Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services.exe Error


  • This topic is locked This topic is locked
14 replies to this topic

#1 coolpapa20

coolpapa20

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 27 May 2011 - 05:13 PM

I currently have the same issue as others - but unlike them, I am not able to get booted up to perform the fix that was recommended in another post (fireman4it assisting remdawg).
Here's a cut and paste from a similar problem - this is what I have, but cannot start in safe mode or in safe mode with networking.
Please help - thank you!

________________________________________________________________________________
When booting, HP Windows XP shows a pop-up screen with:

"services.exe - Application Error

The instruction at "0x003f27f0" referenced memory at "0x1000a64f". The

memory could not be "read".

Click on OK to terminate the program
Click on CANCEL to debug the program"

When I click on either option, the computer then shows another pop up which

indicates the computer will shut down in 60 seconds. Launching in Safe Mode

generates the same result.

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:46 PM

Posted 31 May 2011 - 03:49 PM

Hi, :welcome:

Lets give it a try.

We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.bin bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.bin is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, zip the mbr.bin, and except for the mbr.bin zipped file, post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.bin zipped file must be attached to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 coolpapa20

coolpapa20
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 31 May 2011 - 09:57 PM

Thanks so much for your reply!

OK...so everything seemed to work out great...except the final command. The program didn't seem to run an extensive search after I entered the "dd if=/dev/sda of=mbr.bin bs=512 count=1" command. There were only two lines...I should have written them down but they were ....1+0 and ....1+0 (something like that).

So here are the reports you were looking for:

REPORT.TXT

Tue May 31 22:09:53 UTC 2011
Driver report for /mnt/sda1/WINDOWS/system32/drivers
9f700584e974a15820c2abf414088b0d packet.sys has NO Company Name!
e33edbb864a22f7474d2b297e44ee0b6 volsnap.sys has NO Company Name!

0f2d66d5f08ebe2f77bb904288dcf6f0 ac97intc.sys
Intel Corporation

9859c0f6936e723e4892d7141b1327d5 acpiec.sys
Microsoft Corporation

a10c7534f7223f4a73a948967d00e69b acpi.sys
Microsoft Corporation

1ee7b434ba961ef845de136224c30fec aec.sys
Microsoft Corporation

55e6e1c51b6d30e54335750955453702 afd.sys
Microsoft Corporation

2c428fa0c3e3a01ed93c9b2a27d8d4bb agp440.sys
Microsoft Corporation

67288b07d6aba6c1267b626e67bc56fd agpcpq.sys
Microsoft Corporation

f312b7cef21eff52fa23056b9d815fad alim1541.sys
Microsoft Corporation

675c16a3c1f8482f85ee4a97fc0dde3d amdagp.sys
Advanced Micro Devices

dad16a9d5c873e7219e6b43802ed316a amdk6.sys
Microsoft Corporation

680ad1c1bb16239e28d8f33a54a7a3c7 amdk7.sys
Microsoft Corporation

f0d692b0bffb46e30eb3cea168bbc49f arp1394.sys
Microsoft Corporation

02000abf34af4c218c35d257024807d6 asyncmac.sys
Microsoft Corporation

cdfe4411a69c224bd1d11b2da92dac51 atapi.sys
Microsoft Corporation

d649c57da6fa762c64013747e5d7d2d6 ati1btxx.sys
ATI Technologies

60b6aa2dc1521da343f781b70eb7895a ati1mdxx.sys
ATI Technologies

6fdc61e8e8e17f6ecc2d9a10fa8df347 ati1pdxx.sys
ATI Technologies

9d318099bf3876a4af4bc75966d27603 ati1raxx.sys
ATI Technologies

bcaf267b10620f8c93f6e87ab726e145 ati1rvxx.sys
ATI Technologies

dac7d785cf62f5bd41441e9d6f5a6efe ati1snxx.sys
ATI Technologies

f7706dae7d101f1b19ce552d772ebfce ati1ttxx.sys
ATI Technologies

6f714b4720dd80ffa9f8d2731594ea4c ati1tuxx.sys
ATI Technologies

67ffbc158dd4d27ba3fc92c6acd87f73 ati1xbxx.sys
ATI Technologies

0d8cab1f08f7d3c4de228b49e12e596a ati1xsxx.sys
ATI Technologies

2d030c2f6b036ca0bc243e1b16d924d1 ati2mtaa.sys
ATI Technologies

8759322ffc1a50569c1e5528ee8026b7 ati2mtag.sys
ATI Technologies

993e7bd6438fe989e328c6b4bca246a9 atinbtxx.sys
ATI Technologies

ed4c2bf8403f4437987c0ba09cf48716 atinmdxx.sys
ATI Technologies

e90ac2b14e98f1a4372e5891b4278784 atinpdxx.sys
ATI Technologies

da36687d701c833430605a298731410b atinraxx.sys
ATI Technologies

a7a01b907db63898d40b0a14248ff9a2 atinrvxx.sys
ATI Technologies

ceddee2e0591894d19654d458fd3b9be atinsnxx.sys
ATI Technologies

d80a8f6c0a717446496c3a06d33b0d9c atinttxx.sys
ATI Technologies

edd66332608d27f4fd5069bcd0bc5164 atintuxx.sys
ATI Technologies

3e7d485cbd0b0d9f6ea2ad9442411831 atinxbxx.sys
ATI Technologies

77b575d7aab35d5908ae6ce681608d62 atinxsxx.sys
ATI Technologies

ec88da854ab7d7752ec8be11a741bb7f atmarpc.sys
Microsoft Corporation

39a0a59180f19946374275745b21aeba atmepvc.sys
Microsoft Corporation

0128e78fe835f074e469f03db681ca9e atmlane.sys
Microsoft Corporation

e7ef69b38d17ba01f914ae8f66216a38 atmuni.sys
Microsoft Corporation

d9f724aa26c010a217c97606b160ed68 audstub.sys
Microsoft Corporation

da1f27d85e0d1525f6621372e7b685e9 beep.sys
Microsoft Corporation

e4e6a0922e3d983728c9ad4e8d466954 bridge.sys
Microsoft Corporation

d24b8d1784c68a25060fffbe8ed34b76 bthenum.sys
Microsoft Corporation

9df0adf74ce1d6371ed60cf92eb1d9a6 bthmodem.sys
Microsoft Corporation

10355270be12641b9764235da39dcf0f bthpan.sys
Microsoft Corporation

95ef6f3f386d93ee1e4d9ca45a50252a bthport.sys
Microsoft Corporation

275bef3567b48225b0836e138325430c bthprint.sys
Microsoft Corporation

f06d4cb9918b462a84d9ac00027efc30 bthusb.sys
Microsoft Corporation

90a673fc8e12a79afbed2576f6a7aaf9 cbidf2k.sys
Microsoft Corporation

c1b486a7658353d33a10cc15211a873b cdaudio.sys
Microsoft Corporation

cd7d5152df32b47f4e36f710b35aae02 cdfs.sys
Microsoft Corporation

af9c19b3100fe010496b1a27181fbf72 cdrom.sys
Microsoft Corporation

b562592b7f5759c99e179ca467ecfb4c cinemst2.sys
Ravisent Technologies

d86173b401470f06d9810f7962969ddf classpnp.sys
Microsoft Corporation

9624293e55ad405415862b504ca95b73 cpqdap01.sys
Compaq Computer Corp

6af1684ccaac3f7ef4ee9ba65eb0677a crusoe.sys
Microsoft Corporation

d16c81677a9be399c63cd2ea486472a5 diskdump.sys
Microsoft Corporation

00ca44e4534865f8a3b64f7c0984bff0 disk.sys
Microsoft Corporation

c0fbb516e06e243f0cf31f597e7ebf7d dmboot.sys
Microsoft Corp

f5e7b358a732d09f4bcf2824b88b9e28 dmio.sys
Microsoft Corp

e9317282a63ca4d188c0df5e09c6ac5f dmload.sys
Microsoft Corp

a6f881284ac1150e37d9ae47ff601267 dmusic.sys
Microsoft Corporation

1ed4dbbae9f5d558dbba4cc450e3eb2e drmkaud.sys
Microsoft Corporation

ff86422268de771d571e123eb7092c6a drmk.sys
Microsoft Corporation

fe97d0343acfdebdd578fc67cc91fa87 dxapi.sys
Microsoft Corporation

d3dac8432110aad0b02a58b4459ab835 dxg.sys
Microsoft Corporation

a73f5d6705b1d820c19b18782e176efd dxgthk.sys
Microsoft Corporation

3117f595e9615e04f05a54fc15a03b20 fastfat.sys
Microsoft Corporation

ced2e8396a8838e59d8fd529c680e02c fdc.sys
Microsoft Corporation

e153ab8a11de5452bcf5ac7652dbf3ed fips.sys
Microsoft Corporation

0dd1de43115b93f4d85e889d7a86f548 flpydisk.sys
Microsoft Corporation

3d234fb6d6ee875eb009864a299bea29 fltmgr.sys
Microsoft Corporation

3e1e2bd4f39b0e2b7dc4f4d2bcc2779a fs_rec.sys
Microsoft Corporation

455f778ee14368468560bd7cb8c854d0 fsvga.sys
Microsoft Corporation

6ac26732762483366c3969c9e4d2259d ftdisk.sys
Microsoft Corporation

4216cd545e5c30807b560c5dcaa812e6 gagp30kx.sys
Microsoft Corporation

8182ff89c65e4d38b2de4bb0fb18564e GEARAspiWDM.sys
GEAR Software

cda7c5208286249ba83aca396ce84cf7 hidbth.sys
Microsoft Corporation

378055ab8dda86228683c697c4e11685 hidclass.sys
Microsoft Corporation

442915553e99782fa5713b04c3eeb94a hidir.sys
Microsoft Corporation

5fff41cd5108e9051d255c37825af697 hidparse.sys
Microsoft Corporation

1de6783b918f540149aa69943bdfeba8 hidusb.sys
Microsoft Corporation

9f1d80908658eb7f1bf70809e0b51470 HPZid412.sys
HP

f7e3e9d50f9cd3de28085a8fdaa0a1c3 HPZipr12.sys
HP

cf1b7951b4ec8d13f3c93b74bb2b461b HPZius12.sys
HP

93ec3cb49592633b0d0e159a20bb3604 HSF_AMOS.sys
Conexant

970178e8e003eb1481293830069624b9 hsfbs2s2.sys
Conexant

1b9c81ab9a456eabd9f8335f04b5f495 HSF_BSC2.sys
Conexant

1225ebea76aac3c84df6c54fe5e5d8be hsfcxts2.sys
Conexant

ebb354438a4c5a3327fb97306260714a hsfdpsp2.sys
Conexant

c823debe2548656549f84a875d65237b HSF_FALL.sys
Conexant

d9e8e0ce154a2f6430d9efabdf730867 HSF_FAXX.sys
Conexant

6483414841d4cab6c3b4db2ac6edd70b HSF_FSKS.sys
Conexant

9c5e3fdbfcc30cf71a49ca178b9ad442 HSF_K56K.sys
Conexant

74e379857d4c0dfb56de2d19b8f4c434 HSF_MSFT.sys
Conexant

bb7549bd94d1aac3599c7606c50c48a0 HSF_SAMP.sys
Conexant

724bd3830863e2774eb17311414a865e HSF_SOAR.sys
Conexant

6c843c43fd7f0b42cfe477ce88d0f9b3 HSF_SPKP.sys
Conexant

8021a499db46b2961c285168671cb9af HSF_TONE.sys
Conexant

269c0ade94b90029b12497747be408cb HSF_V124.sys
Conexant

9f8b0f4276f618964fd118be4289b7cd http.sys
Microsoft Corporation

5502b58eef7486ee6f93f3f164dcb808 i8042prt.sys
Microsoft Corporation

f8aa320c6a0409c0380e5d8a99d76ec6 imapi.sys
Microsoft Corporation

2d722b2b54ab55b2fa475eb58d7b2aad intelide.sys
Microsoft Corporation

279fb78702454dff2bb445f238c048d2 intelppm.sys
Microsoft Corporation

4448006b6bc60e6c027932cfc38d6855 ip6fw.sys
Microsoft Corporation

731f22ba402ee4b62748adaf6363c182 ipfltdrv.sys
Microsoft Corporation

e1ec7f5da720b640cd8fb8424f1b14bb ipinip.sys
Microsoft Corporation

e2168cbc7098ffe963c6f23f472a3593 ipnat.sys
Microsoft Corporation

64537aa5c003a6afeee1df819062d0d1 ipsec.sys
Microsoft Corporation

9d0f94e4feb6dcddaef975def0a32949 irbus.sys
Microsoft Corporation

50708daa1b1cbb7d6ac1cf8f56a24410 irenum.sys
Microsoft Corporation

e504f706ccb699c2596e9a3da1596e87 isapnp.sys
Microsoft Corporation

ebdee8a2ee5393890a1acee971c4c246 kbdclass.sys
Microsoft Corporation

ba5deda4d934e6288c2f66caf58d2562 kmixer.sys
Microsoft Corporation

674d3e5a593475915dc6643317192403 ksecdd.sys
Microsoft Corporation

b9540e258f952650de8dec68719a5c97 ks.sys
Microsoft Corporation

d68e165c3123aba3b1282eddb4213bd8 mbamswissarmy.sys
Malwarebytes Corporation

d1f8be91ed4ddb671d42e473e3fe71ab mcd.sys
Microsoft Corporation

195741aee20369980796b557358cd774 mdmxsdk.sys
Conexant

729d83e56c29c510258a6e9e79ffddc3 mf.sys
Microsoft Corporation

4ae068242760a1fb6e1a44bf4e16afa6 mnmdd.sys
Microsoft Corporation

6fc6f9d7acc36dca9b914565a3aeda05 modem.sys
Microsoft Corporation

34e1f0031153e491910e12551400192c mouclass.sys
Microsoft Corporation

65653f3b4477f3c63e68a9659f85ee2e mountmgr.sys
Microsoft Corporation

eee50bf24caeedb515a8f3b22756d3bb mqac.sys
Microsoft Corporation

29414447eb5bde2f8397dc965dbb3156 mrxdav.sys
Microsoft Corporation

fb6c89bb3ce282b08bdb1e3c179e1c39 mrxsmb.sys
Microsoft Corporation

561b3a4333ca2dbdba28b5b956822519 msfs.sys
Microsoft Corporation

c0f1d4a21de5a415df8170616703debf msgpc.sys
Microsoft Corporation

ae431a8dd3c1d0d0610cdbac16057ad0 mskssrv.sys
Microsoft Corporation

13e75fef9dfeb08eeded9d0246e1f448 mspclock.sys
Microsoft Corporation

1988a33ff19242576c3d0ef9ce785da7 mspqm.sys
Microsoft Corporation

469541f8bfd2b32659d5d463a6714bce mssmbios.sys
Microsoft Corporation

c53775780148884ac87c455489a0c070 mtlmnt5.sys
Smart Link

54886a652bf5685192141df304e923fd mtlstrm.sys
Smart Link

6dda78a0be692b61b668fab860f276cf mtxparhm.sys
Matrox Graphics

82035e0f41c2dd05ae41d27fe6cf7de1 mup.sys
Microsoft Corporation

94af9d9d9e9a562b43d573a82fb5ab60 mutohpen.sys
Microsoft Corporation

558635d3af1c7546d26067d5d9b6959e ndis.sys
Microsoft Corporation

08d43bbdacdf23f34d79e44ed35c1b4c ndistapi.sys
Microsoft Corporation

34d6cd56409da9a7ed573e1c90a308bf ndisuio.sys
Microsoft Corporation

0b90e255a9490166ab368cd55a529893 ndiswan.sys
Microsoft Corporation

59fc3fb44d2669bc144fd87826bb571f ndproxy.sys
Microsoft Corporation

3a2aca8fc1d7786902ca434998d7ceb4 netbios.sys
Microsoft Corporation

0c80e410cd2f47134407ee7dd19cc86b netbt.sys
Microsoft Corporation

5c5c53db4fef16cf87b9911c7e8c6fbc nic1394.sys
Microsoft Corporation

be984d604d91c217355cdd3737aad25d nikedrv.sys
Diamond Multimedia Systems

60cf8c7192b3614f240838ddbaa4a245 nmnt.sys
Microsoft Corporation

4f601bcb8f64ea3ac0994f98fed03f8e npfs.sys
Microsoft Corporation

19a811ef5f1ed5c926a028ce107ff1af ntfs.sys
Microsoft Corporation

576b34ceae5b7e5d9fd2775e93b3db53 ntmtlfax.sys
Smart Link

73c1e1f395918bc2c6dd67af7591a3ad null.sys
Microsoft Corporation

2b298519edbfcf451d43e0f1e8f1006d nv4_mini.sys
NVIDIA Corporation

4d31783965b0b7ced7db3f4ee14cf260 nv4.sys
NVIDIA Corporation

b305f3fad35083837ef46a0bbce2fc57 nwlnkflt.sys
Microsoft Corporation

c99b3415198d1aab7227f2c88fd664b9 nwlnkfwd.sys
Microsoft Corporation

79ea3fcda7067977625b3363a2657c80 nwlnkipx.sys
Microsoft Corporation

56d34a67c05e94e16377c60609741ff8 nwlnknb.sys
Microsoft Corporation

c0bb7d1615e1acbdc99757f6ceaf8cf0 nwlnkspx.sys
Microsoft Corporation

3f18d9365be71c7b2e43b7cf4a0c1a10 nwrdr.sys
Microsoft Corporation

4bb30ddc53ebc76895e38694580cdfe9 oprghdlr.sys
Microsoft Corporation

3e16eff2a6fed2d8d7f5a66dfe65d183 p3.sys
Microsoft Corporation

9f700584e974a15820c2abf414088b0d packet.sys

29744eb4ce659dfe3b4122deb45bc478 parport.sys
Microsoft Corporation

3334430c29dc338092f79c38ef7b4cd0 partmgr.sys
Microsoft Corporation

70e98b3fd8e963a6a46a2e6247e0bea1 parvdm.sys
Microsoft Corporation

520b91ab011456b940d9b05fc91108ff pciidex.sys
Microsoft Corporation

8086d9979234b603ad5bc2f5d890b234 pci.sys
Microsoft Corporation

82a087207decec8456fbe8537947d579 pcmcia.sys
Microsoft Corporation

5b0f00e43a7094c0b7e433cb42c79164 portcls.sys
Microsoft Corporation

0d97d88720a4087ec93af7dbb303b30a processr.sys
Microsoft Corporation

48671f327553dcf1d27f6197f622a668 psched.sys
Microsoft Corporation

d24dfd16a1e2a76034df5aa18125c35d psi_mf.sys
tHbbVS_VERSION_INFOaa?balStringFileInfoHebCompanyNameSecuniaNFileDescriptionSecuniaPSIDriverbFileVersion...vInternalNamepsi_mf.sysz+LegalCopyright©-Secunia.AllrightsreservedOriginalFilenamePSIh$ProductNameSecuniaPersonalSoftwareInspectorbProductVersion...DVarFileInfo$Translationt

80d317bd1c3dbc5d4fe7b1678c60cadd ptilink.sys
Parallel Technologies

7c81ae3c9b82ba2da437ed4d31bc56cf pxhelp20.sys
Sonic Solutions

fe0d99d6f31e4fad8159f690d68ded9c rasacd.sys
Microsoft Corporation

98faeb4a4dcf812ba1c6fca4aa3e115c rasl2tp.sys
Microsoft Corporation

7306eeed8895454cbed4669be9f79faa raspppoe.sys
Microsoft Corporation

1c5cc65aac0783c344f16353e60b72ac raspptp.sys
Microsoft Corporation

fdbb1d60066fcfbb7452fd8f9829b242 raspti.sys
Microsoft Corporation

01524cd237223b18adbb48f70083f101 rawwan.sys
Microsoft Corporation

03b965b1ca47f6ef60eb5e51cb50e0af rdbss.sys
Microsoft Corporation

4912d5b403614ce99c28420f75353332 rdpcdd.sys
Microsoft Corporation

a2cae2c60bc37e0751ef9dda7ceaf4ad rdpdr.sys
Microsoft Corporation

b54cd38a9ebfbf2b3561426e3fe26f62 rdpwd.sys
Microsoft Corporation

e9aaa0092d74a9d371659c4c38882e12 recagent.sys
Smart Link

b31b4588e4086d8d84adbf9845c2402b redbook.sys
Microsoft Corporation

99c4b74981a1413f142a3903130088cb rfcomm.sys
Microsoft Corporation

a56fe08ec7473e8580a390bb1081cdd7 rio8drv.sys
Diamond Multimedia Systems

0a854df84c77a0be205bfeab2ae4f0ec riodrv.sys
Diamond Multimedia Systems

d18208ed6c768663b08c972eaa7a8b60 rmcast.sys
Microsoft Corporation

7ce8b277f3207ea82d7d22ad348befc6 rndismp.sys
Microsoft Corporation

a82a06278b29004d5da49965565ac2fd rndismpx.sys
Microsoft Corporation

d8b0b4ade32574b2d9c5cc34dc0dbbe7 rootmdm.sys
Microsoft Corporation

d507c1400284176573224903819ffda3 rtl8139.sys
Realtek Semiconductor

0dbcc071a268e0340a2ba6bdd98bace4 s3gnbm.sys
SGraphics

d7fd0ff761e28ac0ea35ad71e0cd67e9 scsiport.sys
Microsoft Corporation

02fc71b020ec8700ee8a46c58bc6f276 sdbus.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

a2d868aeeff612e70e213c451a70cafb serenum.sys
Microsoft Corporation

cd9404d115a00d249f70a371b46d5a26 serial.sys
Microsoft Corporation

1d9f1bec651815741f088a8fb88e17ee sffdisk.sys
Microsoft Corporation

586499fd312ffd7f78553f408e71682e sffp_sd.sys
Microsoft Corporation

0d13b6df6e9e101013a7afb0ce629fe0 sfloppy.sys
Microsoft Corporation

732d859b286da692119f286b21a2a114 sisagp.sys
Silicon Integrated Systems

d9673011648a71ed1e1f77b831bc85e6 slnt7554.sys
Smart Link

2c1779c0feb1f4a6033600305eba623a slntamr.sys
Smart Link

f9b8e30e82ee95cf3e1d3e495599b99c slnthal.sys
Smart Link

db56bb2c55723815cf549d7fc50cfceb slwdmsup.sys
Smart Link

654dd37334fb4621043003188c48d582 smbali.sys
Microsoft Corporation

017daecf0ed3aa731313433601ec40fa smclib.sys
Microsoft Corporation

addc9e4757a68ab60562ad3cb9c288d6 sonydcam.sys
Microsoft Corporation

0ce218578fff5f4f7e4201539c45c78f splitter.sys
Microsoft Corporation

e41b6d037d6cd08461470af04500dc24 sr.sys
Microsoft Corporation

7a4f147cc6b133f905f6e65e2f8669fb srv.sys
Microsoft Corporation

1c9ee2c640b6f899cc3d84bcd1ea526f StMp3Rec.sys
tHVS_VERSION_INFO'?tStringFileInfobCommentsbCompanyNameGenericdFileDescriptionGenericMPPlayerUSBDriver>FileVersion,,,:rInternalNameStMpRec.sysNLegalCopyrightAllrightsreserved.(LegalTrademarksBrOriginalFilenameStMpRec.sysPrivateBuildFProductNameGenericMPPlayerBProductVersion,,,SpecialBuildDVarFileInfo$Translationtdhlp

c43356072eb3e88cd62958db10cead47 stream.sys
Microsoft Corporation

03c1bae4766e2450219d20b993d6e046 swenum.sys
Microsoft Corporation

94abc808fc4b6d7d2bbf42b85e25bb4d swmidi.sys
Microsoft Corporation

083fe6483dc16a02af2434d04b7d7aea SYMEVENT.SYS
Symantec Corporation

650ad082d46bac0e64c9c0e0928492fd sysaudio.sys
Microsoft Corporation

a2a9ca0d1a9ac1ff54220aa0789fe5cf tape.sys
Microsoft Corporation

be4007ab8c9b62e3688fc2f469b98190 tcpip6.sys
Microsoft Corporation

2a5554fc5b1e04e131230e3ce035c3f9 tcpip.sys
Microsoft Corporation

6891b74ab9a016064e82a419388d0601 tdi.sys
Microsoft Corporation

38d437cf2d98965f239b0abcd66dcb0f tdpipe.sys
Microsoft Corporation

ed0580af02502d00ad8c4c066b156be9 tdtcp.sys
Microsoft Corporation

a540a99c281d933f3d69d55e48727f47 termdd.sys
Microsoft Corporation

699450901c5ccfd82357cbc531cedd23 tosdvd.sys
Microsoft Corporation

d74a8ec75305f1d3cfde7c7fc1bd62a9 tsbvcap.sys
Toshiba Corporation

87a0e9e18c10a9e454238e3330e2a26d tunmp.sys
Microsoft Corporation

49c805d42d75eddc9b6a7130999c9054 uagp35.sys
Microsoft Corporation

12f70256f140cd7d52c58c7048fde657 udfs.sys
Microsoft Corporation

ced744117e91bdc0beb810f7d8608183 update.sys
Microsoft Corporation

af090265ec388bab320f1ff7e7a7d5ea usb8023.sys
Microsoft Corporation

ee37e5c79d6c788711296075b2bc95f4 usb8023x.sys
Microsoft Corporation

d4fb6ecc60a428564ba8768b0e23c0fc usbaapl.sys
Apple

61018ba9df6b63e51d9753c980e73ec2 usbcamd2.sys
Microsoft Corporation

2654eecc6fb13603ebddcd5c8ea943d1 usbcamd.sys
Microsoft Corporation

bffd9f120cc63bcbaa3d840f3eef9f79 usbccgp.sys
Microsoft Corporation

596eb39b50d6ebd9b734dc4ae0544693 usbd.sys
Microsoft Corporation

15e993ba2f6946b2bfbbfcd30398621e usbehci.sys
Microsoft Corporation

c72f40947f92cea56a8fb532edf025f1 usbhub.sys
Microsoft Corporation

2853fd4c4489e0f8bfcf78efcdb7e998 usbintel.sys
Microsoft Corporation

2034ca78f9c6e787b4b76d81ac888351 usbport.sys
Microsoft Corporation

a42369b7cd8886cd7c70f33da6fcbcf5 usbprint.sys
Microsoft Corporation

a6bc71402f4f7dd5b77fd7f4a8ddba85 usbscan.sys
Microsoft Corporation

6cd7b22193718f1d17a47a1cd6d37e75 usbstor.sys
Microsoft Corporation

f8fd1400092e23c8f2f31406ef06167b usbuhci.sys
Microsoft Corporation

8968ff3973a883c49e8b564200f565b9 usbvideo.sys
Microsoft Corporation

55e01061c74a8cefff58dc36114a8d3f vdmindvd.sys
Ravisent Technologies

8a60edd72b4ea5aea8202daf0e427925 vga.sys
Microsoft Corporation

d92e7c8a30cfd14d8e15b5f7f032151b viaagp.sys
Microsoft Corporation

d5a9d123f5ed7c9965a481bd20cf66d8 videoprt.sys
Microsoft Corporation

e33edbb864a22f7474d2b297e44ee0b6 volsnap.sys

2fa9fb828d29fed55efc800e267be09d vpnva.sys
Cisco Systems

497f6cdb901ef8de81bd501e2aefb0d0 wacompen.sys
Microsoft Corporation

0308aef61941e4af478fa1a0f83812f5 wadv07nt.sys
Intel Corporation

714038a8aa5de08e12062202cd7eaeb5 wadv08nt.sys
Intel Corporation

7bb3aa595e4507a788de1cdc63f4c8c4 wadv09nt.sys
Intel Corporation

36e6c405b6143d09687f4056fd9a0d10 wadv11nt.sys
Intel Corporation

984ef0b9788abf89974cfed4bfbaacbc wanarp.sys
Microsoft Corporation

352fa0e98bc461ce1ce5d41f64db558d watv06nt.sys
Intel Corporation

791cc45de6e50445be72e8ad6401ff45 watv10nt.sys
Intel Corporation

efd235ca22b57c81118c1aeb4798f1c1 wdmaud.sys
Microsoft Corporation

2f31b7f954bed437f2c75026c65caf7b wmilib.sys
Microsoft Corporation

cf4def1bf66f06964dc0d91844239104 wpdusb.sys
Microsoft Corporation

6abe6e225adb5a751622a9cc3bc19ce8 ws2ifsl.sys
Microsoft Corporation

f15feafffbb3644ccc80c5da584e6311 WudfPf.sys
Microsoft Corporation

28b524262bce6de1f7ef9f510ba3985b WudfRd.sys
Microsoft Corporation

______________________________________________________________________________


FILEFIND.TXT

Search results for Winlogon.exe

ac6094297cd882b8626466cdeb64f19f /mnt/sda1/Documents and Settings/Administrator/Local Settings/Temp/RarSFX3/winlogon.exe
30.5K May 26 2009

ac6094297cd882b8626466cdeb64f19f /mnt/sda1/Documents and Settings/Administrator/Local Settings/Temp/RarSFX4/winlogon.exe
30.5K May 26 2009

e7f9d2e4e4a94a6f58014e5ffa16a65e /mnt/sda1/WINDOWS/SoftwareDistribution/Download/0bfb0fd6d1529228f4175fc177388244/sp1qfe/winlogon.exe
472.0K May 27 2004

5dc59daafda8e8d11bde999e478a0c8f /mnt/sda1/WINDOWS/SoftwareDistribution/Download/cb54485933aa009855d78885e4c31c64/rtmqfe/winlogon.exe
420.5K May 12 2004

e7f9d2e4e4a94a6f58014e5ffa16a65e /mnt/sda1/WINDOWS/SoftwareDistribution/Download/cb54485933aa009855d78885e4c31c64/sp1qfe/winlogon.exe
472.0K May 27 2004

ed0ef0a136dec83df69f04118870003e /mnt/sda1/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/winlogon.exe
496.0K Apr 14 2008

01c3346c241652f43aed8e2149881bfe /mnt/sda1/WINDOWS/system32/winlogon.exe
490.5K Aug 4 2004

01c3346c241652f43aed8e2149881bfe /mnt/sda1/WINDOWS/ServicePackFiles/i386/winlogon.exe
490.5K Aug 4 2004

2b0e480e975ee51f2d5ce5f068fed6e2 /mnt/sda1/WINDOWS/$NtServicePackUninstall$/winlogon.exe
420.0K Aug 23 2001


Search results for volsnap.sys

4c8fcb5cc53aab716d810740fe59d025 /mnt/sda1/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/volsnap.sys
51.1K Apr 13 2008

e33edbb864a22f7474d2b297e44ee0b6 /mnt/sda1/WINDOWS/system32/drivers/volsnap.sys
51.1K Aug 4 2004

ee4660083deba849ff6c485d944b379b /mnt/sda1/WINDOWS/ServicePackFiles/i386/volsnap.sys
51.1K Aug 4 2004

6fdc9523ef81617cf5028f47fcaf0fbe /mnt/sda1/WINDOWS/$NtServicePackUninstall$/volsnap.sys
48.0K Aug 23 2001


Search results for explorer.exe

abc6379205de2618851c4fcbf72112eb /mnt/sda1/Documents and Settings/Administrator/Local Settings/Temp/RarSFX3/h/explorer.exe
1.5K Aug 16 2005

3c33b26f2f7fa61d882515f2d6078691 /mnt/sda1/Documents and Settings/Administrator/Local Settings/Temp/RarSFX3/procs/explorer.exe
249.5K Jan 16 20:55

abc6379205de2618851c4fcbf72112eb /mnt/sda1/Documents and Settings/Administrator/Local Settings/Temp/RarSFX4/h/explorer.exe
1.5K Aug 16 2005

3c33b26f2f7fa61d882515f2d6078691 /mnt/sda1/Documents and Settings/Administrator/Local Settings/Temp/RarSFX4/procs/explorer.exe
249.5K Jan 16 20:55

7712df0cdde3a5ac89843e61cd5b3658 /mnt/sda1/WINDOWS/$hf_mig$/KB938828/SP2QFE/explorer.exe
1009.0K Jun 13 2007

12896823fb95bfb3dc9b46bcaedc9923 /mnt/sda1/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/explorer.exe
1009.5K Apr 14 2008

97bd6515465659ff8f3b7be375b2ea87 /mnt/sda1/WINDOWS/system32/dllcache/explorer.exe
1009.0K Jun 13 2007

97bd6515465659ff8f3b7be375b2ea87 /mnt/sda1/WINDOWS/explorer.exe
1009.0K Jun 13 2007

a0732187050030ae399b241436565e64 /mnt/sda1/WINDOWS/ServicePackFiles/i386/explorer.exe
1008.0K Aug 4 2004

5a26fc6010886d25b3e412493dd95ed8 /mnt/sda1/WINDOWS/$NtServicePackUninstall$/explorer.exe
977.5K Aug 23 2001

a0732187050030ae399b241436565e64 /mnt/sda1/WINDOWS/$NtUninstallKB938828$/explorer.exe
1008.0K Aug 4 2004


Search results for Userinit.exe

ac6094297cd882b8626466cdeb64f19f /mnt/sda1/Documents and Settings/Administrator/Local Settings/Temp/RarSFX3/userinit.exe
30.5K May 26 2009

ac6094297cd882b8626466cdeb64f19f /mnt/sda1/Documents and Settings/Administrator/Local Settings/Temp/RarSFX4/userinit.exe
30.5K May 26 2009

a93aee1928a9d7ce3e16d24ec7380f89 /mnt/sda1/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/userinit.exe
25.5K Apr 14 2008

39b1ffb03c2296323832acbae50d2aff /mnt/sda1/WINDOWS/system32/userinit.exe
24.0K Aug 4 2004

39b1ffb03c2296323832acbae50d2aff /mnt/sda1/WINDOWS/ServicePackFiles/i386/userinit.exe
24.0K Aug 4 2004

585398603f570f9705774d65d292e5d1 /mnt/sda1/WINDOWS/$NtServicePackUninstall$/userinit.exe
21.0K Aug 23 2001


Search results for Exit

_____________________________________________________________________________________


REGREPORT.TXT

Remote Registry Report

Hive </mnt/sda1/WINDOWS/system32/config/software>
\Microsoft\Windows NT\CurrentVersion> Value <ProductName> of type REG_SZ, data length 42 [0x2a]
Microsoft Windows XP
\Microsoft\Windows NT\CurrentVersion> Value <CSDVersion> of type REG_SZ, data length 30 [0x1e]
Service Pack 2
\Microsoft\Windows NT\CurrentVersion> Value <SystemRoot> of type REG_SZ, data length 22 [0x16]
C:\WINDOWS
\Microsoft\Windows NT\CurrentVersion\Windows> Value <AppInit_DLLs> of type REG_SZ, data length 2 [0x2]
(...)\Windows NT\CurrentVersion\Winlogon> Value <Shell> of type REG_SZ, data length 26 [0x1a]
Explorer.exe
(...)\Windows NT\CurrentVersion\Winlogon> Value <Userinit> of type REG_SZ, data length 68 [0x44]
C:\WINDOWS\system32\userinit.exe,
(...)\Windows NT\CurrentVersion\Winlogon\Notify> Node has 11 subkeys and 0 values
<crypt32chain>
<cryptnet>
<cscdll>
<NavLogon>
<ScCertProp>
<Schedule>
<sclgntfy>
<SensLogn>
<termsrv>
<WgaLogon>
<wlballoon>
\Microsoft\Windows\CurrentVersion\Run> Node has 1 subkeys and 10 values
<OptionalComponents>
size type value name [value if type DWORD]
82 REG_SZ <vptray>
112 REG_SZ <HPDJ Taskbar Utility>
108 REG_SZ <Windows Defender>
176 REG_SZ <HPHUPD08>
106 REG_SZ <HP Software Update>
104 REG_SZ <QuickTime Task>
86 REG_SZ <iTunesHelper>
122 REG_SZ <SunJavaUpdateSched>
116 REG_SZ <Adobe Reader Speed Launcher>
118 REG_SZ <Adobe ARM>
(...)\Windows\CurrentVersion\policies\system> Node has 0 subkeys and 6 values
4 REG_DWORD <dontdisplaylastusername> 0 [0x0]
4 REG_DWORD <legalnoticecaption> 1 [0x1]
8 REG_SZ <legalnoticetext>
4 REG_DWORD <shutdownwithoutlogon> 1 [0x1]
4 REG_DWORD <undockwithoutlogon> 1 [0x1]
4 REG_DWORD <DisableTaskMgr> 0 [0x0]


Hive </mnt/sda1/Documents and Settings/Administrator/NTUSER.DAT>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 2 values
size type value name [value if type DWORD]
104 REG_SZ <MSMSGS>
62 REG_SZ <ctfmon.exe>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
4 REG_DWORD <NoDriveTypeAutoRun> 145 [0x91]
(...)\Windows\CurrentVersion\Policies\System> Node has 0 subkeys and 0 values


Hive </mnt/sda1/Documents and Settings/dana/NTUSER.DAT>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 3 values
size type value name [value if type DWORD]
104 REG_SZ <MSMSGS>
62 REG_SZ <ctfmon.exe>
148 REG_SZ <swg>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
4 REG_DWORD <NoDriveTypeAutoRun> 145 [0x91]


Hive </mnt/sda1/Documents and Settings/zac/NTUSER.DAT>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 2 values
size type value name [value if type DWORD]
62 REG_SZ <ctfmon.exe>
98 REG_SZ <Starfield Updater>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
4 REG_DWORD <NoDriveTypeAutoRun> 145 [0x91]
(...)\Windows\CurrentVersion\Policies\System> Node has 0 subkeys and 0 values
\Software\Policies\Microsoft\Windows\System> Node has 0 subkeys and 0 values

________________________________________________________________________________________________

END OF REPORTS

Thanks again - and hopefully something in here makes sense. Looking forward to the next round of medicine!

Attached File  mbr.zip   499bytes   1 downloads

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:46 PM

Posted 31 May 2011 - 11:15 PM

Boot to xPUD.

Click on File, the browse to /mnt/sda1/WINDOWS/ServicePackFiles/i386 folder. Right click on the volsnap.sys file and select Copy.

Then browse to the /mnt/sda1/WINDOWS/system32/drivers folder. Right click on an empty space in the drivers folder and select Paste. Overwrite the volsnap.sys file in the drivers folder.

Restart in Normal Mode. If successful, Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in


    %TEMP%\smtmp\*.* /s

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 coolpapa20

coolpapa20
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 01 June 2011 - 07:59 PM

OK - the sick computer booted up and the OTL report is below (its a long one)...Note that I deleted the computer name and changed some people's names that were located in temp files to protect the innocent(!). Thanks again for your help!

OTL logfile created on: 6/1/2011 8:15:46 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\zac\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 48.95% Memory free
1.48 Gb Paging File | 1.04 Gb Available in Paging File | 70.37% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 13.12 Gb Free Space | 17.19% Space Free | Partition Type: NTFS
Drive D: | 63.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: deleted | User Name: zac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/01 20:11:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zac\Desktop\OTL.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/10/12 22:34:42 | 000,032,960 | ---- | M] () -- C:\Program Files\Starfield\starfieldupdate.exe
PRC - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\offSyncService.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/08/20 21:42:42 | 000,370,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/05/21 01:27:46 | 000,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2003/05/21 01:22:36 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2003/05/21 01:21:18 | 000,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2002/07/11 08:06:23 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe


========== Modules (SafeList) ==========

MOD - [2011/06/01 20:11:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zac\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/03/29 15:44:30 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Starfield\offSyncService.exe -- (File Backup)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/08/20 21:42:42 | 000,370,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/05/21 01:27:46 | 000,610,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 01:22:36 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (PCIIde)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpt3xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2011/02/18 16:36:58 | 000,041,984 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/31 12:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 10:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090624.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/06/24 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090624.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/06/22 07:34:52 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/18 15:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/08/20 20:57:26 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/16 04:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/12/18 05:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/04/23 06:32:54 | 000,364,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2007/02/09 07:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2006/10/18 20:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf)
DRV - [2006/08/21 05:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2006/06/14 05:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2006/06/14 04:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2006/06/14 04:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2006/05/05 05:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2006/02/14 20:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2005/06/10 00:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2005/01/26 02:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2004/09/29 18:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/09/29 01:11:46 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/09/29 01:11:42 | 000,051,120 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2004/09/29 01:10:16 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/08/11 20:46:12 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/04 04:01:07 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 04:01:07 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 04:01:07 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 02:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 02:15:52 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 02:15:20 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 02:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 02:14:36 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/04 02:14:31 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 02:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 02:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 02:14:26 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 02:14:22 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 02:14:16 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 02:14:10 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 02:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2004/08/04 02:08:42 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 02:08:37 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/04 02:08:05 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 02:07:57 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 02:07:47 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 02:07:46 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 02:07:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pci.sys -- (PCI)
DRV - [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\agp440.sys -- (agp440)
DRV - [2004/08/04 02:07:38 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2004/08/04 02:07:38 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2004/08/04 02:07:17 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 02:07:16 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 02:07:06 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 02:06:25 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/04 02:05:07 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 02:05:03 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 02:04:57 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 02:04:45 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 02:04:19 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 02:04:12 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 02:03:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 02:03:12 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 02:01:24 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2004/08/04 02:01:15 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/08/04 02:00:46 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 02:00:43 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 02:00:41 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 02:00:31 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 02:00:16 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 02:00:15 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 02:00:06 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk)
DRV - [2004/08/04 01:59:54 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 01:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/04 01:59:41 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2004/08/04 01:59:37 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/04 01:59:27 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 01:59:27 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 01:59:17 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/04 01:59:07 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2004/08/04 01:59:06 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 01:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2004/08/04 01:58:41 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2004/08/04 01:58:41 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 01:58:40 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2004/08/04 01:58:38 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2004/08/04 01:58:32 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 01:58:32 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/04 01:58:30 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 01:58:30 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 01:41:55 | 000,011,868 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/08/04 01:41:54 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys -- (HSF_DP)
DRV - [2004/08/04 01:41:48 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsfcxts2.sys -- (winachsf)
DRV - [2004/08/04 01:41:46 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys -- (HSFHWBS2)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/04 01:08:46 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2003/05/02 21:08:22 | 000,030,208 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2003/05/02 21:08:18 | 000,224,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2001/08/23 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/23 08:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2001/08/23 08:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2001/08/23 08:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2001/08/23 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2001/08/23 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2001/08/23 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/23 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2001/08/23 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/23 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2001/08/23 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/23 08:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2001/08/23 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2001/08/23 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001/08/23 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2001/08/23 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2001/08/17 15:02:20 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2001/08/17 10:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 09:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 09:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 09:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 09:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 09:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 09:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 09:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 09:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 09:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 08:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {9FA62893-F4FB-4A01-8395-95C4BEE0CBF8}:1.9.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51192
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{9FA62893-F4FB-4A01-8395-95C4BEE0CBF8}: C:\Documents and Settings\zac\Local Settings\Application Data\{9FA62893-F4FB-4A01-8395-95C4BEE0CBF8} [2011/05/10 11:07:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/05/14 15:06:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 20:29:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/14 19:40:09 | 000,000,000 | ---D | M]

[2010/08/11 07:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zac\Application Data\Mozilla\Extensions
[2011/05/14 19:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zac\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/17 19:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zac\Application Data\Mozilla\Firefox\Profiles\lrpshsia.default\extensions
[2010/08/11 09:17:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\zac\Application Data\Mozilla\Firefox\Profiles\lrpshsia.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/14 19:31:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\zac\Application Data\Mozilla\Firefox\Profiles\lrpshsia.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/17 19:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/02 09:51:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/05/14 15:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/10/12 22:34:54 | 000,000,000 | ---D | M] (WBE Paste) -- C:\DOCUMENTS AND SETTINGS\ZAC\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\WBEPASTE@STARFIELD
[2010/10/12 22:34:54 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\DOCUMENTS AND SETTINGS\ZAC\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\ZOOMEXT@STARFIELD
[2011/05/10 11:07:45 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ZAC\LOCAL SETTINGS\APPLICATION DATA\{9FA62893-F4FB-4A01-8395-95C4BEE0CBF8}
[2011/05/14 15:06:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/02 09:50:55 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/05/02 09:50:55 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2011/05/14 15:06:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/02 09:50:59 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2011/01/30 11:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/04/05 21:34:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011/04/05 21:34:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/04/05 21:34:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/04/05 21:34:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/04/05 21:34:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/04/05 21:34:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/04/05 21:34:46 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/04/02 16:32:37 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/04/02 16:32:37 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/04/02 16:32:37 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/04/02 16:32:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/04/02 16:32:37 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/04/02 16:32:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/04/02 16:32:37 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/05/14 14:38:55 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (Shared Library) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - c:\Program Files\Shared\shared.dll ()
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Starfield Updater] C:\Program Files\Starfield\StarfieldUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1093477673510 (MSSecurityAdvisor Class)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} file://c:\counter.cab (Reg Error: Key error.)
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} https://webmail.na.avon.com/nycntnss/iNotes.cab (iNotes Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://webmail.na.avon.com/NYCNTNSS/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145054029842 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.na.avon.com/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/controls/msnchat45.cab (MSN Chat Control 4.5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\zac\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\zac\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:48:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2eca514b-61b5-11dd-a1c7-0050bacc8ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{2eca514b-61b5-11dd-a1c7-0050bacc8ee4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2eca514b-61b5-11dd-a1c7-0050bacc8ee4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/01 20:11:29 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\zac\Desktop\OTL.exe
[2011/05/17 20:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/05/17 20:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/05/14 19:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zac\Application Data\WinRAR
[2011/05/14 19:51:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/14 19:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/05/14 19:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/05/14 19:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/05/14 19:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/05/14 19:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/05/14 19:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/05/14 15:11:44 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/14 15:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/14 15:06:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/14 15:06:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/14 15:06:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/14 15:06:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/14 14:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zac\Local Settings\Application Data\Secunia PSI
[2011/05/14 14:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/05/14 14:49:15 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\zac\Desktop\PSISetup.exe
[2011/05/12 20:22:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/05/12 19:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\oL10600HlCdA10600
[2011/05/10 22:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zac\Application Data\Malwarebytes
[2011/05/10 22:58:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/10 22:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/10 22:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/10 22:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/10 22:56:32 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\zac\Desktop\mbam-setup.exe
[2011/05/10 22:43:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\zac\Recent
[2011/05/10 11:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zac\Local Settings\Application Data\{9FA62893-F4FB-4A01-8395-95C4BEE0CBF8}
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/01 20:11:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zac\Desktop\OTL.exe
[2011/06/01 20:05:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/01 20:05:33 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/01 20:04:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/01 20:04:42 | 1341,509,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/27 08:58:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/17 20:20:42 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/05/17 20:20:42 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/16 21:09:17 | 000,002,229 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/16 03:03:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/15 08:02:36 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\zac\Desktop\Firefox.exe.lnk
[2011/05/14 21:21:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\zac\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/14 19:40:10 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/14 19:31:47 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/14 15:06:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/14 15:06:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/14 15:06:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/14 15:06:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/14 15:06:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/14 14:53:42 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/05/14 14:47:25 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\zac\Desktop\PSISetup.exe
[2011/05/14 14:38:55 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/14 14:36:52 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\zac\Desktop\hosts
[2011/05/14 14:26:37 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\zac\Desktop\hosts-perm.bat
[2011/05/13 19:21:18 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/05/12 22:53:27 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\zac\Desktop\rk-proxy.reg
[2011/05/12 22:02:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/12 20:05:08 | 000,004,353 | ---- | M] () -- C:\Documents and Settings\zac\Application Data\B072.37F
[2011/05/10 22:58:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 22:56:46 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\zac\Desktop\mbam-setup.exe
[2011/05/10 22:44:30 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\zac\Desktop\iExplore.exe
[2011/05/10 22:32:54 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18538276r
[2011/05/10 22:32:54 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18538276
[2011/05/10 22:32:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Fkurum.dat
[2011/05/10 13:46:13 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18538276
[2011/05/10 11:07:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Rqifetozunesey.bin
[2011/05/10 11:05:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\zac\2gweorjqjutp92vjy9gake
[2011/05/07 19:03:16 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/27 18:04:40 | 1341,509,632 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/16 21:09:17 | 000,002,229 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/15 08:02:36 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\zac\Desktop\Firefox.exe.lnk
[2011/05/14 21:21:02 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\zac\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/14 19:40:10 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/14 19:40:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/14 19:33:43 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/05/14 19:33:43 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/14 14:53:42 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/05/14 14:53:41 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/05/14 14:37:04 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\zac\Desktop\hosts
[2011/05/14 14:29:13 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\zac\Desktop\hosts-perm.bat
[2011/05/13 19:21:18 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/05/12 22:53:27 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\zac\Desktop\rk-proxy.reg
[2011/05/12 21:58:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/12 19:50:48 | 000,004,353 | ---- | C] () -- C:\Documents and Settings\zac\Application Data\B072.37F
[2011/05/10 22:58:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 22:44:16 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\zac\Desktop\iExplore.exe
[2011/05/10 12:46:39 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18538276r
[2011/05/10 12:46:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18538276
[2011/05/10 12:46:07 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18538276
[2011/05/10 11:07:47 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Fkurum.dat
[2011/05/10 11:07:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rqifetozunesey.bin
[2011/05/10 11:05:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\zac\2gweorjqjutp92vjy9gake
[2010/09/27 13:46:10 | 000,060,640 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/11 07:23:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/17 10:20:35 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\zac\Local Settings\Application Data\fusioncache.dat
[2008/08/16 21:10:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/08/16 20:47:07 | 000,080,472 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2008/08/16 20:47:07 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2008/07/31 19:46:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SW_Win2000X24.DLL
[2008/07/31 19:36:31 | 000,001,892 | ---- | C] () -- C:\WINDOWS\CITP_SearchHistory.INI
[2008/07/31 19:36:12 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll
[2008/07/31 19:36:12 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2008/07/31 19:36:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2008/07/31 19:36:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
[2007/07/22 19:14:19 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/26 17:24:30 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2007/02/26 17:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/26 17:23:36 | 000,104,960 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2007/02/26 17:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/26 17:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/26 17:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/26 17:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/26 17:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/26 17:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/26 17:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2007/02/26 17:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/26 17:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/26 17:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/26 17:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/12 15:21:22 | 001,196,544 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/12 15:21:22 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/12 15:21:22 | 000,125,952 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/12 15:21:22 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/12 15:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/12 15:21:22 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/12 15:21:22 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/12 15:21:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/12 15:21:22 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/12 15:21:22 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/12 15:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/12 15:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/12 15:21:22 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/12 15:21:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/12 15:21:22 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/12 15:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/10/09 04:16:06 | 000,118,804 | ---- | C] () -- C:\WINDOWS\System32\uahqfiwp.dll
[2005/10/09 04:14:02 | 000,118,804 | ---- | C] () -- C:\WINDOWS\System32\hjdckhmr.dll
[2004/09/23 02:09:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/09 07:23:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\newdevin.exe
[2004/09/09 07:23:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dp807615.exe
[2004/09/09 07:23:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\449166.exe
[2004/09/09 07:23:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\06wu29rd.exe
[2004/09/08 19:12:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\prnunins.exe
[2004/09/02 19:59:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/08/11 21:54:32 | 000,173,568 | ---- | C] () -- C:\Documents and Settings\zac\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/11 21:13:10 | 000,010,646 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/08/11 20:49:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/08/11 20:49:33 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/08/11 20:42:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/11 19:51:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:44:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 15:21:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 15:20:21 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/05/21 01:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/10 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2002/07/03 11:57:49 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wpcap.dll
[2002/07/03 11:57:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\packet.dll
[2002/07/03 11:57:48 | 000,013,203 | ---- | C] () -- C:\WINDOWS\System32\drivers\packet.sys
[2001/09/17 13:20:02 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\msv1_0.dll
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %TEMP%\*.* /s >
[2010/09/13 08:27:31 | 002,113,024 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\9-9-10 Fall.xls
[2011/06/01 20:06:40 | 000,010,318 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\AdobeARM.log
[2011/05/14 19:40:37 | 000,002,122 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\AdobeSFX.log
[2011/05/26 01:24:32 | 000,001,208 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\AUCHECK_CORE.txt
[2011/05/26 01:24:32 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\AUCHECK_PARSER.txt
[2010/10/18 14:17:29 | 001,233,094 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\chloe pumpkin-1.jpg
[2010/10/18 14:15:58 | 001,233,094 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\chloe pumpkin.jpg
[2010/10/18 18:06:45 | 000,003,847 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Chloe.jpeg
[2010/10/18 14:30:16 | 000,660,715 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\chloeflower.jpg
[2010/10/18 14:16:47 | 001,160,894 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\chloehat.jpg
[2010/10/18 14:17:41 | 001,180,131 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\chloehat3.jpg
[2010/10/18 14:18:00 | 001,163,710 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\chloehatgood.jpg
[2010/10/18 14:30:55 | 000,724,809 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\chloehatsleep.jpg
[2010/10/18 14:25:30 | 001,330,093 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\chloemikes.jpg
[2010/10/18 14:30:49 | 000,919,316 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\chloesleep2-1.jpg
[2010/10/18 14:25:51 | 000,919,316 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\chloesleep2.jpg
[2010/10/18 14:29:50 | 001,078,352 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\chloesleepgd.jpg
[2010/12/15 16:25:05 | 000,038,912 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\EMILYOCCHIPINTI20109.16.doc
[2010/09/05 13:33:11 | 000,027,648 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\family addresses.doc
[2010/12/15 16:59:38 | 000,016,452 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Fisher Stacy - Resume.docx
[2010/10/18 14:37:29 | 001,652,646 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\flower.JPG
[2011/05/14 20:29:37 | 000,040,344 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\zac\Local Settings\Temp\getPlusUninst_Adobe.exe
[2011/05/13 22:51:50 | 000,002,902 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\GoogleToolbarInstaller1.log
[2010/12/14 15:18:54 | 000,001,490 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\grad1.gif
[2010/11/16 11:20:58 | 000,314,197 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Griffiths Chanel - Resume-1.pdf
[2010/11/16 11:17:13 | 000,314,197 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Griffiths Chanel - Resume.pdf
[2010/11/16 14:03:28 | 000,097,622 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Guevara Joseph - Resume-1.pdf
[2010/11/16 13:59:08 | 000,097,622 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Guevara Joseph - Resume.pdf
[2010/12/15 17:42:00 | 022,770,176 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\HB_Branded_Dec_week2-1.xls
[2010/12/15 17:19:39 | 022,770,176 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\HB_Branded_Dec_week2.xls
[2010/11/16 11:11:41 | 020,936,704 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\HB_Branded_Nov_week2_Total.xls
[2010/11/16 14:10:11 | 013,036,032 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\HB_Daily_Flash_111510-1.xls
[2010/11/16 14:07:46 | 013,036,032 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\HB_Daily_Flash_111510.xls
[2010/08/22 12:23:47 | 005,008,384 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Holiday Catalog 2010.xls
[2011/05/10 12:47:03 | 000,449,367 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\hpodvd09.log
[2005/03/07 10:31:54 | 000,143,645 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\hpzEN3xu.hlp
[2011/05/13 23:06:05 | 000,003,432 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iereseticons.log
[2010/10/18 18:07:11 | 000,504,469 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\IMG00234-20101017-1332.jpg
[2010/09/15 09:37:33 | 000,036,992 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\IMG_20100914_143350.jpg
[2010/09/15 09:37:55 | 000,033,284 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\IMG_20100914_143404.jpg
[2010/12/15 16:47:58 | 000,051,712 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\IncomingTransfer121510.xls
[2010/12/15 16:04:25 | 000,073,728 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\JANA's 25% OFF BLK FRI SALE.xls
[2011/05/14 15:06:59 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\JAUReg.log
[2011/05/14 15:06:28 | 000,028,957 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\java_install.log
[2011/05/14 15:06:32 | 000,003,744 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\java_install_reg.log
[2010/11/16 11:21:25 | 000,022,249 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Joei Catherine - Resume-1.docx
[2010/11/16 11:17:37 | 000,022,249 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Joei Catherine - Resume.docx
[2011/06/01 20:11:26 | 000,007,587 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\jusched.log
[2010/09/09 14:15:58 | 000,018,699 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\LMS 2010-1.xlsx
[2010/09/09 12:05:37 | 000,018,699 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\LMS 2010.xlsx
[2010/10/17 07:22:42 | 000,056,320 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\LMS2010AlphabetizedSheet.xls
[2010/12/15 16:21:32 | 000,023,552 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\open SO.xls
[2011/04/14 21:51:52 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Dana-1.doc
[2011/04/14 22:06:50 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Dana.doc
[2010/09/14 20:14:56 | 000,037,376 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\PATIENT__INFORMATION.doc
[2011/01/08 15:14:52 | 000,027,773 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\POST XMAS SALE UPDATE 1 5 2011.xlsm
[2011/01/07 09:15:20 | 000,027,447 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\POST XMAS SALE UPDATE 1 6 2011 FINAL.xlsm
[2011/01/07 11:19:32 | 000,075,776 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Product List 1 6 11.xls
[2010/09/15 12:11:18 | 003,337,196 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Progress Meeting 031 090910.pdf
[2010/12/15 16:30:56 | 000,134,680 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\pursers.refills_125368-1.pdf
[2010/12/15 16:28:54 | 000,134,680 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\pursers.refills_125368.pdf
[2011/04/05 21:51:13 | 000,010,105 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\QTInstallCode.log
[2011/04/05 21:34:46 | 000,004,097 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\qtplugin.log
[2011/02/20 09:53:32 | 000,081,845 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Qualifying_Notes_1.pdf
[2010/09/05 12:29:31 | 000,080,142 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Qualifying_Notes_25-1.pdf
[2010/09/05 12:26:10 | 000,080,142 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Qualifying_Notes_25.pdf
[2010/09/11 09:19:02 | 000,083,568 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Qualifying_Notes_26.pdf
[2011/05/17 20:20:34 | 003,598,224 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\zac\Local Settings\Temp\SecurityScan_Release.exe
[2011/04/05 21:49:04 | 000,000,084 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\SetupAdmin80.log
[2010/11/16 11:22:05 | 000,144,896 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Melanie - Resume-1.doc
[2010/11/16 11:18:00 | 000,144,896 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Melanie - Resume.doc
[2010/12/15 16:23:49 | 000,094,667 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\sign-5x7-HHour-12.29-HandbagEss3-1.pdf
[2010/12/15 16:23:25 | 000,094,667 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\sign-5x7-HHour-12.29-HandbagEss3.pdf
[2010/11/16 11:20:33 | 000,034,816 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Nicole - Resume-1.doc
[2010/11/16 11:16:42 | 000,034,816 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Nicole - Resume.doc
[2010/11/21 12:35:54 | 000,026,624 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Transition Request-1.doc
[2010/11/19 12:23:36 | 000,026,624 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Transition Request.doc
[2011/05/16 21:16:14 | 000,005,355 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\U3Launcher.log
[2011/01/07 09:56:11 | 000,136,704 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\vday 2011-1.xls
[2010/12/15 13:23:56 | 000,136,704 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\vday 2011.xls
[2010/10/18 14:38:26 | 000,068,096 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Vonage Sr Dir Acq Spec (10 18 10-F-DW).doc
[2010/12/15 16:22:55 | 000,015,872 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\white barn del sched 12-15-10.xls
[2010/11/18 19:54:01 | 000,041,472 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\wlbtemplate.doc
[2011/05/06 18:57:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\_hphtra07.log
[48 C:\DOCUME~1\zac\LOCALS~1\Temp\*.tmp files -> C:\DOCUME~1\zac\LOCALS~1\Temp\*.tmp -> ]
[2001/08/21 19:06:22 | 000,045,056 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\~SFX411abe05\GRCDrop.exe
[2011/05/27 10:49:15 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Cookies\index.dat
[2009/07/24 18:31:39 | 000,489,472 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\07.23.09 AOL DEAL.ppt
[2008/12/09 21:30:19 | 000,018,236 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\094_82147.pdf
[2008/12/09 21:30:58 | 000,022,691 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\096_76313.pdf
[2009/11/01 11:29:54 | 001,308,351 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\100_3670.jpg
[2008/12/13 12:04:12 | 004,554,240 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\1085083.xls
[2008/12/13 12:06:00 | 004,567,040 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\1086337.xls
[2009/06/26 13:04:29 | 001,042,132 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\1096530 energaire verbiage technology.jpg
[2009/06/26 13:07:10 | 001,042,132 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\1096530 energaire verbiage technology38.jpg
[2009/12/01 23:20:15 | 000,225,100 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\132_02917.pdf
[2009/01/24 20:10:22 | 000,032,768 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2009 Business Demand and Key Indicators Report 2009-01-23.xls
[2009/01/25 22:44:19 | 000,148,992 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2009 CFSOL check.xls
[2010/02/26 10:15:20 | 000,024,576 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2009 Empowerment Sales.xls
[2009/02/11 00:10:34 | 000,054,784 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2009 JWLRY Travel Plan JM.xls
[2009/02/08 22:35:22 | 000,084,480 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2009 Marketing Training.doc
[2009/01/24 20:05:05 | 000,047,104 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2009 New and New Repeats Report 2009-01-23.xls
[2009/12/11 14:16:00 | 000,052,736 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2009 PreferredDomesticHotels.xls
[2008/12/07 22:01:03 | 000,022,016 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2009 PWP, GCO, EXVL.xls
[2008/12/07 22:01:03 | 000,022,016 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2009 PWP, GCO, EXVL36.xls
[2008/01/29 18:02:38 | 000,030,720 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\200901ESHSSum.doc
[2009/06/26 10:38:33 | 003,831,296 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\200914 2D Top 5 Bottom 5.xls
[2009/06/26 10:32:35 | 003,852,288 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\200916 ES Top 5 Bottom 5.xls
[2009/12/01 22:59:47 | 003,798,016 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\200925 2D Top 5 Bottom 5.xls
[2010/02/10 15:42:23 | 000,035,840 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2010 Empowerment Sales.xls
[2010/02/26 10:05:31 | 000,035,840 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2010 Empowerment Sales38.xls
[2009/08/16 21:22:19 | 000,025,600 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2010 Marketing Plan Outline.doc
[2009/12/23 09:08:51 | 003,551,232 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\201001 2D Top 5 Bottom 5.xls
[2009/12/01 22:56:14 | 003,498,496 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\201001 ES Top 5 Bottom 5.xls
[2009/12/23 09:08:27 | 003,909,632 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\201003 ES Top 5 Bottom 5.xls
[2009/12/06 12:53:21 | 000,015,872 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2011 empowerment beauty product.xls
[2010/02/26 10:20:54 | 000,017,408 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2011 empowerment beauty product79.xls
[2008/11/26 11:09:34 | 004,748,288 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2Q 09 Tactical - Jewelry & Watches.ppt
[2008/11/26 11:17:32 | 000,078,848 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\3Q FLOW.xls
[2008/12/13 11:44:33 | 002,548,736 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\3Q09 Product List.xls
[2009/11/27 13:40:08 | 000,408,576 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\3rd '10 Qtr Commercial Mktg A&A Presentation.ppt
[2009/11/27 11:06:41 | 007,873,536 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\3RD QTR FOUNDATIONS GRIDS.xls
[2009/10/17 10:07:47 | 001,358,712 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\4Q Fashion Update.pptm
[2009/10/17 10:07:47 | 001,358,712 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\4Q Fashion Update62.pptm
[2009/06/29 21:40:34 | 000,157,492 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\6300-M-sleepshirt-options.jpg
[2008/11/26 14:38:36 | 000,039,424 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\aia200905_pred.doc
[2009/06/10 13:55:23 | 000,035,328 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\aia200919_pred.doc
[2010/03/02 11:40:04 | 000,041,472 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\aia201012_prelim.doc
[2009/06/23 06:32:29 | 000,025,600 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Annual Plan Conference Part II.doc
[2008/12/30 11:45:08 | 000,471,639 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\ATT3F6XV
[2009/12/03 23:41:09 | 004,200,960 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon Breast Cancer Crusade Beauty Products.ppt
[2010/02/20 11:22:09 | 000,375,296 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon Fashion vs. the Market FY 2009.ppt
[2010/02/21 11:45:41 | 000,375,296 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon Fashion vs. the Market FY 200939.ppt
[2010/02/21 10:32:07 | 000,375,296 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon Fashion vs. the Market FY 200976.ppt
[2009/11/15 12:05:26 | 000,045,568 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon Foundation 2010 Promotional Calendar.xls
[2010/02/26 10:09:29 | 000,033,280 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon Foundation 2010 Promotional Calendar17.xls
[2010/02/21 17:10:12 | 000,033,280 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon Foundation 2010 Promotional Calendar64.xls
[2010/02/26 10:07:15 | 000,033,280 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon Foundation 2010 Promotional Calendar71.xls
[2010/02/10 15:43:06 | 000,033,280 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon Foundation 2010 Promotional Calendar74.xls
[2009/12/11 18:08:43 | 000,051,712 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon Foundation 2010 Promotional Calendar84.xls
[2010/02/10 16:53:56 | 000,033,280 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon Foundation 2010 Promotional Calendar97.xls
[2010/01/31 17:42:47 | 000,120,832 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Avon US EDR Action Register 20-Jan-10 v2.doc
[2009/12/11 14:16:10 | 000,025,362 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\avon_preferred_black_car_service_providers.pdf
[2009/06/01 21:55:16 | 000,083,456 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Bali Bliss_creative brief 06.01.09.doc
[2009/12/03 22:57:20 | 000,136,652 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Breast Cancer_Cause Mktg Products (US) 09.xls
[2009/12/03 23:20:53 | 000,136,652 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Breast Cancer_Cause Mktg Products (US) 0954.xls
[2009/12/03 23:19:28 | 000,136,652 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Breast Cancer_Cause Mktg Products (US) 0977.xls
[2009/06/10 13:57:19 | 000,368,806 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Build Your Own Bracelet Vendors.PDF
[2009/01/24 20:08:22 | 000,032,768 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C03, 2009 Major Offer Highlights.XLS
[2009/01/24 20:07:38 | 000,024,064 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C05, 2009 Major Offer Highlights.XLS
[2009/12/11 14:59:49 | 000,029,696 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C10'10 Jeanne Mai CALL SHEE.xls
[2010/02/10 15:15:54 | 000,072,704 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C12 and 2Q Review.xls
[2010/02/10 15:19:00 | 000,072,704 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C12 and 2Q Review8.xls
[2010/02/10 10:29:01 | 000,141,824 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C12 Checklist 2.9.xls
[2010/02/26 15:07:53 | 000,142,336 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C13 Checklist 2-25.xls
[2010/02/26 16:07:18 | 000,067,584 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C13, 2Q Review.xls
[2010/01/31 17:47:22 | 000,520,271 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C16 ideas.png
[2010/01/31 17:47:28 | 000,500,050 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C16 ideas1.png
[2010/01/31 17:46:57 | 000,369,847 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C16 SW relaunch.png
[2010/01/31 17:46:57 | 000,369,847 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C16 SW relaunch10.png
[2010/01/31 17:47:50 | 000,539,254 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C16ideas2.png
[2010/01/31 17:47:58 | 000,575,985 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C16ideas3.png
[2009/12/11 15:48:42 | 000,093,696 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C2 -2010 ES Recap Notes.doc
[2009/12/11 15:48:42 | 000,093,696 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C2 -2010 ES Recap Notes89.doc
[2009/12/23 09:12:54 | 001,367,040 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C25 What Happened Upfront Slides v3.ppt
[2009/12/11 18:47:39 | 000,042,496 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C26, 2009 Major Offer Highlights.XLS
[2009/12/01 23:23:41 | 002,303,488 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C6 2010 Sale meeting support for C8.xls
[2009/10/31 15:13:22 | 000,025,600 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C6-C8 LBFL Additional Pages 10-30.xls
[2009/10/12 18:54:52 | 003,141,632 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C7 Flyer.ppt
[2009/12/01 22:39:39 | 000,332,281 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C8 170_04660.pdf
[2008/12/14 14:54:03 | 000,033,280 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C8 2009 Sales Meetings.xls
[2009/12/01 23:24:27 | 000,031,232 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\C8 2010 Sales Meeting.xls
[2009/06/10 13:56:54 | 000,347,920 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\CEE TREASURE BRACELET.pdf
[2009/06/10 13:57:48 | 000,347,920 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\CEE TREASURE BRACELET87.pdf
[2010/02/02 22:49:10 | 000,928,575 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Certificate Flyer Option 1.pdf
[2009/01/25 22:41:36 | 000,079,360 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\CFSOL sku's 01-13-09.xls
[2009/12/01 22:13:39 | 001,854,976 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\COBO Buzz Status Update 11_30_09.xls
[2010/02/10 15:02:54 | 000,056,635 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Comments to Jeannie Mai Artwork.docx
[2009/11/23 19:24:11 | 000,054,771 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Complete_Self_Evaluation_10-23-09.pdf
[2009/02/23 01:16:42 | 000,050,176 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Conference Day1.doc
[2008/11/26 12:17:22 | 000,498,729 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Copy of Nicole's Pictures 175.jpg
[2008/01/27 10:49:08 | 000,498,729 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Copy of Nicole's Pictures 17564.jpg
[2008/11/26 12:17:10 | 000,764,487 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Copy of Nicole's Pictures 178.jpg
[2008/01/27 10:48:59 | 000,764,487 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Copy of Nicole's Pictures 17833.jpg
[2008/11/26 12:17:28 | 000,618,895 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Copy of Nicole's Pictures 181.jpg
[2008/01/27 10:49:14 | 000,618,895 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Copy of Nicole's Pictures 18164.jpg
[2008/11/26 12:17:37 | 000,691,930 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Copy of Nicole's Pictures 183.jpg
[2008/01/27 10:49:26 | 000,691,930 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Copy of Nicole's Pictures 18370.jpg
[2010/01/12 23:31:22 | 000,024,064 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Dana Note.doc
[2010/01/12 23:31:22 | 000,024,064 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Dana Note93.doc
[2009/12/06 14:58:41 | 000,089,088 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\DanielleResume_09-09.doc
[2008/12/14 15:02:31 | 000,228,352 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\December 11, 2008 C26 D3.xls
[2009/10/07 20:05:27 | 000,096,768 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\2009 Objectives.doc
[2009/12/06 20:37:29 | 000,051,712 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\resume 09.doc
[2009/02/08 22:31:01 | 000,987,410 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\dreamcz_1075297_009.jpg
[2009/06/18 21:43:12 | 002,951,680 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\DV Empowerment product.ppt
[2008/12/09 22:08:13 | 000,047,255 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\eaglesgame.jpg
[2009/11/23 19:18:57 | 000,559,068 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\EasterEarrings.pdf
[2009/11/23 19:18:57 | 000,559,068 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\EasterEarrings87.pdf
[2009/12/01 23:15:16 | 000,199,368 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\EasterEarrings_final2.pdf
[2009/06/26 13:04:07 | 000,361,779 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Energaire Graphic Image-Remove box,word.jpg
[2009/06/26 13:04:13 | 000,374,017 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Energaire Graphic Image-Remove box.jpg
[2008/12/30 11:45:51 | 000,427,510 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\ER.png
[2010/02/26 10:49:52 | 000,030,208 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Exit Interview Questionnaire 2009.xls
[2009/02/11 00:11:25 | 000,014,848 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Expenses.xls
[2009/01/04 22:06:33 | 000,023,552 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Explanation of Research Results - 2007.doc
[2009/01/04 21:55:36 | 000,087,040 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\F&H New Products 3Q09 Updated 22-Dec-08.xls
[2008/12/07 22:04:05 | 000,107,520 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Fashion & Home Vendor Status - Dec 2008.xls
[2009/01/24 19:40:35 | 000,109,056 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Field KPIs by Rep Cuts Report.xls
[2009/11/23 19:40:49 | 000,138,752 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Final Mktg.Creative Ops Schedule 11.19.09.xls
[2009/12/11 15:33:54 | 000,023,552 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Finance guidelines HGT rev.doc
[2008/12/29 20:24:54 | 000,901,027 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Floral link tennis G set 001.jpg
[2009/06/15 20:09:49 | 000,109,056 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Footwear recap 6.12.09.ppt
[2009/01/25 23:10:15 | 000,750,125 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\GJ_finalspreads2.pdf
[2009/01/25 22:53:05 | 004,454,400 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Global Jewelry for Countires.ppt
[2009/01/25 23:02:28 | 007,778,816 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Global Jewelry Launch Product Menu.xls
[2009/07/19 19:17:28 | 000,023,040 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Ground Transportation Instructions.doc
[2009/11/27 12:00:32 | 000,173,834 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\hanesJMS101909.pdf
[2009/12/11 15:16:09 | 000,041,984 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\HGT Program overview for CMC rev.doc
[2009/12/11 15:34:00 | 000,041,984 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\HGT Program overview for CMC rev69.doc
[2009/11/23 20:39:01 | 000,119,808 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\HGT update MLT Nov09.ppt
[2009/12/23 09:47:26 | 000,431,049 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\IMG00017.jpg
[2010/02/21 16:58:21 | 000,431,049 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\IMG000179.jpg
[2010/03/02 14:00:32 | 000,409,428 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\IMG00136.jpg
[2009/10/12 18:53:36 | 000,023,552 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\In Bloom eCommitment Round 2.doc
[2009/12/11 08:26:52 | 000,158,208 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\J&W 2007-2010 Information Rev.02.JPNotesppt.ppt
[2009/12/11 17:49:22 | 000,086,528 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\J&W 2008-2009 Business Update72.ppt
[2009/11/01 11:27:16 | 000,037,888 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Jana_D_Friedman[1].doc
[2010/01/31 17:37:43 | 000,153,088 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\january gmmp follow up.ppt
[2010/02/10 14:46:19 | 006,294,528 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\jeannie deck-updated deck.ppt
[2009/12/03 22:09:39 | 000,031,095 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Jeannie_shotlist.pdf
[2009/12/03 22:09:39 | 000,031,095 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Jeannie_shotlist35.pdf
[2008/12/30 11:43:04 | 000,446,568 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\jewelry.png
[2009/11/01 11:28:32 | 000,058,368 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\KATHLEEN[1]19.doc
[2009/11/01 11:28:32 | 000,058,368 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\KATHLEEN[1]7.doc
[2010/01/31 17:39:39 | 000,284,142 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Level 5 Leadership.pdf
[2009/11/23 19:59:50 | 000,049,664 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\lucy's resume.doc
[2009/11/27 12:01:43 | 000,362,714 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\maidenform111609.pdf
[2009/10/12 22:17:18 | 000,082,003 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\mario360.pptx
[2009/01/28 00:44:53 | 001,404,928 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Marketing & Supply Chain 1.22.2009.ppt
[2009/07/26 21:26:01 | 000,522,752 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\MarshalBio.doc
[2009/12/20 12:04:11 | 000,058,880 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\NA 2010 Leadership Programs.doc
[2010/02/21 16:16:12 | 000,057,856 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\NA 2010 Leadership Programs77.doc
[2009/12/20 12:54:02 | 000,101,888 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\NA Core Curriculum 2010.doc
[2010/02/21 16:16:25 | 000,097,792 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\NA Core Curriculum 201074.doc
[2009/12/11 14:16:22 | 000,021,504 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\NADP 2010 bio intro.doc
[2010/01/31 17:39:27 | 000,050,176 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\NADP February 2010 Agenda.doc
[2010/01/31 17:40:48 | 000,021,504 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\NADP Introduction Activity.doc
[2009/12/11 14:08:44 | 000,039,936 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\NADP Jan 2010 DATA FORM.doc
[2009/11/01 11:27:51 | 000,052,224 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\NComeau Sept092.doc
[2008/11/26 12:17:58 | 000,764,487 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Nicole's Pictures 178.jpg
[2008/01/27 10:49:41 | 000,764,487 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Nicole's Pictures 17844.jpg
[2008/11/26 12:17:51 | 000,578,659 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Nicole's Pictures 185.jpg
[2008/01/27 10:49:34 | 000,578,659 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Nicole's Pictures 18521.jpg
[2008/12/14 14:50:37 | 000,131,274 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\nonbeauty rev.pdf
[2008/12/06 15:26:13 | 000,025,099 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\November Comps.pdf
[2008/12/06 15:40:31 | 000,025,099 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\November Comps44.pdf
[2010/01/12 23:31:38 | 001,289,492 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\participantreportfromhoganassessmentsyst.zip
[2010/01/12 23:31:38 | 001,289,492 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\participantreportfromhoganassessmentsyst30.zip
[2009/12/06 12:54:40 | 001,288,192 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\PC Breast Cancer Crusade Ideas for 2010.ppt
[2009/12/11 18:51:46 | 000,021,504 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Phone in event.xls
[2009/12/31 15:17:37 | 000,935,782 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 36.png
[2009/12/23 08:56:15 | 001,052,223 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 39.png
[2009/12/23 12:53:00 | 001,052,223 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 3980.png
[2009/12/23 08:56:28 | 000,968,481 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 40.png
[2009/12/23 08:56:28 | 000,968,481 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 4017.png
[2009/12/23 12:52:23 | 000,968,481 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 4049.png
[2009/12/23 12:53:05 | 000,968,481 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 4075.png
[2009/12/23 08:56:28 | 000,968,481 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 409.png
[2009/12/23 08:57:27 | 001,115,622 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 41.png
[2009/12/23 12:53:12 | 001,115,622 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 4136.png
[2009/12/23 08:57:52 | 000,888,015 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 42.png
[2009/12/23 12:53:17 | 000,888,015 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 4211.png
[2009/12/23 09:06:18 | 000,888,015 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 4213.png
[2009/12/23 12:52:43 | 001,442,030 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 43.png
[2009/12/23 12:52:06 | 001,060,379 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 46.png
[2009/12/23 12:53:23 | 000,969,561 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Picture 47.png
[2008/11/26 11:26:02 | 003,058,688 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\plan final as of 11-24 with 0.2 pts cont.xls
[2008/11/26 11:39:28 | 000,028,160 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Possible ALTAMODA Brand Agreement for Avon.doc
[2008/11/26 11:39:28 | 000,028,160 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Possible ALTAMODA Brand Agreement for Avon60.doc
[2008/12/30 11:46:54 | 000,499,913 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\printed top.png
[2009/11/23 19:37:01 | 000,231,936 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Project Link Virtual Cluster Workplan 11-19-09.ppt
[2009/01/05 17:48:17 | 000,737,792 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\PTC Timetable 11-18-08.ppt
[2009/10/07 11:20:34 | 000,056,832 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Q4Q1 Planning Update 100609.doc
[2009/12/11 15:12:09 | 000,271,360 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Rate Notice HAMILTON STATION fee increase 12-13-09.doc
[2009/11/23 19:37:44 | 001,521,386 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Reports.Zip
[2009/01/24 19:48:45 | 000,105,472 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Sales & Margin Core wo CLR.xls
[2009/01/24 19:51:39 | 000,105,472 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Sales & Margin Core wo CLR41.xls
[2009/05/17 11:46:08 | 000,082,944 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\SALES CLASS MERCH 2005-2009 FISCAL1Q.ppr
[2009/05/17 11:46:08 | 000,082,944 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\SALES CLASS MERCH 2005-2009 FISCAL1Q3.ppr
[2009/05/17 11:46:08 | 000,082,944 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\SALES CLASS MERCH 2005-2009 FISCAL1Q55.ppr
[2008/12/30 11:45:38 | 000,399,333 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\sandels.png
[2009/12/03 22:00:54 | 003,862,528 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Shorts by Branch 12.02.09.xls
[2010/02/10 15:20:28 | 000,027,648 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\SNOW DAY Tactical Agenda.Teams Q42010.xls
[2009/12/01 22:55:53 | 000,455,948 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\SS eng wed set pave.jpg
[2009/02/08 22:59:20 | 000,084,992 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Systems Training Matrix- 2-05--09.xls
[2009/12/11 15:17:53 | 000,039,936 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Taisa_Resume_LG1[1].doc
[2009/12/03 22:54:54 | 000,144,384 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Top BC Walk Products.ppt
[2009/12/03 22:54:54 | 000,144,384 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Top BC Walk Products6.ppt
[2009/01/25 18:27:37 | 000,108,544 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\TOPP 100 day review team presentation template - Dana.ppt
[2008/12/30 11:47:15 | 000,440,952 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\totes.png
[2009/06/10 13:57:29 | 000,098,816 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Treasure Collection.xls
[2009/12/11 17:09:11 | 000,076,800 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Trend Analysis Example - US J&W 1Q C1-C2 10.doc
[2009/05/07 18:00:08 | 000,435,200 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\UsWeeklyMay18ClusterDropEarringsCOMPRESSED.ppt
[2008/12/30 11:46:27 | 000,482,940 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Y necklace.png
[2008/12/30 11:46:27 | 000,482,940 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\Y necklace63.png
[2009/12/14 20:07:01 | 000,302,750 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Domino Web Access\[Untitled].pdf
[1 C:\DOCUME~1\zac\LOCALS~1\Temp\Google Toolbar\*.tmp files -> C:\DOCUME~1\zac\LOCALS~1\Temp\Google Toolbar\*.tmp -> ]
[2004/09/19 09:54:10 | 000,000,113 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\History\History.IE5\desktop.ini
[2011/05/27 10:49:15 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\History\History.IE5\index.dat
[2007/01/27 15:00:40 | 000,003,870 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\06.gif
[2007/01/07 12:18:49 | 000,035,328 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\2005 Performance Development Process.doc
[2007/01/27 20:46:55 | 000,039,424 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\2007 TB% vs. Actual Sales.xls
[2006/12/27 16:57:20 | 000,031,232 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\3Q 07 Jewelry Bundle.xls
[2007/01/29 22:28:06 | 000,022,528 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\3Q 2007 PC Jewelry Bundle Key Event Sheet.ppt
[2006/11/05 19:42:44 | 000,320,935 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\bath time.jpg
[2006/12/05 22:30:42 | 000,028,672 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\C10 IT 2007.xls
[2006/11/10 20:03:03 | 000,397,093 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\Charlie's First Pictures 028.jpg
[2006/11/26 14:42:37 | 000,033,778 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYB-22436.JPG
[2006/11/26 14:42:15 | 000,038,595 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYB-22450.JPG
[2006/11/26 14:42:32 | 000,029,549 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYE-45233.JPG
[2006/11/26 14:42:07 | 000,026,275 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYE-45245.JPG
[2006/11/26 14:42:46 | 000,030,864 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYE-45247.JPG
[2006/11/26 14:42:21 | 000,040,686 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYE-45250.JPG
[2006/11/26 14:42:40 | 000,042,672 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYE-45269.JPG
[2006/11/26 14:43:04 | 000,034,389 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYN-17540.JPG
[2006/11/26 14:42:59 | 000,032,672 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYN-17542.JPG
[2006/11/26 14:42:55 | 000,041,099 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYN-17555.JPG
[2006/11/26 14:42:50 | 000,028,180 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYN-17569.JPG
[2006/11/26 14:42:29 | 000,030,073 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\CYS-31324-E.JPG
[2006/12/14 23:39:09 | 000,080,130 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\d&d.jpg
[2006/11/26 14:38:56 | 002,376,704 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\Daisy's Collection 2007-08.ppt
[2006/12/27 16:45:44 | 000,031,232 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\FINAL 3Q 06 Jewelry Bundle.xls
[2007/01/23 00:16:38 | 000,040,912 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\Hamilton Wait-List Customer Information Sheet.pdf
[2007/01/03 21:32:42 | 000,005,665 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\Ivy.gif
[2007/01/03 21:47:46 | 000,098,304 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\J&W Portfolio.xls
[2007/01/14 17:34:15 | 000,405,083 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\January 2007 009.jpg
[2007/01/14 17:34:32 | 000,393,089 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\January 2007 012.jpg
[2006/12/27 17:07:08 | 000,108,331 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\moyaylucia1.jpg
[2006/12/27 17:07:14 | 000,110,929 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\moyaylucia2.jpg
[2006/12/27 17:07:18 | 000,108,068 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\moyaylucia3.jpg
[2006/12/27 17:07:33 | 000,106,901 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\moyaylucia4.jpg
[2006/12/27 17:07:29 | 000,077,112 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\moyaylucia5.jpg
[2006/11/05 19:42:58 | 000,330,932 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\Our Treat.jpg
[2006/10/22 16:17:33 | 000,061,641 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\Photo_101106_002.jpg
[2006/10/22 16:17:44 | 000,073,441 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\Photo_101106_003.jpg
[2006/12/27 19:33:42 | 000,025,600 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\Vermont.doc
[2006/11/05 19:43:09 | 000,352,629 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\iNotes Web Access\Worth the Wait.jpg
[2011/04/21 15:28:27 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\plugtmp-11\plugin-dma-opt.php
[2010/09/08 18:02:34 | 000,000,938 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Cisco AnyConnect VPN Client.lnk
[2005/11/17 23:14:48 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\1\desktop.ini
[2008/08/16 21:50:59 | 000,000,898 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\HP Image Zone .lnk
[2008/08/16 21:47:58 | 000,000,984 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\HP Solution Center.lnk
[2004/08/11 20:29:12 | 000,000,191 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Internet Service $9.95.url
[2006/04/14 18:34:53 | 000,001,566 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
[2011/04/07 12:31:14 | 000,002,433 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
[2004/08/11 20:40:30 | 000,002,002 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
[2005/11/17 23:14:47 | 000,001,563 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2004/08/11 19:48:25 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2004/08/25 20:44:15 | 000,001,507 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2008/08/18 18:52:55 | 000,001,810 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 7.0.lnk
[2009/04/05 13:09:24 | 000,001,830 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2004/08/11 15:20:53 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\1\Programs\desktop.ini
[2011/04/10 12:45:24 | 000,002,453 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Streets & Trips.lnk
[2004/08/11 19:44:33 | 000,001,844 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\MSN Explorer.lnk
[2005/08/20 20:03:42 | 000,000,721 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\RealPlayer.lnk
[2005/11/17 23:25:55 | 000,000,785 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2005/03/02 00:26:54 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2010/12/12 20:09:52 | 000,000,320 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2010/11/24 18:04:44 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2010/12/12 20:09:52 | 000,000,710 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2004/08/11 19:46:49 | 000,000,790 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows Movie Maker.lnk
[2004/08/11 19:45:01 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2004/08/11 19:45:02 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2004/08/11 19:45:02 | 000,000,090 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2005/11/17 23:18:05 | 000,000,516 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2004/08/11 19:45:02 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2004/08/11 19:13:12 | 000,001,757 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2004/08/11 19:46:41 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2004/08/11 19:13:12 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2004/08/11 19:44:28 | 000,001,503 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Remote Desktop Connection.lnk
[2005/11/17 23:18:05 | 000,001,656 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2004/08/12 20:35:33 | 000,000,204 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2004/08/11 19:45:02 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2008/04/07 22:08:37 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2004/08/11 19:48:26 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2004/08/11 19:45:01 | 000,001,521 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2005/11/17 23:18:05 | 000,000,757 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2004/08/11 19:46:46 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2004/08/11 19:46:44 | 000,001,572 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2004/08/11 19:48:26 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2004/08/11 19:46:46 | 000,001,753 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2005/11/17 23:18:05 | 000,001,539 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Security Center.lnk
[2004/08/11 19:46:44 | 000,001,070 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2004/08/11 19:46:46 | 000,001,616 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2004/08/11 19:44:41 | 000,001,582 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2004/08/11 19:48:25 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2004/08/11 19:48:25 | 000,001,596 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2004/08/11 19:48:25 | 000,000,545 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2004/08/11 19:48:25 | 000,001,592 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2004/08/11 19:48:25 | 000,001,590 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2008/08/16 21:45:18 | 000,001,107 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2008/08/16 21:45:18 | 000,001,158 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2004/08/11 19:48:25 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2004/08/11 19:48:25 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2004/08/11 20:29:12 | 000,000,622 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AOL Instant Messenger\AOL Instant Messenger.lnk
[2004/08/11 20:29:12 | 000,000,626 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AOL Instant Messenger\License.lnk
[2004/08/11 20:29:12 | 000,000,741 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AOL Instant Messenger\Uninstall AOL Instant Messenger.lnk
[2007/11/03 17:20:29 | 000,000,874 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\AviSynth Documentation.lnk
[2007/11/03 17:20:12 | 000,000,049 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\AviSynth Online.url
[2007/11/03 17:20:12 | 000,000,066 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\Download Plugins.url
[2007/11/03 17:20:16 | 000,000,718 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\Example Scripts.lnk
[2007/11/03 17:20:12 | 000,000,709 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\License.lnk
[2007/11/03 17:20:12 | 000,000,709 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\Plugin Directory.lnk
[2010/09/08 18:02:34 | 000,000,956 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Cisco\Cisco AnyConnect VPN Client\Cisco AnyConnect VPN Client.lnk
[2008/07/31 19:36:16 | 000,000,923 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\'Convert Image To PDF' Manual online (Latest Information).lnk
[2008/07/31 19:36:16 | 000,000,853 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Convert Image To PDF (Start Here).lnk
[2008/07/31 19:36:16 | 000,000,893 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Example Conversion Jobs\Multiple Image Formates Convert To PDF.lnk
[2008/07/31 19:36:16 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Help\'Convert Image To PDF' FAQ.lnk
[2008/07/31 19:36:16 | 000,000,626 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Help\'Convert Image To PDF' Manual.HLP.lnk
[2008/07/31 19:36:16 | 000,000,909 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Help\'Convert Image To PDF' Manual.PDF.lnk
[2008/07/31 19:36:16 | 000,000,869 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Help\Additional Image Conversion Tools.lnk
[2008/07/31 19:36:16 | 000,001,129 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Help\License.DOC.lnk
[2005/11/17 23:25:47 | 000,000,798 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\1\Programs\Games\desktop.ini
[2010/12/09 16:50:50 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2004/08/11 19:45:02 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2005/11/17 23:25:47 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2005/11/17 23:25:47 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2005/11/17 23:25:46 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2005/11/17 23:25:47 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2005/11/17 23:25:47 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2010/12/16 14:20:10 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2004/08/11 19:45:02 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2011/04/19 16:13:38 | 000,001,491 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2010/12/02 09:58:02 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2004/09/08 19:08:45 | 000,001,101 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp deskjet 5550 series v5.5.2\printer assistant.lnk
[2004/09/08 19:12:25 | 000,000,828 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp deskjet 5550 series v5.5.2\release notes.lnk
[2004/09/08 19:12:25 | 000,001,073 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp deskjet 5550 series v5.5.2\taskbar icon.lnk
[2004/09/08 19:12:25 | 000,000,966 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp deskjet 5550 series v5.5.2\uninstall software.lnk
[2004/09/08 19:08:45 | 000,001,125 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp deskjet 5550 series v5.5.2\user's guide.lnk
[2004/09/08 19:12:45 | 000,000,956 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp print screen\Configuration.lnk
[2004/09/08 19:12:45 | 000,000,658 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp print screen\Uninstall.lnk
[2008/08/16 21:50:59 | 000,000,910 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Image Zone .lnk
[2008/08/16 21:47:26 | 000,000,916 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Product Assistant.lnk
[2008/08/16 21:47:58 | 000,001,884 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Software Tour.lnk
[2008/08/16 21:47:36 | 000,001,834 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Software Update.lnk
[2008/08/16 21:47:58 | 000,000,996 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Solution Center.lnk
[2008/08/16 21:52:57 | 000,001,131 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\About.lnk
[2008/08/16 21:52:58 | 000,001,858 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Photosmart Help.lnk
[2008/08/16 21:52:57 | 000,000,924 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Product Registration.lnk
[2008/08/16 21:52:57 | 000,000,972 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Product Support Website.lnk
[2008/08/16 21:52:58 | 000,001,119 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Readme.lnk
[2008/08/16 21:52:57 | 000,000,905 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Transfer Images.lnk
[2008/08/16 21:52:58 | 000,001,311 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Uninstall Devices.lnk
[2008/08/16 21:03:08 | 000,001,627 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart Camera\Image Transfer.lnk
[2008/08/16 21:03:08 | 000,000,689 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart Camera\Product Registration.lnk
[2008/08/16 21:03:08 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart Camera\Product Support Website.lnk
[2006/04/10 22:57:44 | 000,001,843 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\iPod Updater 2005-10-12\iPod Features Guide.lnk
[2006/04/10 22:57:35 | 000,001,797 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\iPod Updater 2005-10-12\iPod Help.lnk
[2006/04/10 22:57:44 | 000,001,868 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\iPod Updater 2005-10-12\iPod nano Features Guide.lnk
[2006/04/10 22:57:27 | 000,001,895 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\iPod Updater 2005-10-12\iPod Updater 2005-10-12.lnk
[2006/04/10 22:57:35 | 000,001,786 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\iPod Updater 2005-10-12\README.lnk
[2004/08/19 23:11:22 | 000,000,795 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\Previous Updaters\iPod Updater 2004-07-15\iPod Help.lnk
[2004/08/19 23:11:22 | 000,000,865 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\Previous Updaters\iPod Updater 2004-07-15\iPod Updater 2004-07-15.lnk
[2004/08/19 23:11:22 | 000,000,778 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\Previous Updaters\iPod Updater 2004-07-15\README.lnk
[2011/04/05 21:56:35 | 000,001,814 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2011/04/05 21:56:34 | 000,001,554 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2007/11/03 17:01:39 | 000,000,605 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Jodix\Free iPod Video Converter\Jodix Free iPod Video Converter on the Web.lnk
[2007/11/03 17:01:39 | 000,000,793 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Jodix\Free iPod Video Converter\Jodix Free iPod Video Converter.lnk
[2007/11/03 17:01:39 | 000,000,733 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Jodix\Free iPod Video Converter\Uninstall Jodix Free iPod Video Converter.lnk
[2010/07/14 03:05:15 | 000,002,549 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2003.lnk
[2011/05/07 21:31:13 | 000,002,507 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk
[2004/08/11 20:40:30 | 000,002,062 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office InfoPath 2003.lnk
[2006/04/16 03:11:13 | 000,002,599 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk
[2011/01/06 00:07:41 | 000,002,495 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk
[2005/09/14 21:50:24 | 000,002,455 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk
[2011/05/08 09:38:55 | 000,002,509 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2003.lnk
[2004/08/11 20:40:30 | 000,002,022 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2004/08/11 20:40:30 | 000,001,988 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2004/08/11 20:40:30 | 000,001,902 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk
[2004/08/11 20:40:30 | 000,001,908 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk
[2004/08/11 20:40:30 | 000,002,020 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk
[2004/08/11 20:40:30 | 000,001,876 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
[2004/08/11 20:40:30 | 000,002,140 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
[2004/08/11 20:40:30 | 000,002,142 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
[2011/01/16 22:12:35 | 000,002,423 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2010/08/11 07:23:43 | 000,001,636 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
[2010/08/11 07:23:43 | 000,001,614 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox.lnk
[2004/11/02 21:06:40 | 000,001,251 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero StartSmart.lnk
[2004/11/02 21:06:40 | 000,001,102 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero Burning ROM.lnk
[2004/11/02 21:06:40 | 000,000,959 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero Cover Designer.lnk
[2004/11/02 21:06:40 | 000,001,818 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero Express.lnk
[2004/11/02 21:06:40 | 000,000,924 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero ImageDrive.lnk
[2004/11/02 21:06:40 | 000,001,089 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero SoundTrax.lnk
[2004/11/02 21:06:40 | 000,000,972 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero Wave Editor.lnk
[2004/11/02 21:06:40 | 000,000,991 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero Toolkit\Nero CD-DVD Speed.lnk
[2004/11/02 21:06:40 | 000,001,042 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero Toolkit\Nero DriveSpeed.lnk
[2004/11/02 21:06:40 | 000,000,934 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero Toolkit\Nero InfoTool.lnk
[2005/02/08 21:54:57 | 000,000,703 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\OLYMPUS CAMEDIA\CAMEDIA Master Help.lnk
[2005/02/08 21:55:22 | 000,000,896 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\OLYMPUS CAMEDIA\CAMEDIA Master.lnk
[2005/02/08 21:54:57 | 000,000,669 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\OLYMPUS CAMEDIA\ReadMe.lnk
[2005/02/08 21:54:57 | 000,000,703 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\OLYMPUS CAMEDIA\Reference Manual.lnk
[2005/04/27 18:53:36 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Optimum Online\Optimum Online Manual.lnk
[2005/04/27 18:43:43 | 000,001,667 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Optimum Online\Optimum Online net guide.lnk
[2011/04/05 21:34:30 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2011/04/05 21:34:30 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2011/04/05 21:34:30 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2011/04/05 21:34:30 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2005/08/20 20:03:45 | 000,000,695 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Check for RealPlayer Update.lnk
[2005/08/20 20:03:42 | 000,000,581 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Help.lnk
[2005/08/20 20:03:44 | 000,000,679 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk
[2005/08/20 20:03:44 | 000,000,832 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk
[2005/08/20 20:03:44 | 000,000,851 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Subscription.lnk
[2005/08/20 20:03:42 | 000,000,733 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer.lnk
[2005/08/20 20:03:45 | 000,000,940 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Uninstall RealPlayer.lnk
[2007/11/03 17:20:30 | 000,000,699 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Red Kawa\Videora iPod Converter\Videora iPod Converter Uninstall.lnk
[2007/11/03 17:20:30 | 000,000,942 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Red Kawa\Videora iPod Converter\Videora iPod Converter Website.lnk
[2007/11/03 17:19:49 | 000,001,842 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Red Kawa\Videora iPod Converter\Videora iPod Converter.lnk
[2008/09/15 19:11:01 | 000,000,834 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\File Shredder.lnk
[2009/03/02 20:05:40 | 000,000,945 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
[2009/03/02 20:05:40 | 000,000,951 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Tutorial.lnk
[2004/08/11 20:18:47 | 000,000,961 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot - Search & Destroy.lnk
[2009/03/02 20:05:40 | 000,000,961 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
[2009/03/02 20:05:40 | 000,000,875 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk
[2008/08/18 18:53:00 | 000,001,757 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Startup\Adobe Reader Speed Launch.lnk
[2004/08/11 19:48:25 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\1\Programs\Startup\desktop.ini
[2008/08/16 21:49:25 | 000,001,808 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Startup\HP Digital Imaging Monitor.lnk
[2008/08/16 21:50:59 | 000,000,798 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Startup\HP Image Zone Fast Start.lnk
[2004/08/11 20:46:30 | 000,000,785 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Symantec Client Security\Symantec AntiVirus Client.lnk
[2004/08/11 21:37:25 | 000,000,685 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\Console RAR manual.lnk
[2004/08/11 21:37:25 | 000,000,704 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR help.lnk
[2004/08/11 21:37:25 | 000,000,704 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
[2004/08/11 20:29:12 | 000,000,628 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\2\AOL Instant Messenger.lnk
[2005/11/17 23:27:23 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\2\desktop.ini
[2010/05/30 09:08:43 | 000,000,815 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2004/08/11 20:24:01 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2007/06/04 18:46:09 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2008/08/18 18:53:01 | 000,001,740 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\4\Adobe Reader 7.0.lnk
[2011/04/05 21:56:34 | 000,001,542 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\4\iTunes.lnk
[2010/08/11 07:23:43 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
[2011/04/05 21:34:30 | 000,001,604 | ---- | M] () -- C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk
[2006/12/28 00:02:56 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\4\spybotsd14.exe
[2008/02/10 16:06:07 | 009,723,880 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\zac\Local Settings\Temp\smtmp\4\spybotsd152.exe
[2006/08/23 22:11:03 | 003,732,992 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Temporary Directory 1 for 06app_P1[1].zip\06app_P1.xls
[2010/08/27 13:10:43 | 000,312,320 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Temporary Directory 1 for Copy of SP10 Q2- HB HINDSIGHT.BATH&BODY.zip\SP10 Q2- HB HINDSIGHT.BATH&BODY.xls
[2010/09/13 22:03:13 | 026,811,509 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Temporary Directory 1 for latch-on-and-breastfeeding-instructional-video.mp4.zip\latch-on-and-breastfeeding-instructional-video.mp4
[2011/04/04 20:50:35 | 002,175,284 | R--- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Temporary Directory 1 for VID 00019-20110404-0907.3GP.zip\VID 00019-20110404-0907.3GP
[2011/04/04 17:50:06 | 002,175,284 | ---- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Temporary Directory 3 for VID 00019-20110404-0907.3GP.zip\VID 00019-20110404-0907.3GP
[2004/09/19 09:54:10 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini
[2011/05/27 10:49:15 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
[2011/05/18 23:31:42 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Temporary Internet Files\Content.IE5\2BL4YQKJ\desktop.ini
[2011/05/18 23:31:43 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Temporary Internet Files\Content.IE5\914KRVKD\desktop.ini
[2011/05/18 23:31:43 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Temporary Internet Files\Content.IE5\DYQWBKP5\desktop.ini
[2011/05/18 23:31:43 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\zac\Local Settings\Temp\Temporary Internet Files\Content.IE5\HMSFEN7I\desktop.ini

< End of report >

Attached File  Extras.Txt   49.17KB   1 downloads

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:46 PM

Posted 01 June 2011 - 08:38 PM

We need to restore the Start Menu.
  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Lets confirm the fix.

While in OTL, copy the lines in the quote below to the clipboard[/b] by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

%AllUsersProfile%\Start Menu\*.* /s
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\*.* /s
%AllUsersProfile%\Desktop\*.* /s

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Note: See if your desktop icons and start menu folders and links are visible.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 coolpapa20

coolpapa20
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 01 June 2011 - 09:09 PM

All worked well - except the computer didn't restart after Run Fix was clicked both times.

Here's the first report:
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Cisco AnyConnect VPN Client.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\HP Image Zone .lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\HP Solution Center.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Internet Service $9.95.url
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 7.0.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Streets & Trips.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\MSN Explorer.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\RealPlayer.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows Movie Maker.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Remote Desktop Connection.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Security Center.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AOL Instant Messenger\AOL Instant Messenger.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AOL Instant Messenger\License.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AOL Instant Messenger\Uninstall AOL Instant Messenger.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\AviSynth Documentation.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\AviSynth Online.url
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\Download Plugins.url
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\Example Scripts.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\License.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\AviSynth 2.5\Plugin Directory.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Cisco\Cisco AnyConnect VPN Client\Cisco AnyConnect VPN Client.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\'Convert Image To PDF' Manual online (Latest Information).lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Convert Image To PDF (Start Here).lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Example Conversion Jobs\Multiple Image Formates Convert To PDF.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Help\'Convert Image To PDF' FAQ.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Help\'Convert Image To PDF' Manual.HLP.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Help\'Convert Image To PDF' Manual.PDF.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Help\Additional Image Conversion Tools.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Convert Image To PDF\Help\License.DOC.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp deskjet 5550 series v5.5.2\printer assistant.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp deskjet 5550 series v5.5.2\release notes.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp deskjet 5550 series v5.5.2\taskbar icon.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp deskjet 5550 series v5.5.2\uninstall software.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp deskjet 5550 series v5.5.2\user's guide.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp print screen\Configuration.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Hewlett-Packard\hp print screen\Uninstall.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Image Zone .lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Product Assistant.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Software Tour.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Software Update.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Solution Center.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\About.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Photosmart Help.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Product Registration.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Product Support Website.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Readme.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Transfer Images.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart 8000 Series\Uninstall Devices.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart Camera\Image Transfer.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart Camera\Product Registration.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart Camera\Product Support Website.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\iPod Updater 2005-10-12\iPod Features Guide.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\iPod Updater 2005-10-12\iPod Help.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\iPod Updater 2005-10-12\iPod nano Features Guide.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\iPod Updater 2005-10-12\iPod Updater 2005-10-12.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\iPod Updater 2005-10-12\README.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\Previous Updaters\iPod Updater 2004-07-15\iPod Help.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\Previous Updaters\iPod Updater 2004-07-15\iPod Updater 2004-07-15.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iPod\Previous Updaters\iPod Updater 2004-07-15\README.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Jodix\Free iPod Video Converter\Jodix Free iPod Video Converter on the Web.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Jodix\Free iPod Video Converter\Jodix Free iPod Video Converter.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Jodix\Free iPod Video Converter\Uninstall Jodix Free iPod Video Converter.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2003.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office InfoPath 2003.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2003.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero StartSmart.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero Burning ROM.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero Cover Designer.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero Express.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero ImageDrive.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero SoundTrax.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero 6 Ultra Edition\Nero Wave Editor.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero Toolkit\Nero CD-DVD Speed.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero Toolkit\Nero DriveSpeed.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Nero\Nero Toolkit\Nero InfoTool.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\OLYMPUS CAMEDIA\CAMEDIA Master Help.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\OLYMPUS CAMEDIA\CAMEDIA Master.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\OLYMPUS CAMEDIA\ReadMe.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\OLYMPUS CAMEDIA\Reference Manual.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Optimum Online\Optimum Online Manual.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Optimum Online\Optimum Online net guide.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Check for RealPlayer Update.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Help.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Subscription.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Uninstall RealPlayer.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Red Kawa\Videora iPod Converter\Videora iPod Converter Uninstall.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Red Kawa\Videora iPod Converter\Videora iPod Converter Website.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Red Kawa\Videora iPod Converter\Videora iPod Converter.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\File Shredder.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Tutorial.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot - Search & Destroy.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Startup\Adobe Reader Speed Launch.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Startup\HP Digital Imaging Monitor.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Startup\HP Image Zone Fast Start.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\Symantec Client Security\Symantec AntiVirus Client.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\Console RAR manual.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR help.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
183 File(s) copied
C:\Documents and Settings\zac\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\zac\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\2\AOL Instant Messenger.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
5 File(s) copied
C:\Documents and Settings\zac\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\zac\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\4\Adobe Reader 7.0.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\4\iTunes.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\4\spybotsd14.exe
C:\DOCUME~1\zac\LOCALS~1\Temp\smtmp\4\spybotsd152.exe
6 File(s) copied
C:\Documents and Settings\zac\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\zac\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.23.0 log created on 06012011_215952


_____________________________________________________________________________________________________
Here's the second report

Error: Unable to interpret <%AllUsersProfile%\Start Menu\*.* /s> in the current context!
Error: Unable to interpret <%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\*.* /s> in the current context!
Error: Unable to interpret <%AllUsersProfile%\Desktop\*.* /s> in the current context!

OTL by OldTimer - Version 3.2.23.0 log created on 06012011_220514
_____________________________________________________________________________________________________

I can see all of my desktop icons and start menu folders. When I had the Windows Restore Malware a month ago I could not see them, but ran Malwarebytes and used BleepingComputer to fix that so the files would not be hidden.

Thanks again.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:46 PM

Posted 01 June 2011 - 09:19 PM

Lets clean the computer.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 coolpapa20

coolpapa20
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 01 June 2011 - 10:33 PM

Here's the Combofix report:

ComboFix 11-06-01.04 - zac 06/01/2011 22:56:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.700 [GMT -4:00]
Running from: c:\documents and settings\zac\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\zac\Application Data\Adobe\plugs
c:\documents and settings\zac\Application Data\Adobe\plugs\mmc317476812.txt
c:\documents and settings\zac\Application Data\Adobe\shed
c:\documents and settings\zac\Application Data\Adobe\shed\thr1.chm
c:\documents and settings\zac\Local Settings\Application Data\{9FA62893-F4FB-4A01-8395-95C4BEE0CBF8}
c:\documents and settings\zac\Local Settings\Application Data\{9FA62893-F4FB-4A01-8395-95C4BEE0CBF8}\chrome.manifest
c:\documents and settings\zac\Local Settings\Application Data\{9FA62893-F4FB-4A01-8395-95C4BEE0CBF8}\chrome\content\_cfg.js
c:\documents and settings\zac\Local Settings\Application Data\{9FA62893-F4FB-4A01-8395-95C4BEE0CBF8}\chrome\content\overlay.xul
c:\documents and settings\zac\Local Settings\Application Data\{9FA62893-F4FB-4A01-8395-95C4BEE0CBF8}\install.rdf
c:\program files\Shared\shARed.dll
c:\windows\msv1_0.dll
c:\windows\system32\449166.exe
c:\windows\system32\O.BAT
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 01:59 . 2011-06-02 01:59 -------- d-----w- C:\_OTL
2011-05-18 00:22 . 2011-05-18 00:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-05-14 23:51 . 2011-05-14 23:54 -------- dc-h--w- c:\windows\ie8
2011-05-14 23:40 . 2011-05-14 23:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-05-14 23:33 . 2011-05-14 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-05-14 23:33 . 2011-05-14 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-05-14 23:33 . 2011-05-14 23:33 -------- d-----w- c:\program files\McAfee Security Scan
2011-05-14 23:31 . 2011-05-15 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2011-05-14 23:31 . 2011-05-14 23:31 -------- d-----w- c:\program files\NOS
2011-05-14 19:11 . 2011-05-14 23:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 19:06 . 2011-05-14 19:06 -------- d-----w- c:\program files\Common Files\Java
2011-05-14 19:06 . 2011-05-14 19:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-14 18:54 . 2011-05-14 18:54 -------- d-----w- c:\documents and settings\zac\Local Settings\Application Data\Secunia PSI
2011-05-14 18:53 . 2011-05-14 18:53 -------- d-----w- c:\program files\Secunia
2011-05-14 00:03 . 2011-05-14 00:03 -------- d-----w- c:\documents and settings\dana\Application Data\Malwarebytes
2011-05-13 23:59 . 2011-05-13 23:59 -------- d-sh--w- c:\documents and settings\dana\PrivacIE
2011-05-13 23:57 . 2011-05-13 23:57 -------- d-sh--w- c:\documents and settings\dana\IETldCache
2011-05-13 01:17 . 2011-05-13 01:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-05-13 00:29 . 2011-05-13 00:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-05-13 00:23 . 2011-05-13 00:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-05-13 00:22 . 2011-05-13 00:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-12 23:55 . 2011-05-14 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\oL10600HlCdA10600
2011-05-11 02:58 . 2011-05-11 02:58 -------- d-----w- c:\documents and settings\zac\Application Data\Malwarebytes
2011-05-11 02:58 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-11 02:58 . 2011-05-11 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-11 02:58 . 2011-05-11 02:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-10 15:07 . 2011-05-10 15:07 0 ----a-w- c:\windows\Rqifetozunesey.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-14 19:06 . 2010-11-22 05:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Starfield Updater"="c:\program files\Starfield\StarfieldUpdate.exe" [2010-10-13 32960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MCCOMPONENTHOSTSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-06-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 02:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
FF - ProfilePath - c:\documents and settings\zac\Application Data\Mozilla\Firefox\Profiles\lrpshsia.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51192
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface
AddRemove-HijackThis - c:\docume~1\zac\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-01 23:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-01 23:14:27
ComboFix-quarantined-files.txt 2011-06-02 03:14
.
Pre-Run: 13,913,423,872 bytes free
Post-Run: 15,093,366,784 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3E96BF345DB585B068CD71DEB2F94EDF

Thanks again - and really hope this is making sense to you!
I've since learned that I'm going to have to download the latest MS service pack (3) and get a new antivirus (MS Security Essentials perhaps).

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:46 PM

Posted 02 June 2011 - 12:05 AM

Yes, you need to install an antivirus and upgrade to SP3. As an antivirus I recommend AVAST. Lets check for remnants:


Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


Please perform an online scan at ESET and let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 coolpapa20

coolpapa20
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 03 June 2011 - 05:28 AM

OK sorry it took a while to respond...the MBAM scan took about an hour. 1 file was detected.
See report below:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6756

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/2/2011 9:37:30 PM
mbam-log-2011-06-02 (21-37-30).txt

Scan type: Quick scan
Objects scanned: 175661
Time elapsed: 1 hour(s), 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\zac\2gweorjqjutp92vjy9gake (Malware.Trace) -> Quarantined and deleted successfully.

______________________________________________________________________________________________________________


ESET Scan
Firefox is my main browser, but I ran the scan from IE8 which has been the browser with the most problems in the past. This scan took an hour and 45 minutes and had the following results (42 Infected files):

C:\Documents and Settings\dana\Application Data\Sun\Java\Deployment\cache\6.0\62\60d9c47e-5bbf1985 a variant of Java/TrojanDownloader.OpenStream.NBV trojan cleaned by deleting - quarantined
C:\Documents and Settings\dana\Application Data\Sun\Java\Deployment\cache\6.0\62\60d9c47e-6fa136df a variant of Java/TrojanDownloader.OpenStream.NBV trojan cleaned by deleting - quarantined
C:\Documents and Settings\dana\Application Data\Sun\Java\Deployment\cache\6.0\63\58cce93f-151bb52f multiple threats deleted - quarantined
C:\Documents and Settings\zac\Application Data\Sun\Java\Deployment\cache\6.0\17\650a3e91-24dbeff5 a variant of Java/TrojanDownloader.OpenStream.NBV trojan cleaned by deleting - quarantined
C:\Documents and Settings\zac\Application Data\Sun\Java\Deployment\cache\6.0\17\650a3e91-3527a165 a variant of Java/TrojanDownloader.OpenStream.NBV trojan cleaned by deleting - quarantined
C:\Documents and Settings\zac\Application Data\Sun\Java\Deployment\cache\6.0\17\650a3e91-36e7d028 a variant of Java/TrojanDownloader.OpenStream.NBV trojan cleaned by deleting - quarantined
C:\Documents and Settings\zac\Application Data\Sun\Java\Deployment\cache\6.0\17\650a3e91-3ebb6802 a variant of Java/TrojanDownloader.OpenStream.NBV trojan cleaned by deleting - quarantined
C:\Documents and Settings\zac\Application Data\Sun\Java\Deployment\cache\6.0\17\650a3e91-5043f9a9 a variant of Java/TrojanDownloader.OpenStream.NBV trojan cleaned by deleting - quarantined
C:\Documents and Settings\zac\Application Data\Sun\Java\Deployment\cache\6.0\17\650a3e91-6761838a a variant of Java/TrojanDownloader.OpenStream.NBV trojan cleaned by deleting - quarantined
C:\Documents and Settings\zac\Application Data\Sun\Java\Deployment\cache\6.0\29\327dcc5d-4e030bcd multiple threats deleted - quarantined
C:\Documents and Settings\zac\Application Data\Sun\Java\Deployment\cache\6.0\42\691e80ea-1e7860dd multiple threats deleted - quarantined
C:\Documents and Settings\zac\Application Data\Sun\Java\Deployment\cache\6.0\5\528d6145-6f2c1fcb multiple threats deleted - quarantined
C:\Documents and Settings\zac\Application Data\Sun\Java\Deployment\cache\6.0\58\253adf3a-2a5b9fa6 Java/TrojanDownloader.OpenStream.NBV trojan deleted - quarantined
C:\Documents and Settings\zac\Application Data\Sun\Java\Deployment\cache\6.0\9\3c0ee589-5ac79131 Java/Agent.CH trojan deleted - quarantined
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application deleted - quarantined
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Win32/Adware.WBug.A application cleaned by deleting - quarantined
C:\Program Files\Shared\_shared.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Shared\shARed.dll.vir a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\msv1_0.dll.vir a variant of Win32/TrojanDownloader.Monkif.AD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2440\A0080316.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2441\A0080326.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2442\A0080338.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2447\A0080366.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2449\A0080377.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2450\A0080389.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2458\A0080962.dll Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2462\A0081007.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2463\A0081029.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2464\A0081040.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2466\A0081133.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2492\A0082056.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2492\A0082061.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2492\A0082062.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2492\A0082072.dll a variant of Win32/Kryptik.NOS trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2509\A0089296.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2509\A0089297.dll a variant of Win32/TrojanDownloader.Monkif.AD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2509\A0089381.EXE Win32/Adware.WBug.A application deleted - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2509\A0089382.dll Win32/Adware.WBug.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{4D08935D-8DE9-4C3C-9759-554F1A7D2AFE}\RP2509\A0089383.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\hjdckhmr.dll Win32/Adware.BHO.Sechee application cleaned by deleting - quarantined
C:\WINDOWS\system32\uahqfiwp.dll Win32/Adware.BHO.Sechee application cleaned by deleting - quarantined

Obviously a lot of stuff - likely built up from working with an expired antivirus for close to a year.
Thanks again

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:46 PM

Posted 03 June 2011 - 10:57 AM

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 coolpapa20

coolpapa20
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 03 June 2011 - 06:32 PM

So far so good...I bought a few thumb drives to save personal photos and documents before upgrading to SP3 (as microsoft recommends). Doing that tonight/overnight. Will check back in with you over the weekend after getting the system upgraded and the AVAST installed. I've appreciated all your help and will be sending a donation since you saved me from having to take the machine to a shop!

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:46 PM

Posted 03 June 2011 - 07:48 PM

Congratulations.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.
  • Rename Combofix to Uninstall and click on it. That should remove the application.

Launch OTL and click on the Cleanup button. Follow the prompts.

Manually remove any tool left.

Create a Restore point:
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:46 PM

Posted 12 September 2011 - 12:33 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users