.exe
    Userinit.exe
    Explorer.exe
    Winlogon.exe
    Regedit.exe
    SCLWAPI.dll
    /md5stop
    %TEMP%\smtmp\*.* /s
    %SYSTEMDRIVE%\*.*
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 911Response

911Response
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 28 May 2011 - 09:21 AM

Came back to computer today and noticed a few more things;

1.)SIDlist.txt on desktop
2.) Windows Security issue (noted from a browser)
3.) A new email message to be sent with just an unknown address

Ran the OTL and here are the contents of the OTL.txt file:

OTL logfile created on: 5/28/2011 10:05:12 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 69.39% Memory free
4.34 Gb Paging File | 3.78 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 116.40 Gb Free Space | 81.93% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.84 Gb Free Space | 26.43% Space Free | Partition Type: FAT32

Computer Name: TFD1 | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 10:01:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/28 10:01:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/22 13:56:50 | 000,984,392 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/17 09:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/02/17 09:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/02 11:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/01/06 23:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/08/26 23:41:08 | 000,049,920 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2009/08/26 23:41:04 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 14:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 14:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 04:47:45 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/02/28 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2006/02/28 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2006/02/28 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2006/02/28 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/02/28 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2006/02/28 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2006/02/28 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2006/02/28 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2006/02/28 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2006/02/28 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2006/02/28 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2006/02/28 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2006/02/28 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2006/02/28 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2006/02/28 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2006/02/28 08:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pciide.sys -- (PCIIde)
DRV - [2006/02/28 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2005/03/04 17:36:46 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/12/14 12:07:44 | 000,021,744 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/11/02 12:27:20 | 000,773,565 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/10/13 20:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/09/15 01:38:26 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/18 03:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/09/19 12:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 10:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/10/04 13:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/17 15:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/06/04 09:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.firehouse.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.firehouse.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: avg@igeared:7.004.022.004
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ddad4cb&v=7.004.022.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/19 13:58:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/23 17:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/05/23 17:42:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 16:58:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 16:39:45 | 000,000,000 | ---D | M]

[2010/02/12 19:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2010/02/12 19:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/02/12 19:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\d08b4ftz.default\extensions
[2011/05/26 21:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/03 16:39:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/16 12:24:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011/05/23 17:41:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/05/23 17:42:34 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.004.022.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/06/19 13:58:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/03 16:39:39 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/05/03 16:39:39 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/13 00:06:48 | 000,013,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\cgpcfg.dll
[2009/09/13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/09/13 00:07:08 | 000,255,312 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxmui.dll
[2009/09/13 00:06:30 | 000,031,064 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\icafile.dll
[2009/09/13 00:06:46 | 000,040,280 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\icalogon.dll
[2010/02/16 12:24:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2011/05/03 16:39:41 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010/09/23 15:42:24 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/08/14 14:33:38 | 000,652,640 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\sslsdk_b.dll
[2009/09/13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2011/03/11 12:48:24 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/03/11 12:48:24 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/05/23 17:50:13 | 000,002,359 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2011/03/11 12:48:24 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/03/11 12:48:24 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/03/11 12:48:24 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/03/11 12:48:24 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/03/11 12:48:24 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://firehousesoftware.webex.com/client/T27L/support/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/04 18:17:33 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{c0ced93a-db74-11df-afc0-0011d8a8cb8c}\Shell - "" = AutoRun
O33 - MountPoints2\{c0ced93a-db74-11df-afc0-0011d8a8cb8c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c0ced93a-db74-11df-afc0-0011d8a8cb8c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/28 10:01:59 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/05/27 15:00:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/25 17:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy1.65
[2011/05/25 17:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011/05/25 17:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2011/05/25 17:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011/05/25 17:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/05/25 16:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/05/25 16:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2011/05/25 16:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2011/05/25 16:36:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\My Documents\My Videos
[2011/05/25 16:36:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\My Documents\My Music
[2011/05/24 18:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/24 18:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\HiJackThis
[2011/05/23 20:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2011/05/23 20:55:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/23 20:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/23 20:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/23 20:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/23 17:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\AVG Security Toolbar
[2011/05/23 17:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\AVG10
[2011/05/23 17:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/23 17:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/23 17:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/23 17:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/23 17:32:38 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/23 17:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/23 13:33:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2011/05/23 12:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2005/09/30 08:12:08 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/28 10:01:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/05/27 15:01:34 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/27 12:04:56 | 000,386,998 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/27 12:04:56 | 000,055,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/27 11:24:44 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/27 11:24:41 | 2675,298,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/27 11:24:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/27 10:44:14 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.lnk
[2011/05/27 10:28:04 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/05/26 09:54:24 | 116,111,724 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/25 21:55:16 | 000,434,580 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.spybot
[2011/05/25 21:52:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/23 20:55:31 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/23 17:42:22 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/23 17:32:38 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/23 17:08:51 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/23 16:43:45 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/05/14 15:38:50 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2011/05/05 16:42:40 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Tax Map Property Listings.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/27 10:29:58 | 2675,298,304 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/26 09:54:24 | 116,111,724 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/24 18:24:44 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.lnk
[2011/05/23 22:52:30 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/23 22:52:30 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/23 22:52:29 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/23 22:52:29 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/23 22:52:29 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/23 22:52:27 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/05/23 20:55:31 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/23 17:42:22 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/23 17:08:51 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/05 16:41:55 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Tax Map Property Listings.lnk
[2010/02/16 14:11:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/02/11 11:34:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/15 13:05:36 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/08 16:55:44 | 000,022,437 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft Excel.ADR
[2007/11/08 16:49:03 | 000,038,473 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Tab Separated Values (Windows).ADR
[2007/05/16 11:07:25 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/11 15:11:41 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/10/26 08:10:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\MARPLOT.INI
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/23 14:47:00 | 000,001,106 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/01/23 14:44:40 | 000,001,255 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2006/01/10 16:26:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/11/21 11:26:13 | 000,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
[2005/11/21 11:14:00 | 000,069,385 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2005/11/21 11:14:00 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2005/11/21 10:08:20 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2005/11/21 09:25:22 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005/09/06 08:35:54 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\ViewerApp.dat
[2005/08/30 14:29:40 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/24 13:00:21 | 000,000,086 | ---- | C] () -- C:\WINDOWS\pwstreet.ini
[2005/08/17 17:50:34 | 000,068,938 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2005/08/17 17:50:34 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2005/08/17 17:28:08 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2005/08/16 12:56:17 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2005/08/16 09:26:00 | 000,000,341 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/08/16 08:09:11 | 000,000,046 | ---- | C] () -- C:\WINDOWS\hposf045.dat
[2005/03/04 18:19:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/04 18:15:45 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/04 18:15:45 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/04 18:15:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/04 18:15:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/04 18:15:45 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/04 18:15:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/04 17:48:43 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2005/03/04 17:47:12 | 000,014,552 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/03/04 17:47:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/03/04 17:46:45 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/04 17:43:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/04 17:33:18 | 000,086,562 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/03/04 17:33:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005/03/04 17:31:58 | 000,094,364 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2005/03/04 17:31:58 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2005/03/04 17:26:24 | 000,050,501 | ---- | C] () -- C:\WINDOWS\hpdins03.dat
[2005/03/04 17:26:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpdmdl01.dat
[2005/03/04 17:23:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/04 17:21:39 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/03/04 17:12:15 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/04 17:10:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/15 06:52:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/15 06:43:00 | 000,386,998 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/15 06:43:00 | 000,055,644 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/15 06:41:10 | 000,175,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/15 06:37:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/15 06:36:06 | 000,023,460 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/13 19:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/16 00:38:02 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/07 14:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TFD1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\TFD1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;c:\Python22;C:\Program Files\PC-Doctor for Windows\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=TFD1
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS


< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/07/06 09:19:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/07/06 09:19:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2006/02/28 08:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/06 09:19:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/07/06 09:19:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: REGEDIT.EXE >
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2006/02/28 08:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2004/08/04 07:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\I386\REGEDIT.EXE

< MD5 for: SCECLI.DLL >
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006/02/28 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: UXTHEME.DLL >
[2006/02/28 08:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=2CDE496666A975A2CE8F969F3042C8DB -- C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll
[2008/04/13 20:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
[2008/04/13 20:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\system32\uxtheme.dll

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %TEMP%\smtmp\*.* /s >

< %SYSTEMDRIVE%\*.* >
[2010/08/04 03:16:21 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.dbf
[2010/06/09 10:57:24 | 000,007,680 | ---- | M] () -- C:\albumImagesTable.cdx
[2010/06/09 10:57:24 | 000,000,957 | ---- | M] () -- C:\albumImagesTable.dbf
[2010/06/09 10:57:24 | 000,004,608 | ---- | M] () -- C:\albumTable.cdx
[2010/06/09 10:57:24 | 000,000,584 | ---- | M] () -- C:\albumTable.dbf
[2005/03/04 18:17:33 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/21 08:41:42 | 000,017,408 | ---- | M] () -- C:\Blank Timesheet.xls
[2010/02/11 10:40:11 | 000,000,213 | -HS- | M] () -- C:\BOOT.BAK
[2011/05/27 10:28:04 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/22 17:05:20 | 000,000,000 | ---- | M] () -- C:\CB_Server_Errors.txt
[2004/08/04 07:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/10/15 06:38:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/08/25 08:16:05 | 000,003,884 | ---- | M] () -- C:\Ctp.log
[2010/06/09 10:57:24 | 000,003,072 | ---- | M] () -- C:\EXIFTable.cdx
[2010/06/09 10:57:24 | 000,000,488 | ---- | M] () -- C:\EXIFTable.dbf
[2011/05/27 11:24:41 | 2675,298,304 | -HS- | M] () -- C:\hiberfil.sys
[2005/03/04 17:10:46 | 000,000,002 | ---- | M] () -- C:\hpbi.log
[2010/08/04 03:16:21 | 000,009,216 | ---- | M] () -- C:\imageTable.cdx
[2010/06/09 10:57:24 | 000,001,089 | ---- | M] () -- C:\imageTable.dbf
[2010/06/09 10:57:24 | 000,000,512 | ---- | M] () -- C:\imageTable.fpt
[2011/05/25 21:54:47 | 006,343,717 | ---- | M] () -- C:\immudebug.log
[2004/10/15 06:38:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/01/19 16:39:42 | 000,000,026 | ---- | M] () -- C:\ioSpecial.ini
[2010/06/09 10:57:24 | 000,006,144 | ---- | M] () -- C:\keywordImagesTable.cdx
[2010/06/09 10:57:24 | 000,000,360 | ---- | M] () -- C:\keywordImagesTable.dbf
[2010/06/09 10:57:24 | 000,004,608 | ---- | M] () -- C:\keywordTable.cdx
[2010/06/09 10:57:24 | 000,000,456 | ---- | M] () -- C:\keywordTable.dbf
[2005/08/25 08:12:01 | 000,001,024 | ---- | M] () -- C:\LOCID.NDX
[2010/06/09 10:57:24 | 000,000,360 | ---- | M] () -- C:\managedFolderTable.dbf
[2004/10/15 06:38:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/06 09:22:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/27 11:24:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2005/08/25 08:12:01 | 000,000,669 | ---- | M] () -- C:\PalmIna.dbf
[2005/08/25 08:12:01 | 000,001,770 | ---- | M] () -- C:\PalmIns.dbf
[2005/08/25 08:12:01 | 000,000,005 | ---- | M] () -- C:\PalmIns.txt
[2005/08/25 08:12:01 | 000,000,290 | ---- | M] () -- C:\PalmInv.dbf
[2010/08/04 03:16:21 | 000,004,608 | ---- | M] () -- C:\pathnameTable.cdx
[2010/07/22 17:05:28 | 000,002,023 | ---- | M] () -- C:\pathnameTable.dbf
[2011/05/26 12:07:31 | 000,000,429 | ---- | M] () -- C:\rkill.log
[2010/06/09 10:57:24 | 000,006,144 | ---- | M] () -- C:\ROFImagesTable.cdx
[2010/06/09 10:57:24 | 000,000,360 | ---- | M] () -- C:\ROFImagesTable.dbf
[2010/06/09 10:57:24 | 000,003,072 | ---- | M] () -- C:\ROFTable.cdx
[2010/06/09 10:57:24 | 000,000,392 | ---- | M] () -- C:\ROFTable.dbf
[2005/08/17 17:29:06 | 000,000,136 | ---- | M] () -- C:\SerialSync.txt
[2005/08/24 13:02:18 | 000,090,344 | ---- | M] () -- C:\SQLInstall.log
[2005/08/25 08:12:01 | 000,001,024 | ---- | M] () -- C:\VIOLOCID.NDX

< %systemroot%\System32\config\*.sav >
[2010/02/11 08:20:13 | 000,245,760 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/11 13:06:32 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/02/11 08:20:13 | 027,262,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/11 08:20:13 | 004,194,304 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2011/05/25 21:52:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

< End of report >

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,436 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:22 AM

Posted 28 May 2011 - 10:19 AM

Have you installed a web cam, camera, or scanner lately? The event viewer shows a problem with the Windows Image Acquisition service.

There is no evident malware in the log.

We will running a few scans. I would suggest you backup your important documents before proceeding.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Edited by JSntgRvr, 28 May 2011 - 10:20 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 911Response

911Response
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 28 May 2011 - 10:54 AM

This computer is used for admin purposes and the only thing I know is that they used the scanner recently on an AIO printer.

I ran TDSSKiller and it cured one infected file. Upon reboot the following had seemed to of been repaired;

1.) No more services.exe error
2.) No more Google redirects
3.) Have not heard random ads playing yet

The following issues still exist;

1.) No program icons in Start Menu
2.) No option for Admin Login
3.) Desktop wallpaper still blue (I can change it to what it was, just thinking there is a setting that needs changing)
4.) Bookmarks gone from Firefox

It seems that it is possible that the malware is gone but the settings it changed may need to be changed back, either in the registry or somewhere else.

Thank you for the help!

Here is the TDSSKiller Log;

2011/05/28 11:36:59.0937 3468 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/28 11:37:00.0390 3468 ================================================================================
2011/05/28 11:37:00.0390 3468 SystemInfo:
2011/05/28 11:37:00.0390 3468
2011/05/28 11:37:00.0390 3468 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/28 11:37:00.0390 3468 Product type: Workstation
2011/05/28 11:37:00.0390 3468 ComputerName: TFD1
2011/05/28 11:37:00.0390 3468 UserName: HP_Owner
2011/05/28 11:37:00.0390 3468 Windows directory: C:\WINDOWS
2011/05/28 11:37:00.0390 3468 System windows directory: C:\WINDOWS
2011/05/28 11:37:00.0390 3468 Processor architecture: Intel x86
2011/05/28 11:37:00.0390 3468 Number of processors: 1
2011/05/28 11:37:00.0390 3468 Page size: 0x1000
2011/05/28 11:37:00.0390 3468 Boot type: Normal boot
2011/05/28 11:37:00.0390 3468 ================================================================================
2011/05/28 11:37:01.0500 3468 Initialize success
2011/05/28 11:37:37.0984 2540 ================================================================================
2011/05/28 11:37:37.0984 2540 Scan started
2011/05/28 11:37:37.0984 2540 Mode: Manual;
2011/05/28 11:37:37.0984 2540 ================================================================================
2011/05/28 11:37:38.0656 2540 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/28 11:37:38.0734 2540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/28 11:37:38.0812 2540 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/28 11:37:38.0890 2540 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/28 11:37:38.0968 2540 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/05/28 11:37:39.0203 2540 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/28 11:37:39.0375 2540 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/28 11:37:39.0484 2540 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/28 11:37:39.0578 2540 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/28 11:37:39.0625 2540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/28 11:37:39.0703 2540 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/28 11:37:39.0765 2540 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/05/28 11:37:39.0828 2540 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/28 11:37:39.0921 2540 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/05/28 11:37:39.0968 2540 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/05/28 11:37:40.0015 2540 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/05/28 11:37:40.0062 2540 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/05/28 11:37:40.0109 2540 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/05/28 11:37:40.0187 2540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/28 11:37:40.0250 2540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/28 11:37:40.0359 2540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/28 11:37:40.0406 2540 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/28 11:37:40.0484 2540 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/28 11:37:40.0687 2540 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
2011/05/28 11:37:40.0843 2540 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/28 11:37:40.0937 2540 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/28 11:37:41.0000 2540 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/28 11:37:41.0062 2540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/28 11:37:41.0125 2540 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/28 11:37:41.0218 2540 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/28 11:37:41.0281 2540 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/28 11:37:41.0343 2540 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/28 11:37:41.0390 2540 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/28 11:37:41.0453 2540 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/28 11:37:41.0546 2540 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/28 11:37:41.0609 2540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/28 11:37:41.0687 2540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/28 11:37:41.0781 2540 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/28 11:37:41.0828 2540 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/28 11:37:41.0890 2540 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/05/28 11:37:41.0953 2540 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/28 11:37:42.0000 2540 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/28 11:37:42.0093 2540 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/28 11:37:42.0140 2540 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/28 11:37:42.0187 2540 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/28 11:37:42.0265 2540 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/28 11:37:42.0468 2540 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/28 11:37:42.0578 2540 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/28 11:37:42.0640 2540 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/28 11:37:42.0812 2540 IntcAzAudAddService (a4481d615f09df12dec8e0a079a09ad0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/28 11:37:42.0875 2540 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/28 11:37:42.0937 2540 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/28 11:37:42.0984 2540 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/28 11:37:43.0062 2540 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/28 11:37:43.0125 2540 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/28 11:37:43.0171 2540 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/28 11:37:43.0234 2540 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/28 11:37:43.0296 2540 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/28 11:37:43.0359 2540 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/05/28 11:37:43.0406 2540 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/28 11:37:43.0484 2540 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/28 11:37:43.0531 2540 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/28 11:37:43.0687 2540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/28 11:37:43.0734 2540 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/28 11:37:43.0765 2540 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/28 11:37:43.0843 2540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/28 11:37:43.0875 2540 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/28 11:37:43.0953 2540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/28 11:37:44.0031 2540 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/28 11:37:44.0078 2540 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/28 11:37:44.0109 2540 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/28 11:37:44.0171 2540 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/28 11:37:44.0218 2540 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/28 11:37:44.0296 2540 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/28 11:37:44.0328 2540 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/28 11:37:44.0375 2540 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/28 11:37:44.0453 2540 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/28 11:37:44.0546 2540 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/28 11:37:44.0593 2540 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/28 11:37:44.0656 2540 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/28 11:37:44.0687 2540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/28 11:37:44.0734 2540 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/28 11:37:44.0796 2540 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/28 11:37:44.0843 2540 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/28 11:37:44.0890 2540 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/28 11:37:44.0968 2540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/28 11:37:45.0031 2540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/28 11:37:45.0109 2540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/28 11:37:45.0140 2540 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/28 11:37:45.0203 2540 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/28 11:37:45.0250 2540 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/28 11:37:45.0312 2540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/28 11:37:45.0343 2540 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/28 11:37:45.0406 2540 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/05/28 11:37:45.0484 2540 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/28 11:37:45.0671 2540 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/05/28 11:37:45.0718 2540 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/28 11:37:45.0765 2540 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/05/28 11:37:45.0812 2540 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/28 11:37:45.0843 2540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/28 11:37:45.0906 2540 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/28 11:37:46.0093 2540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/28 11:37:46.0125 2540 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/28 11:37:46.0156 2540 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/28 11:37:46.0171 2540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/28 11:37:46.0203 2540 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/28 11:37:46.0234 2540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/28 11:37:46.0281 2540 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/28 11:37:46.0312 2540 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/28 11:37:46.0359 2540 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/05/28 11:37:46.0437 2540 SCR3XX2K (b590c6b740a85130e88d35d007691eb4) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
2011/05/28 11:37:46.0484 2540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/28 11:37:46.0562 2540 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/28 11:37:46.0593 2540 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/28 11:37:46.0671 2540 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/28 11:37:46.0734 2540 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/28 11:37:46.0781 2540 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/28 11:37:46.0843 2540 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/28 11:37:46.0890 2540 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/28 11:37:46.0921 2540 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/28 11:37:47.0046 2540 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/28 11:37:47.0125 2540 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/28 11:37:47.0156 2540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/28 11:37:47.0187 2540 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/28 11:37:47.0203 2540 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/28 11:37:47.0312 2540 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/28 11:37:47.0421 2540 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/28 11:37:47.0468 2540 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/28 11:37:47.0500 2540 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/28 11:37:47.0515 2540 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/28 11:37:47.0546 2540 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/28 11:37:47.0578 2540 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/28 11:37:47.0609 2540 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/28 11:37:47.0640 2540 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/28 11:37:47.0656 2540 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/28 11:37:47.0703 2540 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/28 11:37:47.0734 2540 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/28 11:37:47.0734 2540 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/28 11:37:47.0734 2540 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/28 11:37:47.0796 2540 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/28 11:37:47.0828 2540 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/05/28 11:37:47.0890 2540 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/28 11:37:47.0984 2540 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
2011/05/28 11:37:48.0000 2540 ================================================================================
2011/05/28 11:37:48.0000 2540 Scan finished
2011/05/28 11:37:48.0000 2540 ================================================================================
2011/05/28 11:37:48.0015 2836 Detected object count: 1
2011/05/28 11:37:48.0015 2836 Actual detected object count: 1
2011/05/28 11:38:13.0609 2836 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/28 11:38:13.0609 2836 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/28 11:38:14.0421 2836 Backup copy found, using it..
2011/05/28 11:38:14.0453 2836 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/05/28 11:38:14.0453 2836 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/05/28 11:39:02.0656 3572 Deinitialize success

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,436 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:22 AM

Posted 28 May 2011 - 01:54 PM

Concerning Firefox, see if there is a backup in your profile folder and import the bookmarks. Here is some information:

http://support.mozilla.com/en-US/kb/Lost%20Bookmarks#w_restoring-bookmark-backups

The backup should be under the following folder:

C:\Documents and Settings\<Windows login/user name>\Application Data\Mozilla\Firefox\Profiles\(default Profile)

Did you run anything that would delete the temp files and folder?

Please go to Start -> Run, copy and paste the following command (including the quotation marks) and click OK:

CMD /C Dir /a %TEMP%\*.* /s >"%Userprofile%\desktop\Log.txt"

A log.txt will be produced on the desktop. Please post its contents in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 911Response

911Response
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 28 May 2011 - 10:08 PM

The bookmarks restore was unsuccessful. The latest restore point was the day the computer went down.

Here is the log.txt file;

Volume in drive C is HP_PAVILION
Volume Serial Number is 3458-56F7

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp

05/28/2011 10:59 PM <DIR> .
05/28/2011 10:59 PM <DIR> ..
05/25/2011 05:27 PM <DIR> 7zS4.tmp
08/24/2005 07:04 AM <DIR> Adobe
05/25/2011 05:27 PM <DIR> Adobe Reader 8
05/27/2011 03:03 PM 599,292 AdobeARM.log
05/27/2011 03:41 PM 729 AdobeARM_NotLocked.log
09/26/2008 12:02 PM 2,356,088 AdobeUpdater12345.exe
05/27/2011 03:41 PM 148,526 ArmUI.ini
05/25/2011 10:03 PM 7,799 au-descriptor-1.6.0_24-b73.xml
05/25/2011 05:27 PM <DIR> bks1E.tmp
02/24/2006 01:25 PM <DIR> byeE2.tmp
05/27/2011 03:00 PM <DIR> CDM
05/23/2011 05:47 PM 65,535 config.dat
09/06/2005 01:41 PM <DIR> DPE
02/12/2008 05:42 PM <DIR> EasyLinkAdvisor
05/25/2011 05:27 PM <DIR> Excel8.0
05/25/2011 05:27 PM <DIR> Google Toolbar
05/25/2010 09:11 AM <DIR> Gradkell Systems, Inc
10/13/2009 03:08 PM <DIR> History
02/02/2008 06:17 PM <DIR> HP PhotoSmart
12/14/2004 12:07 PM 274,432 hpdj00.exe
05/31/2007 04:08 PM <DIR> HPQKYGRP_00000518
05/25/2011 05:27 PM <DIR> HPSU45BG.1S3
02/16/2010 08:56 AM <DIR> HPSU8VVE.N0V
02/16/2010 08:56 AM <DIR> HPSUIBKR.Q8X
05/23/2011 08:50 PM <DIR> hsperfdata_HP_Owner
05/25/2011 05:27 PM <DIR> ICD1.tmp
06/12/2001 12:00 PM 339,565 IEC6.tmp
06/12/2001 12:00 PM 339,565 IECA.tmp
06/12/2001 12:00 PM 339,565 IECDF.tmp
08/29/2005 08:19 AM <DIR> InstMsp
05/25/2011 10:03 PM 2,537 jusched.log
03/17/2006 09:55 AM <DIR> MapSource
05/25/2011 05:27 PM <DIR> MFPrint_PCL5c_1468
08/19/2005 10:18 AM <DIR> msohtml
05/10/2011 05:56 AM <DIR> msohtml1
05/25/2011 05:27 PM <DIR> NDP1.1sp1-KB953297-X86
05/25/2011 05:27 PM <DIR> NPRSetup
05/25/2011 05:27 PM <DIR> nsnD3.tmp
05/25/2011 05:27 PM <DIR> nso69.tmp
05/25/2011 05:27 PM <DIR> nsz1C.tmp
05/25/2011 05:27 PM <DIR> OfficeUpdate
01/17/2010 09:38 AM <DIR> OIS
05/27/2011 12:04 PM <DIR> outlook logging
05/25/2011 05:27 PM <DIR> PCDr
11/21/2005 10:08 AM <DIR> pft3.tmp
05/25/2011 05:27 PM <DIR> plugtmp
05/23/2011 08:58 PM <DIR> plugtmp-1
05/25/2011 05:27 PM <DIR> plugtmp-2
05/25/2011 05:27 PM <DIR> plugtmp-3
05/28/2011 10:34 AM <DIR> plugtmp-4
08/24/2005 06:47 AM <DIR> RarSFX0
06/17/2008 09:11 AM <DIR> RarSFX1
05/23/2011 01:24 PM <DIR> RarSFX2
05/23/2011 01:36 PM <DIR> RarSFX3
05/23/2011 01:44 PM <DIR> RarSFX4
05/23/2011 04:52 PM <DIR> RarSFX5
05/23/2011 08:53 PM <DIR> RarSFX6
05/24/2011 09:21 AM <DIR> RarSFX7
05/26/2011 12:06 PM <DIR> RarSFX8
05/26/2011 12:07 PM <DIR> RarSFX9
05/25/2011 05:27 PM <DIR> rninst~0
06/19/2009 02:57 PM <DIR> rninst~1
10/13/2009 03:08 PM <DIR> RtSigs
05/25/2011 04:39 PM <DIR> SAS9D.tmp
05/20/2011 05:15 PM <DIR> smtmp
05/24/2011 06:09 PM <DIR> SUPERSetup
07/31/2007 10:58 AM <DIR> sw
05/25/2011 05:27 PM <DIR> TCD566.tmp
05/25/2011 05:27 PM <DIR> TCD6.tmp
05/25/2011 05:27 PM <DIR> TCD7.tmp
05/25/2011 05:27 PM <DIR> TCD8.tmp
05/25/2011 05:27 PM <DIR> TCD9.tmp
05/25/2011 05:27 PM <DIR> TCDD.tmp
05/25/2011 05:27 PM <DIR> TempFolder.aaa
05/25/2011 05:27 PM <DIR> Temporary Directory 1 for brochure[1].zip
05/28/2011 11:36 AM 11,540 test.reg
05/25/2011 05:27 PM <DIR> VBE
05/25/2011 05:27 PM <DIR> WebregV2
05/25/2011 05:27 PM <DIR> WER1c71.dir00
05/25/2011 05:27 PM <DIR> WER1f16.dir00
05/25/2011 05:27 PM <DIR> WER50a4.dir00
05/25/2011 05:27 PM <DIR> WER542e.dir00
05/25/2011 05:27 PM <DIR> WER542f.dir00
05/25/2011 05:27 PM <DIR> WER54d5.dir00
05/25/2011 05:27 PM <DIR> WER5803.dir00
05/25/2011 05:27 PM <DIR> WER5869.dir00
05/25/2011 05:27 PM <DIR> WER5a32.dir00
05/25/2011 05:27 PM <DIR> WER5fa1.dir00
05/26/2011 10:54 PM <DIR> WER6123.dir00
05/25/2011 05:27 PM <DIR> WER70d5.dir00
05/25/2011 05:27 PM <DIR> WER71b9.dir00
05/25/2011 05:27 PM <DIR> WER761a.dir00
05/25/2011 05:27 PM <DIR> WER8f0a.dir00
05/25/2011 05:27 PM <DIR> WER9c3f.dir00
05/25/2011 05:27 PM <DIR> WERa318.dir00
05/25/2011 05:27 PM <DIR> WERc251.dir00
05/26/2011 10:41 PM <DIR> WERc3fa.dir00
05/25/2011 05:27 PM <DIR> WERd269.dir00
05/26/2011 10:54 PM <DIR> WERde79.dir00
05/25/2011 05:27 PM <DIR> WERe29d.dir00
05/25/2011 05:27 PM <DIR> WERe8cb.dir00
05/25/2011 05:27 PM <DIR> WERefb6.dir00
05/25/2011 05:27 PM <DIR> WERf416.dir00
04/05/2007 01:32 PM <DIR> WMT55.tmp
04/05/2007 01:32 PM <DIR> WMT56.tmp
05/25/2011 05:27 PM <DIR> Word8.0
02/09/2010 09:06 AM <DIR> WPDNSE
05/25/2011 05:27 PM <DIR> wrd11220d2c.~lk
05/25/2011 05:27 PM <DIR> wrd1ada096c.~lk
05/25/2011 05:27 PM <DIR> wrd1e9f0df8.~lk
05/25/2011 05:27 PM <DIR> wrd1f95009c.~lk
05/25/2011 05:27 PM <DIR> wrd223e0974.~lk
05/25/2011 05:27 PM <DIR> wrd26a04e8.~lk
05/25/2011 05:27 PM <DIR> wrd280407b4.~lk
05/25/2011 05:27 PM <DIR> wrd40a07d8.~lk
05/25/2011 05:27 PM <DIR> wrd6401a0.~lk
05/25/2011 05:27 PM <DIR> wrd7e80954.~lk
05/25/2011 05:27 PM <DIR> wrdacf0e70.~lk
05/25/2011 05:27 PM <DIR> wrdc1607d4.~lk
05/25/2011 05:27 PM <DIR> _ir_tmpfnt_1
11/21/2005 09:26 AM <DIR> _ISTMP1.DIR
11/21/2005 09:26 AM <DIR> _ISTMP2.DIR
11/21/2005 09:26 AM <DIR> _ISTMP3.DIR
05/25/2011 05:27 PM <DIR> __ArcadeDownloadFoler__wheeloffortune_EN_elgoog
03/08/2007 03:32 PM <DIR> {5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
01/10/2006 09:31 AM <DIR> {68249B73-B714-11D7-88E8-0050DA21757E}
11/08/2005 03:36 PM <DIR> {68249B76-B714-11D7-88E8-0050DA21757E}
07/10/2009 10:45 AM <DIR> {A12647A7-59A4-497c-90B0-45C455CBDE53}
08/24/2005 01:02 PM <DIR> {E09B48B5-E141-427A-AB0C-D3605127224A}
09/06/2005 08:27 AM <DIR> {FAD1EE66-47B3-4881-A53C-438292158F8E}
08/13/2009 10:10 AM <DIR> ~DEST
05/26/2011 01:17 PM 16,384 ~DF1178.tmp
05/26/2011 02:42 PM 16,384 ~DF1AA1.tmp
05/27/2011 10:30 AM 16,384 ~DF3D1C.tmp
05/26/2011 02:34 PM 16,384 ~DF48FD.tmp
05/26/2011 10:48 PM 16,384 ~DF498D.tmp
05/26/2011 10:48 PM 32,768 ~DF4BE.tmp
05/26/2011 10:48 PM 512 ~DF4C9.tmp
05/26/2011 10:48 PM 16,384 ~DF535.tmp
05/26/2011 10:48 PM 512 ~DF540.tmp
05/26/2011 10:48 PM 32,768 ~DF56F.tmp
05/26/2011 10:48 PM 512 ~DF57A.tmp
05/26/2011 02:34 PM 32,768 ~DF5A37.tmp
05/26/2011 02:34 PM 512 ~DF5A42.tmp
05/26/2011 02:34 PM 16,384 ~DF5A81.tmp
05/26/2011 02:34 PM 512 ~DF5A8C.tmp
05/26/2011 02:34 PM 32,768 ~DF5ABB.tmp
05/26/2011 02:34 PM 512 ~DF5AC6.tmp
05/27/2011 11:15 AM 16,384 ~DF6863.tmp
05/27/2011 11:11 AM 32,768 ~DF7C4E.tmp
05/27/2011 11:11 AM 512 ~DF7C5D.tmp
05/27/2011 11:11 AM 16,384 ~DF7C9C.tmp
05/27/2011 11:11 AM 512 ~DF7CA7.tmp
05/27/2011 11:11 AM 32,768 ~DF7CD6.tmp
05/27/2011 11:11 AM 512 ~DF7CE1.tmp
05/26/2011 02:43 PM 16,384 ~DFA052.tmp
05/26/2011 02:43 PM 32,768 ~DFC8AE.tmp
05/26/2011 02:43 PM 512 ~DFC8B9.tmp
05/26/2011 02:43 PM 16,384 ~DFC925.tmp
05/26/2011 02:43 PM 512 ~DFC930.tmp
05/26/2011 02:43 PM 32,768 ~DFC95F.tmp
05/26/2011 02:43 PM 512 ~DFC96A.tmp
05/26/2011 10:48 PM 16,384 ~DFDF15.tmp
08/13/2009 11:26 AM <DIR> ~nsu.tmp
44 File(s) 4,950,069 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\7zS4.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobe

08/24/2005 07:04 AM <DIR> .
08/24/2005 07:04 AM <DIR> ..
06/17/2008 10:40 AM <DIR> Acrobat
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobe\Acrobat

06/17/2008 10:40 AM <DIR> .
06/17/2008 10:40 AM <DIR> ..
09/09/2005 11:28 AM <DIR> 6.0
05/01/2007 04:55 PM <DIR> 7.0
01/15/2011 02:13 PM <DIR> 8.0
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobe\Acrobat\6.0

09/09/2005 11:28 AM <DIR> .
09/09/2005 11:28 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobe\Acrobat\7.0

05/01/2007 04:55 PM <DIR> .
05/01/2007 04:55 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobe\Acrobat\8.0

01/15/2011 02:13 PM <DIR> .
01/15/2011 02:13 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobe Reader 8

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\bks1E.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\byeE2.tmp

02/24/2006 01:25 PM <DIR> .
02/24/2006 01:25 PM <DIR> ..
02/24/2006 01:25 PM <DIR> Disk1
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\byeE2.tmp\Disk1

02/24/2006 01:25 PM <DIR> .
02/24/2006 01:25 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\CDM

05/27/2011 03:00 PM <DIR> .
05/27/2011 03:00 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\DPE

09/06/2005 01:41 PM <DIR> .
09/06/2005 01:41 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\EasyLinkAdvisor

02/12/2008 05:42 PM <DIR> .
02/12/2008 05:42 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Excel8.0

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Google Toolbar

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Gradkell Systems, Inc

05/25/2010 09:11 AM <DIR> .
05/25/2010 09:11 AM <DIR> ..
05/25/2010 09:11 AM <DIR> DBsign Data Security Suite
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Gradkell Systems, Inc\DBsign Data Security Suite

05/25/2010 09:11 AM <DIR> .
05/25/2010 09:11 AM <DIR> ..
05/25/2011 05:27 PM <DIR> Temp
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Gradkell Systems, Inc\DBsign Data Security Suite\Temp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\History

10/13/2009 03:08 PM <DIR> .
10/13/2009 03:08 PM <DIR> ..
10/13/2009 03:08 PM <DIR> Results
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\History\Results

10/13/2009 03:08 PM <DIR> .
10/13/2009 03:08 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\HP PhotoSmart

02/02/2008 06:17 PM <DIR> .
02/02/2008 06:17 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Temporary File Cache
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\HP PhotoSmart\Temporary File Cache

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\HPQKYGRP_00000518

05/31/2007 04:08 PM <DIR> .
05/31/2007 04:08 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\HPSU45BG.1S3

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\HPSU8VVE.N0V

02/16/2010 08:56 AM <DIR> .
02/16/2010 08:56 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\HPSUIBKR.Q8X

02/16/2010 08:56 AM <DIR> .
02/16/2010 08:56 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\hsperfdata_HP_Owner

05/23/2011 08:50 PM <DIR> .
05/23/2011 08:50 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ICD1.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\InstMsp

08/29/2005 08:19 AM <DIR> .
08/29/2005 08:19 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\MapSource

03/17/2006 09:55 AM <DIR> .
03/17/2006 09:55 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\MFPrint_PCL5c_1468

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\msohtml

08/19/2005 10:18 AM <DIR> .
08/19/2005 10:18 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\msohtml1

05/10/2011 05:56 AM <DIR> .
05/10/2011 05:56 AM <DIR> ..
05/25/2011 05:27 PM <DIR> 01
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\msohtml1\01

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\NDP1.1sp1-KB953297-X86

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\NPRSetup

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\nsnD3.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\nso69.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\nsz1C.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\OfficeUpdate

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\OIS

01/17/2010 09:38 AM <DIR> .
01/17/2010 09:38 AM <DIR> ..
02/05/2010 12:35 PM <DIR> cacheFiles
01/17/2010 10:02 AM <DIR> temp
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\OIS\cacheFiles

02/05/2010 12:35 PM <DIR> .
02/05/2010 12:35 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\OIS\temp

01/17/2010 10:02 AM <DIR> .
01/17/2010 10:02 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\outlook logging

05/27/2011 12:04 PM <DIR> .
05/27/2011 12:04 PM <DIR> ..
05/27/2011 03:01 PM 375 firstrun.log
1 File(s) 375 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\PCDr

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\pft3.tmp

11/21/2005 10:08 AM <DIR> .
11/21/2005 10:08 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\plugtmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\plugtmp-1

05/23/2011 08:58 PM <DIR> .
05/23/2011 08:58 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\plugtmp-2

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\plugtmp-3

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\plugtmp-4

05/28/2011 10:34 AM <DIR> .
05/28/2011 10:34 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RarSFX0

08/24/2005 06:47 AM <DIR> .
08/24/2005 06:47 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RarSFX1

06/17/2008 09:11 AM <DIR> .
06/17/2008 09:11 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RarSFX2

05/23/2011 01:24 PM <DIR> .
05/23/2011 01:24 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RarSFX3

05/23/2011 01:36 PM <DIR> .
05/23/2011 01:36 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RarSFX4

05/23/2011 01:44 PM <DIR> .
05/23/2011 01:44 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RarSFX5

05/23/2011 04:52 PM <DIR> .
05/23/2011 04:52 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RarSFX6

05/23/2011 08:53 PM <DIR> .
05/23/2011 08:53 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RarSFX7

05/24/2011 09:21 AM <DIR> .
05/24/2011 09:21 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RarSFX8

05/26/2011 12:06 PM <DIR> .
05/26/2011 12:06 PM <DIR> ..
08/31/2000 08:00 AM 80,412 grep.exe
01/16/2011 04:55 PM 255,488 pev.exe
08/31/2000 09:00 AM 98,816 sed.exe
05/12/2011 02:41 PM 26,624 setpath.exe
05/19/2011 01:29 PM 2,350 unhide.bat
05/15/2011 12:34 PM 472 unhide.reg
6 File(s) 464,162 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RarSFX9

05/26/2011 12:07 PM <DIR> .
05/26/2011 12:07 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\rninst~0

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\rninst~1

06/19/2009 02:57 PM <DIR> .
06/19/2009 02:57 PM <DIR> ..
05/25/2011 05:27 PM <DIR> RUP
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\rninst~1\RUP

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RtSigs

10/13/2009 03:08 PM <DIR> .
10/13/2009 03:08 PM <DIR> ..
10/13/2009 03:08 PM <DIR> Data
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RtSigs\Data

10/13/2009 03:08 PM <DIR> .
10/13/2009 03:08 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\SAS9D.tmp

05/25/2011 04:39 PM <DIR> .
05/25/2011 04:39 PM <DIR> ..
05/25/2011 04:39 PM <DIR> Language
05/25/2011 04:39 PM <DIR> Plugins
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\SAS9D.tmp\Language

05/25/2011 04:39 PM <DIR> .
05/25/2011 04:39 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\SAS9D.tmp\Plugins

05/25/2011 04:39 PM <DIR> .
05/25/2011 04:39 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp

05/20/2011 05:15 PM <DIR> .
05/20/2011 05:15 PM <DIR> ..
05/25/2011 05:27 PM <DIR> 1
05/25/2011 05:27 PM <DIR> 2
05/25/2011 05:27 PM <DIR> 4
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
05/25/2011 05:27 PM <DIR> CS
05/25/2011 05:27 PM <DIR> Programs
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\CS

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Accessories
05/20/2011 05:14 PM <DIR> ActivIdentity
05/25/2011 05:27 PM <DIR> Administrative Tools
05/20/2011 05:14 PM <DIR> Adobe
05/25/2011 05:27 PM <DIR> AVG 9.0
05/25/2011 05:27 PM <DIR> CAMEOfm
05/25/2011 05:27 PM <DIR> Documentation
05/20/2011 05:14 PM <DIR> DoD-PKE
05/25/2011 05:27 PM <DIR> FIREHOUSE Software 7
05/25/2011 05:27 PM <DIR> Games
05/20/2011 05:15 PM <DIR> Gradkell Systems, Inc
05/25/2011 05:27 PM <DIR> Hot Deals
05/25/2011 05:27 PM <DIR> HP
05/20/2011 05:15 PM <DIR> Intervideo WinDVD
05/25/2011 05:27 PM <DIR> iTunes
05/25/2011 05:27 PM <DIR> Java 2 Runtime Environment
05/25/2011 05:27 PM <DIR> Macromedia
05/25/2011 05:27 PM <DIR> MapSource
05/25/2011 05:27 PM <DIR> MARPLOT
05/25/2011 05:27 PM <DIR> Microsoft Encarta
05/25/2011 05:27 PM <DIR> Microsoft Office
05/25/2011 05:27 PM <DIR> Microsoft Office (60 Day Trial)
05/25/2011 05:27 PM <DIR> Microsoft Picture It! 10
05/25/2011 05:27 PM <DIR> Microsoft Silverlight
05/25/2011 05:27 PM <DIR> Microsoft Works
05/25/2011 05:27 PM <DIR> Mozilla Firefox
05/25/2011 05:27 PM <DIR> muvee autoProducer
05/25/2011 05:27 PM <DIR> Norton PC Checkup
05/25/2011 05:27 PM <DIR> Online Services
05/25/2011 05:27 PM <DIR> PC Help & Tools
05/20/2011 05:15 PM <DIR> Picture Package
05/20/2011 05:15 PM <DIR> PIXELA
05/25/2011 05:27 PM <DIR> QuickTime
05/20/2011 05:15 PM <DIR> Real
05/25/2011 05:27 PM <DIR> Road Runner Medic
05/25/2011 05:27 PM <DIR> Sonic
05/25/2011 05:27 PM <DIR> Sonic RecordNow!
05/25/2011 05:27 PM <DIR> Spybot - Search & Destroy
05/25/2011 05:27 PM <DIR> Startup
05/20/2011 05:15 PM <DIR> The Weather Channel
05/25/2011 05:27 PM <DIR> Volo View Express
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Accessories

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Accessibility
05/25/2011 05:27 PM <DIR> Communications
05/25/2011 05:27 PM <DIR> Entertainment
05/25/2011 05:27 PM <DIR> Microsoft Interactive Training
05/25/2011 05:27 PM <DIR> System Tools
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Fax
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\ActivIdentity

05/20/2011 05:14 PM <DIR> .
05/20/2011 05:14 PM <DIR> ..
05/25/2011 05:27 PM <DIR> ActivClient
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\ActivIdentity\ActivClient

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Adobe

05/20/2011 05:14 PM <DIR> .
05/20/2011 05:14 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\AVG 9.0

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\CAMEOfm

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Documentation

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\DoD-PKE

05/20/2011 05:14 PM <DIR> .
05/20/2011 05:14 PM <DIR> ..
05/25/2011 05:27 PM <DIR> InstallRoot
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\DoD-PKE\InstallRoot

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\FIREHOUSE Software 7

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Games

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
05/25/2011 05:27 PM <DIR> GameChannel
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Games\GameChannel

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Gradkell Systems, Inc

05/20/2011 05:15 PM <DIR> .
05/20/2011 05:15 PM <DIR> ..
05/25/2011 05:27 PM <DIR> DBsign Web Signer
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Gradkell Systems, Inc\DBsign Web Signer

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Hot Deals

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\HP

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Photosmart 320,370,7400,8100,8400 Series
05/25/2011 05:27 PM <DIR> Photosmart Camera
05/25/2011 05:27 PM <DIR> PSC All-In-One 1400 series
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 320,370,7400,8100,8400 Series

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart Camera

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\HP\PSC All-In-One 1400 series

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Intervideo WinDVD

05/20/2011 05:15 PM <DIR> .
05/20/2011 05:15 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Intervideo DiscLabel
05/25/2011 05:27 PM <DIR> Intervideo WinDVD Creator
05/25/2011 05:27 PM <DIR> Intervideo WinDVD Player
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Intervideo WinDVD\Intervideo DiscLabel

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Intervideo WinDVD\Intervideo WinDVD Creator

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Intervideo WinDVD\Intervideo WinDVD Player

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\iTunes

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Java 2 Runtime Environment

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Macromedia

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Readme Files
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Readme Files

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\MapSource

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\MARPLOT

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Encarta

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Microsoft Office Tools
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office (60 Day Trial)

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Microsoft Office Tools
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office (60 Day Trial)\Microsoft Office Tools

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Picture It! 10

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\muvee autoProducer

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Norton PC Checkup

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Online Services

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Updates from HP
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\PC Help & Tools\Updates from HP

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Picture Package

05/20/2011 05:15 PM <DIR> .
05/20/2011 05:15 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Handycam Tools
05/25/2011 05:27 PM <DIR> Picture Package Auto Video
05/25/2011 05:27 PM <DIR> Picture Package CD Backup
05/25/2011 05:27 PM <DIR> Picture Package Menu
05/25/2011 05:27 PM <DIR> Picture Package Producer
05/25/2011 05:27 PM <DIR> Picture Package VCD Maker
05/25/2011 05:27 PM <DIR> Picture Package Viewer
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Picture Package\Handycam Tools

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Picture Package\Picture Package Auto Video

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Picture Package\Picture Package CD Backup

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Picture Package\Picture Package Menu

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Picture Package\Picture Package Producer

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Picture Package\Picture Package VCD Maker

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Picture Package\Picture Package Viewer

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\PIXELA

05/20/2011 05:15 PM <DIR> .
05/20/2011 05:15 PM <DIR> ..
05/25/2011 05:27 PM <DIR> ImageMixer VCD2
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\PIXELA\ImageMixer VCD2

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\QuickTime

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Real

05/20/2011 05:15 PM <DIR> .
05/20/2011 05:15 PM <DIR> ..
05/25/2011 05:27 PM <DIR> RealPlayer
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Road Runner Medic

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Sonic

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Sonic RecordNow!

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Startup

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\The Weather Channel

05/20/2011 05:15 PM <DIR> .
05/20/2011 05:15 PM <DIR> ..
05/25/2011 05:27 PM <DIR> Desktop 6
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\The Weather Channel\Desktop 6

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\1\Programs\Volo View Express

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\2

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smtmp\4

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\SUPERSetup

05/24/2011 06:09 PM <DIR> .
05/24/2011 06:09 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\sw

07/31/2007 10:58 AM <DIR> .
07/31/2007 10:58 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\TCD566.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\TCD6.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\TCD7.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\TCD8.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\TCD9.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\TCDD.tmp

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\TempFolder.aaa

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for brochure[1].zip

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\VBE

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WebregV2

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER1c71.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER1f16.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER50a4.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER542e.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER542f.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER54d5.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER5803.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER5869.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER5a32.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER5fa1.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER6123.dir00

05/26/2011 10:54 PM <DIR> .
05/26/2011 10:54 PM <DIR> ..
05/26/2011 10:54 PM 12,352 appcompat.txt
05/26/2011 10:54 PM 1,788 manifest.txt
05/26/2011 10:54 PM 5,372,974 TaskMan.exe.hdmp
05/26/2011 10:54 PM 1,597,059 TaskMan.exe.mdmp
4 File(s) 6,984,173 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER70d5.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER71b9.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER761a.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER8f0a.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WER9c3f.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WERa318.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WERc251.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WERc3fa.dir00

05/26/2011 10:41 PM <DIR> .
05/26/2011 10:41 PM <DIR> ..
05/26/2011 10:41 PM 16,282 appcompat.txt
05/26/2011 10:41 PM 1,826 manifest.txt
05/26/2011 10:41 PM 3,467,698 rundll32.exe.hdmp
05/26/2011 10:41 PM 51,285 rundll32.exe.mdmp
4 File(s) 3,537,091 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WERd269.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WERde79.dir00

05/26/2011 10:54 PM <DIR> .
05/26/2011 10:54 PM <DIR> ..
05/26/2011 10:54 PM 115,562 appcompat.txt
05/26/2011 10:54 PM 84,976,877 firefox.exe.hdmp
05/26/2011 10:54 PM 120,378 firefox.exe.mdmp
05/26/2011 10:54 PM 1,766 manifest.txt
4 File(s) 85,214,583 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WERe29d.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WERe8cb.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WERefb6.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WERf416.dir00

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WMT55.tmp

04/05/2007 01:32 PM <DIR> .
04/05/2007 01:32 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WMT56.tmp

04/05/2007 01:32 PM <DIR> .
04/05/2007 01:32 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Word8.0

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\WPDNSE

02/09/2010 09:06 AM <DIR> .
02/09/2010 09:06 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrd11220d2c.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrd1ada096c.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrd1e9f0df8.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrd1f95009c.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrd223e0974.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrd26a04e8.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrd280407b4.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrd40a07d8.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrd6401a0.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrd7e80954.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrdacf0e70.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wrdc1607d4.~lk

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_ir_tmpfnt_1

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_ISTMP1.DIR

11/21/2005 09:26 AM <DIR> .
11/21/2005 09:26 AM <DIR> ..
05/25/2011 05:27 PM <DIR> _ISTMP0.DIR
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_ISTMP2.DIR

11/21/2005 09:26 AM <DIR> .
11/21/2005 09:26 AM <DIR> ..
05/25/2011 05:27 PM <DIR> _ISTMP0.DIR
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_ISTMP3.DIR

11/21/2005 09:26 AM <DIR> .
11/21/2005 09:26 AM <DIR> ..
05/25/2011 05:27 PM <DIR> _ISTMP0.DIR
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_ISTMP3.DIR\_ISTMP0.DIR

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\__ArcadeDownloadFoler__wheeloffortune_EN_elgoog

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}

03/08/2007 03:32 PM <DIR> .
03/08/2007 03:32 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{68249B73-B714-11D7-88E8-0050DA21757E}

01/10/2006 09:31 AM <DIR> .
01/10/2006 09:31 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{68249B76-B714-11D7-88E8-0050DA21757E}

11/08/2005 03:36 PM <DIR> .
11/08/2005 03:36 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}

07/10/2009 10:45 AM <DIR> .
07/10/2009 10:45 AM <DIR> ..
07/10/2009 10:42 AM <DIR> 0f90f3715121d8c5
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5

07/10/2009 10:42 AM <DIR> .
07/10/2009 10:42 AM <DIR> ..
05/25/2011 05:27 PM <DIR> V2SubFolder
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
07/10/2009 10:42 AM <DIR> Graphics
07/10/2009 10:42 AM <DIR> SDK
07/10/2009 10:42 AM <DIR> Support
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics

07/10/2009 10:42 AM <DIR> .
07/10/2009 10:42 AM <DIR> ..
05/25/2011 05:27 PM <DIR> Bitmaps
05/25/2011 05:27 PM <DIR> Button
05/25/2011 05:27 PM <DIR> Button_disable
05/25/2011 05:27 PM <DIR> Button_press
05/25/2011 05:27 PM <DIR> Icons
05/25/2011 05:27 PM <DIR> popup
05/25/2011 05:27 PM <DIR> Status_icons
07/10/2009 10:42 AM <DIR> Tabs_Windows
07/10/2009 10:42 AM <DIR> wizard
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\Bitmaps

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\Button

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\Button_disable

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\Button_press

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\Icons

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\popup

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\Status_icons

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\Tabs_Windows

07/10/2009 10:42 AM <DIR> .
07/10/2009 10:42 AM <DIR> ..
05/25/2011 05:27 PM <DIR> SelectedTabBorder
07/10/2009 10:42 AM <DIR> Tabs
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\Tabs_Windows\SelectedTabBorder

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\Tabs_Windows\Tabs

07/10/2009 10:42 AM <DIR> .
07/10/2009 10:42 AM <DIR> ..
05/25/2011 05:27 PM <DIR> ActiveTab
05/25/2011 05:27 PM <DIR> notActiveTab
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\Tabs_Windows\Tabs\ActiveTab

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\Tabs_Windows\Tabs\notActiveTab

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\wizard

07/10/2009 10:42 AM <DIR> .
07/10/2009 10:42 AM <DIR> ..
05/25/2011 05:27 PM <DIR> Border
05/25/2011 05:27 PM <DIR> Numbers
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\wizard\Border

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Graphics\wizard\Numbers

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\SDK

07/10/2009 10:42 AM <DIR> .
07/10/2009 10:42 AM <DIR> ..
05/25/2011 05:27 PM <DIR> S2
05/25/2011 05:27 PM <DIR> T5
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\SDK\S2

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\SDK\T5

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Support

07/10/2009 10:42 AM <DIR> .
07/10/2009 10:42 AM <DIR> ..
05/25/2011 05:27 PM <DIR> Cookies
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{A12647A7-59A4-497c-90B0-45C455CBDE53}\0f90f3715121d8c5\V2SubFolder\Support\Cookies

05/25/2011 05:27 PM <DIR> .
05/25/2011 05:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{E09B48B5-E141-427A-AB0C-D3605127224A}

08/24/2005 01:02 PM <DIR> .
08/24/2005 01:02 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{FAD1EE66-47B3-4881-A53C-438292158F8E}

09/06/2005 08:27 AM <DIR> .
09/06/2005 08:27 AM <DIR> ..
09/06/2005 08:27 AM <DIR> {F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\{FAD1EE66-47B3-4881-A53C-438292158F8E}\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}

09/06/2005 08:27 AM <DIR> .
09/06/2005 08:27 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DEST

08/13/2009 10:10 AM <DIR> .
08/13/2009 10:10 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~nsu.tmp

08/13/2009 11:26 AM <DIR> .
08/13/2009 11:26 AM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
63 File(s) 101,150,453 bytes
719 Dir(s) 125,306,658,816 bytes free

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,436 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:22 AM

Posted 29 May 2011 - 12:27 AM

This infection moves the Start menu icons to the temp folder. If any other application has detected these as malware, then chances are you have also lost the startup menu icons.

Try this:

Download and run Unhide by Grinler

Set Explorer to Defaults:

  • Right-click your Start button and go to "Explore".
  • Select Tools from the menu
  • Select Folder Options
  • Select the View tab
  • Click on Restore Defaults
  • Select Apply to All Folders | Yes | Apply | OK.

Download the enclosed file.

Save and extract its contents to the desktop. Once extracted, open the folder and click on the ShortcutsFix.bat file. the MSDOS window will be displayed for a second. That is normal. Once done, restart the computer and check the start menu.

Keep me posted.

Edited by JSntgRvr, 30 May 2011 - 01:11 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,436 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:22 AM

Posted 30 May 2011 - 01:12 AM

Edited my previous post is case you have read it.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 911Response

911Response
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 01 June 2011 - 03:24 PM

Sorry for the delay in response, long weekend.

I had previously run Unhide.exe and that brought back the Start Menu folders, but I ran it again as well as the other procedures you mentioned. However there was no change, and the program icons are still missing from the Start Menu.

It seems like some items are mixed between the the user folders, but not completely sure.

Thanks for the help.

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,436 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:22 AM

Posted 01 June 2011 - 05:26 PM

The infection usually move the folders and links to a folder within the temp folder labeled smtmp. The previous report show this folder and folders moved, but not the links. Lets search for those links in other areas of the computer.

Download the enclosed folder.


Save and extract its contents to the desktop. Once extracted open the folder and click on the ShortcutSearch.bat file. It should take some time to search the computer for every shortcut. Be patient. A Searchlog.txt will be created on your desktop. Please attach this report to your reply.

Lets hope these were not deleted.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 911Response

911Response
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 06 June 2011 - 03:31 PM

Here is the Searchlog.txt

Attached Files



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,436 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:22 AM

Posted 06 June 2011 - 03:52 PM

I am unable to determine which of the links are missing.

Lets run Combofix:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 911Response

911Response
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 07 June 2011 - 10:19 AM

I uninstalled AVG and ran ComboFix, however a warning pops up to tell me to uninstall AVG and then ComboFix closes. I also ran the AppRemover program you suggested and it found nothing.

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,436 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:22 AM

Posted 07 June 2011 - 12:20 PM

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Click on Connect
5. Under NameSpace type in or copy/paste root\SecurityCenter
6. Click on Connect
5. Click on Query
6. Type in or copy/paste SELECT * FROM AntiVirusProduct and click on Apply

Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed, then retry Combofix.

If that fails, then lets remove all AVG entries.

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

    :files
    C:\Program Files\AVG

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Restart and retry combofix.

Edited by JSntgRvr, 07 June 2011 - 12:29 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users