Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unhide.exe Didn't Work


  • Please log in to reply
54 replies to this topic

#1 cait0312

cait0312

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 06 June 2011 - 12:51 PM

Hello,

I have a similar problem to that found at: http://www.bleepingcomputer.com/forums/topic396978.html

My Windows XP computer was infected with what I believe was the Windows Recovery virus, which I nelieve I removed using Malwarebytes. However, some icons on my desktop and everything in my "All Programs" was still either "Empty" or missing and I tried using unhide.exe to fix it. But, it didn't work.

If anyone could please help, I would be forever grateful.

Thanks,
Caitlin

Edited by Blade Zephon, 06 June 2011 - 12:55 PM.
Moved to AII for initial assistance. ~BZ


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 PM

Posted 06 June 2011 - 12:55 PM

Hello Caitlin and :welcome: to BleepingComputer!

Have you run any temp file cleaning utilities?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 cait0312

cait0312
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 06 June 2011 - 01:23 PM

Hello!

So far, I have just run rkill to stop the virus, Malwarebytes to (hopefully) delete the virus, and then, upon realizing that my files were "empty", I tried to run "unhide.exe" and then, when it seemed like unhide.exe didn't work, I ran exeHelper.com.

So far, that has been all.

I'm sorry, as I don't really know what "temp cleaning file utilities" are, although that probably means I didn't run any of them...

Thank you in advance for any help you can offer!

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 PM

Posted 06 June 2011 - 01:29 PM

If that's all you've run, then you have not.

Let me do a little research.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 PM

Posted 06 June 2011 - 01:48 PM

Hi Caitlin.

Let's run some scans to make sure you're completely clean here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

***************************************************

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.log" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and copy/paste its contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try unchecking the Devices box in addition to the others previously requested. Also, try running GMER in Safe Mode.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


~Blade


In your next reply, please include the following:
TDSSKiller Log
GMER Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 cait0312

cait0312
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 06 June 2011 - 02:17 PM

Okay. I ran both. Results below. Please let me know if it looks like I ran the programs incorrectly, or if they do not contain the info you need. Thank you!

TDSSKiller Log

2011/06/06 14:53:49.0375 5728 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/06 14:53:49.0906 5728 ================================================================================
2011/06/06 14:53:49.0906 5728 SystemInfo:
2011/06/06 14:53:49.0906 5728
2011/06/06 14:53:49.0906 5728 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/06 14:53:49.0906 5728 Product type: Workstation
2011/06/06 14:53:49.0906 5728 ComputerName: CAIT-LATITUDE
2011/06/06 14:53:49.0906 5728 UserName: Caitlin
2011/06/06 14:53:49.0906 5728 Windows directory: C:\WINDOWS
2011/06/06 14:53:49.0906 5728 System windows directory: C:\WINDOWS
2011/06/06 14:53:49.0906 5728 Processor architecture: Intel x86
2011/06/06 14:53:49.0906 5728 Number of processors: 2
2011/06/06 14:53:49.0906 5728 Page size: 0x1000
2011/06/06 14:53:49.0906 5728 Boot type: Normal boot
2011/06/06 14:53:49.0906 5728 ================================================================================
2011/06/06 14:53:52.0890 5728 Initialize success
2011/06/06 14:53:58.0265 2268 ================================================================================
2011/06/06 14:53:58.0265 2268 Scan started
2011/06/06 14:53:58.0265 2268 Mode: Manual;
2011/06/06 14:53:58.0265 2268 ================================================================================
2011/06/06 14:54:00.0000 2268 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/06 14:54:00.0140 2268 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/06 14:54:00.0187 2268 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/06 14:54:00.0234 2268 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/06 14:54:00.0296 2268 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/06 14:54:00.0406 2268 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/06 14:54:00.0453 2268 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/06 14:54:00.0546 2268 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/06 14:54:00.0609 2268 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/06 14:54:00.0859 2268 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/06 14:54:00.0968 2268 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/06 14:54:01.0046 2268 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/06 14:54:01.0109 2268 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/06 14:54:01.0140 2268 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/06 14:54:01.0171 2268 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/06 14:54:01.0203 2268 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/06/06 14:54:01.0281 2268 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/06/06 14:54:01.0359 2268 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/06 14:54:01.0437 2268 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/06 14:54:01.0562 2268 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/06 14:54:01.0609 2268 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/06 14:54:01.0671 2268 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/06 14:54:01.0718 2268 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/06 14:54:01.0843 2268 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/06 14:54:01.0875 2268 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/06 14:54:01.0953 2268 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/06 14:54:02.0062 2268 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/06/06 14:54:02.0234 2268 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/06 14:54:02.0328 2268 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/06 14:54:02.0484 2268 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/06 14:54:02.0500 2268 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/06 14:54:02.0562 2268 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/06 14:54:02.0687 2268 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/06 14:54:02.0750 2268 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/06 14:54:02.0796 2268 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/06 14:54:02.0859 2268 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/06 14:54:02.0890 2268 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/06 14:54:02.0906 2268 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/06 14:54:02.0937 2268 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/06 14:54:02.0984 2268 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/06 14:54:03.0015 2268 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/06 14:54:03.0078 2268 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/06 14:54:03.0140 2268 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/06 14:54:03.0296 2268 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/06 14:54:03.0328 2268 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/06 14:54:03.0375 2268 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/06 14:54:03.0453 2268 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/06 14:54:03.0500 2268 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/06 14:54:03.0578 2268 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
2011/06/06 14:54:03.0625 2268 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
2011/06/06 14:54:03.0687 2268 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/06 14:54:03.0859 2268 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/06 14:54:03.0937 2268 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/06 14:54:04.0078 2268 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/06 14:54:04.0125 2268 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/06 14:54:04.0156 2268 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/06 14:54:04.0203 2268 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/06 14:54:04.0250 2268 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/06 14:54:04.0281 2268 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/06 14:54:04.0328 2268 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/06 14:54:04.0375 2268 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/06 14:54:04.0421 2268 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/06 14:54:04.0468 2268 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
2011/06/06 14:54:04.0500 2268 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/06 14:54:04.0546 2268 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/06 14:54:04.0640 2268 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/06 14:54:04.0781 2268 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/06 14:54:05.0000 2268 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/06 14:54:05.0171 2268 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/06 14:54:05.0234 2268 HSFHWAZL (7290fb97535c317a237d4c73149c7e2c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/06 14:54:05.0375 2268 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/06 14:54:05.0609 2268 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/06 14:54:05.0750 2268 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/06 14:54:05.0812 2268 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/06 14:54:05.0921 2268 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/06 14:54:06.0718 2268 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/06 14:54:07.0953 2268 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/06 14:54:08.0015 2268 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/06 14:54:08.0062 2268 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/06 14:54:08.0109 2268 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/06 14:54:08.0156 2268 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/06 14:54:08.0218 2268 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/06 14:54:08.0265 2268 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/06 14:54:08.0328 2268 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/06 14:54:08.0531 2268 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/06 14:54:08.0703 2268 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/06 14:54:08.0859 2268 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/06 14:54:09.0000 2268 Kbdclass (fc2f37c33a9fb2e3391542c685cdf9ce) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/06 14:54:09.0171 2268 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/06 14:54:09.0281 2268 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/06 14:54:09.0437 2268 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/06/06 14:54:09.0546 2268 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/06/06 14:54:09.0734 2268 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/06 14:54:09.0796 2268 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/06 14:54:09.0875 2268 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/06 14:54:10.0046 2268 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/06 14:54:10.0125 2268 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/06 14:54:10.0171 2268 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/06 14:54:10.0265 2268 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/06 14:54:10.0625 2268 MpKsl49dfdca9 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C9CD9F8-4974-4909-BA93-328DA3C2663B}\MpKsl49dfdca9.sys
2011/06/06 14:54:10.0765 2268 MpKsl6ec14b7b (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C9CD9F8-4974-4909-BA93-328DA3C2663B}\MpKsl6ec14b7b.sys
2011/06/06 14:54:11.0140 2268 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/06 14:54:11.0218 2268 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/06 14:54:11.0312 2268 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/06 14:54:11.0375 2268 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/06 14:54:11.0406 2268 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/06 14:54:11.0468 2268 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/06 14:54:11.0515 2268 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/06 14:54:11.0562 2268 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/06 14:54:11.0671 2268 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/06 14:54:11.0796 2268 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110602.001\naveng.sys
2011/06/06 14:54:12.0000 2268 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110602.001\navex15.sys
2011/06/06 14:54:12.0250 2268 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/06 14:54:12.0281 2268 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/06 14:54:12.0312 2268 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/06 14:54:12.0375 2268 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/06 14:54:12.0437 2268 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/06 14:54:12.0468 2268 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/06 14:54:12.0531 2268 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/06 14:54:12.0640 2268 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/06 14:54:12.0671 2268 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/06 14:54:12.0703 2268 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/06 14:54:12.0875 2268 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/06 14:54:13.0046 2268 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/06 14:54:13.0140 2268 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/06 14:54:13.0187 2268 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/06 14:54:13.0281 2268 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/06 14:54:13.0375 2268 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/06 14:54:13.0421 2268 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/06 14:54:13.0500 2268 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/06 14:54:13.0578 2268 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
2011/06/06 14:54:13.0656 2268 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/06 14:54:13.0734 2268 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/06 14:54:13.0796 2268 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/06 14:54:14.0125 2268 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/06 14:54:14.0171 2268 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/06 14:54:14.0265 2268 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/06 14:54:14.0328 2268 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/06 14:54:14.0375 2268 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/06 14:54:14.0531 2268 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/06 14:54:14.0703 2268 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/06 14:54:14.0781 2268 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/06 14:54:14.0843 2268 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/06 14:54:14.0953 2268 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/06 14:54:15.0046 2268 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/06 14:54:15.0109 2268 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/06 14:54:15.0203 2268 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/06 14:54:15.0390 2268 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/06 14:54:15.0656 2268 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/06 14:54:15.0796 2268 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/06 14:54:15.0921 2268 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/06 14:54:15.0984 2268 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/06 14:54:16.0109 2268 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/06 14:54:16.0281 2268 SAVRT (cdb565c093b0105086cc630b32f9e6e6) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/06/06 14:54:16.0328 2268 SAVRTPEL (1042cb5a003f9aed8d6cec56a0fc6c49) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/06/06 14:54:16.0546 2268 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/06 14:54:16.0781 2268 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/06 14:54:17.0062 2268 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/06 14:54:17.0171 2268 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/06 14:54:17.0453 2268 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/06 14:54:17.0718 2268 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/06 14:54:18.0000 2268 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/06/06 14:54:18.0500 2268 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/06 14:54:18.0843 2268 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/06 14:54:19.0109 2268 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/06 14:54:19.0484 2268 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/06 14:54:19.0828 2268 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/06 14:54:20.0046 2268 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/06 14:54:20.0218 2268 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/06 14:54:20.0296 2268 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/06 14:54:20.0625 2268 SymEvent (3c6790d26d03fe5163e2bec490e51a7e) C:\Program Files\Symantec\SYMEVENT.SYS
2011/06/06 14:54:20.0843 2268 SYMREDRV (5314e345dfc068504cfb2676d3b2ca39) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/06/06 14:54:21.0109 2268 SYMTDI (8cd0a1478256240249b8ee88e6f25e94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/06/06 14:54:21.0187 2268 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/06 14:54:21.0234 2268 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/06 14:54:21.0296 2268 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/06 14:54:21.0453 2268 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/06 14:54:21.0562 2268 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/06 14:54:21.0671 2268 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/06 14:54:21.0750 2268 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/06 14:54:21.0796 2268 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/06 14:54:21.0843 2268 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/06 14:54:22.0000 2268 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/06 14:54:22.0109 2268 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/06 14:54:22.0234 2268 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/06 14:54:22.0296 2268 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/06 14:54:22.0328 2268 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/06 14:54:22.0390 2268 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/06 14:54:22.0421 2268 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/06 14:54:22.0468 2268 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/06 14:54:22.0546 2268 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/06 14:54:22.0671 2268 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/06 14:54:22.0718 2268 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/06 14:54:22.0781 2268 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/06 14:54:22.0906 2268 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/06 14:54:22.0937 2268 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/06 14:54:23.0000 2268 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/06 14:54:23.0062 2268 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
2011/06/06 14:54:23.0109 2268 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
2011/06/06 14:54:23.0187 2268 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/06 14:54:23.0390 2268 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/06 14:54:23.0531 2268 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/06 14:54:23.0640 2268 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/06 14:54:23.0765 2268 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/06 14:54:23.0812 2268 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/06 14:54:23.0890 2268 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/06 14:54:24.0328 2268 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR19
2011/06/06 14:54:24.0781 2268 ================================================================================
2011/06/06 14:54:24.0781 2268 Scan finished
2011/06/06 14:54:24.0781 2268 ================================================================================
2011/06/06 14:54:24.0796 4528 Detected object count: 0
2011/06/06 14:54:24.0796 4528 Actual detected object count: 0



GMER log:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-06 15:14:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e TOSHIBA_MK8051GSY rev.LD201D
Running: vf2p5ie1.exe; Driver: C:\DOCUME~1\Caitlin\LOCALS~1\Temp\awroqpob.sys


---- System - GMER 1.0.15 ----

SSDT 86B501D0 ZwAlertResumeThread
SSDT 86B27D80 ZwAlertThread
SSDT 86B5DDB8 ZwAllocateVirtualMemory
SSDT 86D560A8 ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF769087E]
SSDT 86ADC2C8 ZwCreateMutant
SSDT 86B37C38 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA398CC0]
SSDT 86B0DB50 ZwFreeVirtualMemory
SSDT 86B41A10 ZwImpersonateAnonymousToken
SSDT 86B36AF8 ZwImpersonateThread
SSDT 86BEB828 ZwMapViewOfSection
SSDT 86B54130 ZwOpenEvent
SSDT 86D0FAC8 ZwOpenProcessToken
SSDT 86B219B8 ZwOpenThreadToken
SSDT 86B4A168 ZwQueryValueKey
SSDT 86B47F00 ZwResumeThread
SSDT 86B55D80 ZwSetContextThread
SSDT 86B5BD80 ZwSetInformationProcess
SSDT 86B2B340 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA398F20]
SSDT 86B435A0 ZwSuspendProcess
SSDT 86B18520 ZwSuspendThread
SSDT 86B0A4B8 ZwTerminateProcess
SSDT 86AD8248 ZwTerminateThread
SSDT 86B5DD80 ZwUnmapViewOfSection
SSDT 86B219F0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? beeh.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2516] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\FileOpenWebPublisherScreenHookDriver \Device\FileOpenWebPublisherScreenHookDriver fowp32.sys

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device

#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 PM

Posted 06 June 2011 - 02:33 PM

Hi Caitlin. Looks like the programs ran fine. Apart from the missing programs in Start Menu, are you experiencing any unusual behavior such as search engine redirects when you use Google?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 cait0312

cait0312
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 06 June 2011 - 02:40 PM

Hi,

Since running all of the programs (I ran Malwarebytes twice - the first time it found the virus, and the second time, after deleting the virus and rebooting my computer, it found zero infections) I haven't experienced any weird behavior except for missing programs in the Start Menu, and, under "All Programs" most of those programs are also empty or missing.

Thanks,
Caitlin

#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 PM

Posted 06 June 2011 - 02:55 PM

Hi Caitlin.

Give us just a bit to work on something. You've got a pretty new problem which we're still figuring out. This is an aftereffect of the malware you had.

Myself or someone else on staff here will be back with you very shortly.

Thanks for your patience.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 cait0312

cait0312
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 06 June 2011 - 02:58 PM

Thank you!

I should note that, after running the unhide.exe, some of the programs (like Adobe Reader 9, and my Gmail Notifier, WERE present on the Startup Menu, but iTunes, and all of my Microsoft Office programs (Word, Excel, etc.) say "Empty."

Thanks,
Caitlin

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:53 PM

Posted 06 June 2011 - 05:51 PM

Hi Caitlin.

Thanks for your patience.

We're going to gather some more data to try and find what the problem is.

Please download the following file: http://download.bleepingcomputer.com/bats/permchk.zip

Once downloaded, right click on the file and select Extract. Follow the onscreen prompts.

Following extraction, double click on permchk.bat. A log file will appear shortly afterward; please post that log in your next reply.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 cait0312

cait0312
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 06 June 2011 - 06:05 PM

Thank you so much for your continued help!

I'm sorry my problem is such a mystery!

Here is the log you requested:

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
Folder: C:\Documents and Settings\Caitlin\Start Menu

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
CAIT-LATITUDE\Caitlin
Allowed Full Control This Folder/File Only (Inherited)
CAIT-LATITUDE\Caitlin
Allowed Special (Unknown) Subfolders and Files only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder/File Only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subfolders and Files only (Inherited)
CAIT-LATITUDE\Administrators
Allowed Full Control This Folder/File Only (Inherited)
CAIT-LATITUDE\Administrators
Allowed Special (Unknown) Subfolders and Files only (Inherited)

No Auditing set

Owner: Caitlin (CAIT-LATITUDE\Caitlin)


SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
Folder: C:\Documents and Settings\Caitlin\Start Menu\Programs

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
CAIT-LATITUDE\Caitlin
Allowed Full Control This Folder/File Only (Inherited)
CAIT-LATITUDE\Caitlin
Allowed Special (Unknown) Subfolders and Files only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder/File Only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subfolders and Files only (Inherited)
CAIT-LATITUDE\Administrators
Allowed Full Control This Folder/File Only (Inherited)
CAIT-LATITUDE\Administrators
Allowed Special (Unknown) Subfolders and Files only (Inherited)

No Auditing set

Owner: Caitlin (CAIT-LATITUDE\Caitlin)



SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
Folder: C:\DOCUME~1\Caitlin\LOCALS~1\Temp

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
CAIT-LATITUDE\Caitlin
Allowed Full Control This Folder/File Only (Inherited)
CAIT-LATITUDE\Caitlin
Allowed Special (Unknown) Subfolders and Files only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder/File Only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subfolders and Files only (Inherited)
CAIT-LATITUDE\Administrators
Allowed Full Control This Folder/File Only (Inherited)
CAIT-LATITUDE\Administrators
Allowed Special (Unknown) Subfolders and Files only (Inherited)

No Auditing set

Owner: Administrators (CAIT-LATITUDE\Administrators)

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:53 PM

Posted 07 June 2011 - 06:37 AM

Do me a favor and download the following batch file to your desktop. Then run it. When done a notepad will open. Please post the contents of that notepad as a reply to this topic:

http://download.bleepingcomputer.com/bats/smtmp.bat

#14 cait0312

cait0312
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 07 June 2011 - 07:49 AM

Good Morning!
Thanks for your continued help! Log posted below:


Volume in drive C has no label.
Volume Serial Number is B08A-745A

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp

06/06/2011 08:10 AM <DIR> .
06/06/2011 08:10 AM <DIR> ..
06/06/2011 08:10 AM <DIR> 1
06/06/2011 09:34 AM <DIR> 2
06/06/2011 08:10 AM <DIR> 4
0 File(s) 0 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1

06/06/2011 08:10 AM <DIR> .
06/06/2011 08:10 AM <DIR> ..
01/02/2009 01:55 PM 984 HP Solution Center.lnk
06/06/2011 08:10 AM <DIR> Programs
03/28/2010 10:49 AM 1,563 Set Program Access and Defaults.lnk
08/11/2004 07:15 PM 398 Windows Catalog.lnk
04/16/2010 05:56 PM 1,507 Windows Update.lnk
4 File(s) 4,452 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs

06/06/2011 08:10 AM <DIR> .
06/06/2011 08:10 AM <DIR> ..
06/06/2011 08:08 AM <DIR> Accessories
12/26/2008 10:46 PM 740 Acrobat.com.lnk
06/06/2011 08:08 AM <DIR> Administrative Tools
04/08/2011 08:08 PM 2,347 Adobe Reader 9.lnk
06/06/2011 08:08 AM <DIR> Amazon
12/26/2008 06:04 PM 1,830 Apple Software Update.lnk
06/06/2011 08:08 AM <DIR> ArcSoft Connect
06/06/2011 08:08 AM <DIR> ArcSoft Print Creations
06/06/2011 08:08 AM <DIR> Broadcom
06/06/2011 08:08 AM <DIR> Canon Utilities
06/06/2011 08:08 AM <DIR> Dell QuickSet
06/06/2011 08:08 AM <DIR> Dell Wireless
06/06/2011 08:08 AM <DIR> ExamSoft
06/06/2011 08:08 AM <DIR> Games
06/06/2011 08:08 AM <DIR> HP
06/06/2011 08:08 AM <DIR> iTunes
06/06/2011 08:08 AM <DIR> Juniper Networks
06/06/2011 08:08 AM <DIR> Lavasoft
06/06/2011 08:09 AM <DIR> Microsoft Office
01/26/2011 06:46 PM 1,680 Microsoft Security Essentials.lnk
06/06/2011 08:09 AM <DIR> Microsoft Silverlight
06/06/2011 08:09 AM <DIR> Modem Diagnostic Tool
05/20/2011 08:38 AM 730 Mozilla Firefox.lnk
08/11/2004 07:11 PM 1,890 MSN.lnk
06/06/2011 08:09 AM <DIR> NetWaiting
06/06/2011 08:09 AM <DIR> QuickTime
06/06/2011 08:09 AM <DIR> Real
06/06/2011 08:09 AM <DIR> Roxio DVDMAX Player
06/06/2011 08:10 AM <DIR> Security by Wave Systems
06/06/2011 08:10 AM <DIR> Spybot - Search & Destroy
06/06/2011 08:10 AM <DIR> Startup
06/06/2011 08:10 AM <DIR> Symantec Client Security
08/11/2004 07:13 PM 690 Windows Movie Maker.lnk
07/14/2010 03:43 PM 1,803 Windows Search.lnk
06/06/2011 08:10 AM <DIR> YouTube Downloader
8 File(s) 11,710 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Accessories

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
06/06/2011 08:08 AM <DIR> Accessibility
08/12/2009 06:18 PM 1,498 Calculator.lnk
06/06/2011 08:08 AM <DIR> Communications
06/06/2011 08:08 AM <DIR> Entertainment
06/06/2011 08:08 AM <DIR> Microsoft Interactive Training
07/15/2010 08:57 PM 1,515 Paint.lnk
03/17/2009 08:30 AM 1,585 Remote Desktop Connection.lnk
12/25/2009 03:08 PM 710 Scanner and Camera Wizard.lnk
06/06/2011 08:08 AM <DIR> System Tools
06/06/2011 08:08 AM <DIR> Windows PowerShell
08/11/2004 07:12 PM 783 WordPad.lnk
5 File(s) 6,091 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
08/11/2004 07:12 PM 1,424 Accessibility Wizard.lnk
1 File(s) 1,424 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
06/06/2011 08:08 AM <DIR> Fax
08/11/2004 07:12 PM 690 HyperTerminal.lnk
08/11/2004 07:11 PM 1,661 Network Connections.lnk
08/11/2004 07:13 PM 1,544 Network Setup Wizard.lnk
08/11/2004 07:11 PM 1,550 New Connection Wizard.lnk
03/17/2009 08:32 AM 1,656 Wireless Network Setup Wizard.lnk
5 File(s) 7,101 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
08/11/2004 07:11 PM 1,509 Fax Console.lnk
08/11/2004 07:11 PM 1,614 Fax Cover Page Editor.lnk
08/11/2004 07:11 PM 1,497 Send a Fax....lnk
3 File(s) 4,620 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
08/11/2004 07:12 PM 1,432 Sound Recorder.lnk
08/11/2004 07:12 PM 1,432 Volume Control.lnk
2 File(s) 2,864 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
08/11/2004 07:25 PM 707 Microsoft Interactive Training Help.lnk
08/11/2004 07:25 PM 800 Microsoft Interactive Training.lnk
2 File(s) 1,507 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
08/11/2004 07:15 PM 1,436 Backup.lnk
08/11/2004 07:12 PM 1,425 Character Map.lnk
08/11/2004 07:13 PM 1,436 Disk Cleanup.lnk
08/11/2004 07:13 PM 1,476 Disk Defragmenter.lnk
08/11/2004 07:15 PM 1,495 Files and Settings Transfer Wizard.lnk
08/11/2004 07:13 PM 1,657 Scheduled Tasks.lnk
08/11/2004 07:13 PM 974 System Information.lnk
08/11/2004 07:13 PM 1,520 System Restore.lnk
8 File(s) 11,419 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows PowerShell

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
07/14/2010 04:06 PM 2,011 Windows PowerShell ISE.lnk
07/14/2010 04:06 PM 2,081 Windows PowerShell.lnk
2 File(s) 4,092 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
08/11/2004 07:11 PM 1,486 Component Services.lnk
08/11/2004 07:15 PM 1,506 Computer Management.lnk
08/11/2004 07:15 PM 1,500 Data Sources (ODBC).lnk
08/11/2004 07:15 PM 1,496 Event Viewer.lnk
08/11/2004 07:15 PM 1,494 Local Security Policy.lnk
08/11/2004 07:22 PM 1,011 Microsoft .NET Framework 1.1 Configuration.lnk
08/11/2004 07:22 PM 1,062 Microsoft .NET Framework 1.1 Wizards.lnk
08/11/2004 07:15 PM 1,495 Performance.lnk
08/11/2004 07:15 PM 1,506 Services.lnk
9 File(s) 12,556 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Amazon

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Connect

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
12/28/2008 11:46 PM 1,996 Start ArcSoft Connect.lnk
12/28/2008 11:46 PM 2,020 View My ArcSoft Info.lnk
2 File(s) 4,016 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Print Creations

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
12/28/2008 11:46 PM 1,805 Album Page.lnk
12/28/2008 11:46 PM 1,803 Funhouse.lnk
12/28/2008 11:46 PM 1,801 Half-Fold Greeting Card.lnk
12/28/2008 11:46 PM 1,821 Photo Book.lnk
12/28/2008 11:46 PM 1,805 Photo Calendar.lnk
12/28/2008 11:46 PM 1,781 Print Creations.lnk
12/28/2008 11:46 PM 1,809 Quarter-Fold Greeting Card.lnk
12/28/2008 11:46 PM 1,807 Scrapbook.lnk
12/28/2008 11:46 PM 1,819 Slimline Card.lnk
12/05/2007 04:53 PM 67 Try Online.url
10 File(s) 16,318 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Broadcom

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
12/26/2008 05:44 PM 1,701 Broadcom Advanced Control Suite 2.lnk
12/26/2008 05:44 PM 1,759 Broadcom ASF Configuration.lnk
2 File(s) 3,460 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
06/06/2011 08:08 AM <DIR> CameraWindow
06/06/2011 08:08 AM <DIR> EOS Utility
06/06/2011 08:08 AM <DIR> MovieEdit Task
06/06/2011 08:08 AM <DIR> PhotoStitch
06/06/2011 08:08 AM <DIR> RAW Image Task
06/06/2011 08:08 AM <DIR> ZoomBrowser EX
06/06/2011 08:08 AM <DIR> ZoomBrowser EX Memory Card Utility
0 File(s) 0 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
06/06/2011 08:08 AM <DIR> CameraWindow
06/06/2011 08:08 AM <DIR> MyCamera
06/06/2011 08:08 AM <DIR> MyCamera DC
06/06/2011 08:08 AM <DIR> PowerShot - IXY - IXUS - DV 5
06/06/2011 08:08 AM <DIR> PowerShot - IXY - IXUS - DV 6
06/06/2011 08:08 AM <DIR> PowerShot - IXY - IXUS 7
06/06/2011 08:08 AM <DIR> RemoteCapture Task
0 File(s) 0 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindow

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 999 CameraWindow ReadMe.lnk
03/08/2009 09:34 PM 1,018 CameraWindow Uninstall.lnk
03/08/2009 09:34 PM 1,041 CameraWindow.lnk
3 File(s) 3,058 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\MyCamera

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 915 MyCamera Readme.lnk
03/08/2009 09:34 PM 994 MyCamera Uninstall.lnk
03/08/2009 09:34 PM 927 MyCamera.lnk
3 File(s) 2,836 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\MyCamera DC

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 998 MyCamera DC Uninstall.lnk
1 File(s) 998 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 5

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 964 CameraWindow DC_DV 5 Readme.lnk
03/08/2009 09:34 PM 1,008 CameraWindow DC_DV 5 Uninstall.lnk
2 File(s) 1,972 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 971 CameraWindow DC_DV 6 Readme.lnk
03/08/2009 09:34 PM 1,010 CameraWindow DC_DV 6 Uninstall.lnk
2 File(s) 1,981 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS 7

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 957 CameraWindow DC 7 Readme.lnk
03/08/2009 09:34 PM 1,006 CameraWindow DC 7 Uninstall.lnk
2 File(s) 1,963 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\RemoteCapture Task

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 1,018 RemoteCapture Task Uninstall.lnk
1 File(s) 1,018 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 723 EOS Utility Readme.lnk
03/08/2009 09:34 PM 968 EOS Utility Uninstall.lnk
03/08/2009 09:34 PM 750 EOS Utility.lnk
3 File(s) 2,441 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 931 MovieEdit Task Readme.lnk
03/08/2009 09:34 PM 1,088 MovieEdit Task Uninstall.lnk
2 File(s) 2,019 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 793 PhotoStitch Readme.lnk
03/08/2009 09:34 PM 968 PhotoStitch Uninstall.lnk
03/08/2009 09:34 PM 815 PhotoStitch.lnk
3 File(s) 2,576 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 974 RAW Image Task Uninstall.lnk
1 File(s) 974 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:33 PM 914 ZoomBrowser EX Readme.lnk
03/08/2009 09:33 PM 990 ZoomBrowser EX Uninstall.lnk
03/08/2009 09:33 PM 941 ZoomBrowser EX.lnk
3 File(s) 2,845 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX Memory Card Utility

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
03/08/2009 09:34 PM 982 Canon ZoomBrowser EX Memory Card Utility Uninstall.lnk
03/08/2009 09:34 PM 869 Canon ZoomBrowser EX Memory Card Utility.lnk
2 File(s) 1,851 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Dell QuickSet

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
12/26/2008 05:44 PM 527 QuickSet.lnk
1 File(s) 527 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Dell Wireless

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
12/26/2008 05:44 PM 1,726 Dell Wireless WLAN Card Readme.lnk
12/26/2008 05:44 PM 1,690 Dell Wireless WLAN Card Utility.lnk
2 File(s) 3,416 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\ExamSoft

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
06/06/2011 08:08 AM <DIR> SofTest
0 File(s) 0 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\ExamSoft\SofTest

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
05/19/2011 09:39 AM 1,754 SofTest Bar Edition.lnk
1 File(s) 1,754 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Games

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
08/11/2004 07:12 PM 1,426 Freecell.lnk
08/11/2004 07:12 PM 1,424 Hearts.lnk
01/05/2009 11:16 AM 913 Internet Backgammon.lnk
01/05/2009 11:16 AM 913 Internet Checkers.lnk
01/05/2009 11:16 AM 913 Internet Hearts.lnk
01/05/2009 11:16 AM 913 Internet Reversi.lnk
01/05/2009 11:16 AM 913 Internet Spades.lnk
08/11/2004 07:12 PM 1,419 Minesweeper.lnk
08/11/2004 07:12 PM 789 Pinball.lnk
08/11/2004 07:12 PM 1,395 Solitaire.lnk
08/11/2004 07:12 PM 1,406 Spider Solitaire.lnk
11 File(s) 12,424 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\HP

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
06/06/2011 08:08 AM <DIR> Deskjet D2600 Series
06/06/2011 08:08 AM <DIR> HP Deskjet 3900 series
01/02/2009 01:56 PM 735 HP Image Zone Express.lnk
01/02/2009 01:55 PM 916 HP Product Assistant.lnk
01/02/2009 01:55 PM 1,884 HP Software Tour.lnk
01/02/2009 01:55 PM 1,834 HP Software Update.lnk
01/02/2009 01:55 PM 996 HP Solution Center.lnk
5 File(s) 6,365 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\HP\Deskjet D2600 Series

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
04/17/2011 05:35 PM 996 Add A Device.lnk
04/17/2011 05:35 PM 904 Help.lnk
04/17/2011 05:35 PM 838 Product Registration.lnk
04/17/2011 05:35 PM 865 Product Support Website.lnk
04/17/2011 05:35 PM 956 Readme.lnk
04/17/2011 05:35 PM 1,223 Uninstall.lnk
6 File(s) 5,782 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Deskjet 3900 series

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
01/02/2009 01:54 PM 928 Product Support Website.lnk
01/02/2009 01:54 PM 961 Read Me.lnk
01/02/2009 01:54 PM 904 User's Guide.lnk
3 File(s) 2,793 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\iTunes

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
02/15/2011 01:27 AM 1,814 About iTunes.lnk
02/15/2011 01:27 AM 1,554 iTunes.lnk
2 File(s) 3,368 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Juniper Networks

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
06/06/2011 08:08 AM <DIR> Network Connect 6.5.0
0 File(s) 0 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Juniper Networks\Network Connect 6.5.0

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
07/14/2010 04:25 PM 1,004 NC Troubleshooting.lnk
07/14/2010 04:25 PM 998 Network Connect.lnk
07/14/2010 04:25 PM 963 Uninstall Network Connect.lnk
3 File(s) 2,965 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Lavasoft

06/06/2011 08:08 AM <DIR> .
06/06/2011 08:08 AM <DIR> ..
06/06/2011 08:09 AM <DIR> Ad-Aware
0 File(s) 0 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Lavasoft\Ad-Aware

06/06/2011 08:09 AM <DIR> .
06/06/2011 08:09 AM <DIR> ..
05/27/2011 08:52 AM 1,700 Ad-Aware Manual.lnk
05/27/2011 08:52 AM 1,786 Ad-Aware Update.lnk
05/27/2011 08:52 AM 815 Ad-Aware.lnk
05/27/2011 08:52 AM 1,824 Lavasoft Homepage.lnk
06/06/2011 08:09 AM <DIR> Toolbox
05/27/2011 08:52 AM 599 Uninstall Ad-Aware.lnk
5 File(s) 6,724 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Lavasoft\Ad-Aware\Toolbox

06/06/2011 08:09 AM <DIR> .
06/06/2011 08:09 AM <DIR> ..
05/27/2011 08:52 AM 1,629 ThreatWork.lnk
1 File(s) 1,629 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office

06/06/2011 08:09 AM <DIR> .
06/06/2011 08:09 AM <DIR> ..
07/14/2010 03:33 PM 2,549 Microsoft Office Access 2007.lnk
12/18/2010 08:09 PM 2,485 Microsoft Office Excel 2007.lnk
12/26/2008 08:29 PM 2,603 Microsoft Office Groove 2007.lnk
06/09/2010 11:27 PM 2,593 Microsoft Office InfoPath 2007.lnk
07/03/2010 08:45 AM 2,459 Microsoft Office OneNote 2007.lnk
12/26/2008 08:29 PM 2,599 Microsoft Office Outlook 2007.lnk
11/03/2010 04:56 PM 2,495 Microsoft Office PowerPoint 2007.lnk
12/26/2008 08:29 PM 2,517 Microsoft Office Publisher 2007.lnk
06/06/2011 08:09 AM <DIR> Microsoft Office Tools
06/02/2011 07:08 PM 2,527 Microsoft Office Word 2007.lnk
9 File(s) 22,827 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools

06/06/2011 08:09 AM <DIR> .
06/06/2011 08:09 AM <DIR> ..
12/26/2008 08:29 PM 2,553 Digital Certificate for VBA Projects.lnk
12/26/2008 08:29 PM 2,533 Microsoft Clip Organizer.lnk
12/26/2008 08:29 PM 2,433 Microsoft Office 2007 Language Settings.lnk
12/26/2008 08:29 PM 2,531 Microsoft Office Diagnostics.lnk
12/26/2008 08:29 PM 2,511 Microsoft Office Picture Manager.lnk
5 File(s) 12,561 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight

06/06/2011 08:09 AM <DIR> .
06/06/2011 08:09 AM <DIR> ..
04/21/2011 02:38 PM 1,986 Microsoft Silverlight.lnk
1 File(s) 1,986 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Modem Diagnostic Tool

06/06/2011 08:09 AM <DIR> .
06/06/2011 08:09 AM <DIR> ..
12/26/2008 05:43 PM 2,006 Modem Diagnostic Tool.lnk
1 File(s) 2,006 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\NetWaiting

06/06/2011 08:09 AM <DIR> .
06/06/2011 08:09 AM <DIR> ..
12/26/2008 05:44 PM 1,604 NetWaiting.lnk
1 File(s) 1,604 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\QuickTime

06/06/2011 08:09 AM <DIR> .
06/06/2011 08:09 AM <DIR> ..
02/15/2011 01:19 AM 1,802 About QuickTime.lnk
02/15/2011 01:19 AM 1,812 PictureViewer.lnk
02/15/2011 01:19 AM 1,802 QuickTime Player.lnk
02/15/2011 01:19 AM 1,639 Uninstall QuickTime.lnk
4 File(s) 7,055 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Real

06/06/2011 08:09 AM <DIR> .
06/06/2011 08:09 AM <DIR> ..
10/25/2010 03:35 PM 946 RealPlayer Converter.lnk
10/25/2010 03:34 PM 765 RealPlayer SP.lnk
10/25/2010 03:35 PM 888 RealPlayer Trimmer.lnk
3 File(s) 2,599 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Roxio DVDMAX Player

06/06/2011 08:09 AM <DIR> .
06/06/2011 08:09 AM <DIR> ..
08/08/2009 11:38 PM 1,446 Readme.lnk
08/08/2009 11:38 PM 1,832 Roxio DVDMAX Player Help.lnk
08/08/2009 11:38 PM 1,832 Roxio DVDMAX Player.lnk
08/08/2009 11:38 PM 1,730 System Diagnostic.lnk
08/08/2009 11:38 PM 1,731 Uninstall Roxio DVDMAX Player.lnk
5 File(s) 8,571 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Security by Wave Systems

06/06/2011 08:10 AM <DIR> .
06/06/2011 08:10 AM <DIR> ..
06/06/2011 08:10 AM <DIR> Advanced
12/26/2008 05:51 PM 2,052 Embassy Security Center Help.lnk
12/26/2008 05:51 PM 1,038 EMBASSY Security Center.lnk
12/26/2008 05:50 PM 2,027 Enroll Fingerprints.lnk
12/26/2008 05:45 PM 1,577 Getting Started with EMBASSY Trust Suite.lnk
12/26/2008 05:52 PM 1,056 Security Setup Wizard.lnk
5 File(s) 7,750 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Security by Wave Systems\Advanced

06/06/2011 08:10 AM <DIR> .
06/06/2011 08:10 AM <DIR> ..
06/06/2011 08:10 AM <DIR> Advanced Security Wizards
12/26/2008 05:51 PM 973 Document Manager Help.lnk
12/26/2008 05:51 PM 1,111 Document Manager.lnk
12/26/2008 05:47 PM 812 Embassy Trust Suite Readme.lnk
12/26/2008 05:51 PM 1,003 Private Information Manager Help.lnk
12/26/2008 05:51 PM 1,267 Private Information Manager.lnk
5 File(s) 5,166 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Security by Wave Systems\Advanced\Advanced Security Wizards

06/06/2011 08:10 AM <DIR> .
06/06/2011 08:10 AM <DIR> ..
12/26/2008 05:51 PM 910 802.1x Authentication Setup Wizard.lnk
12/26/2008 05:51 PM 900 Encrypting File System Wizard.lnk
12/26/2008 05:51 PM 910 Secure Email Wizard.lnk
3 File(s) 2,720 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy

06/06/2011 08:10 AM <DIR> .
06/06/2011 08:10 AM <DIR> ..
07/26/2010 09:07 AM 834 File Shredder.lnk
07/26/2010 09:07 AM 945 Spybot - Search & Destroy.lnk
07/26/2010 09:07 AM 951 Tutorial.lnk
07/26/2010 09:07 AM 961 Uninstall Spybot-S&D.lnk
07/26/2010 09:07 AM 875 Update Spybot-S&D.lnk
5 File(s) 4,566 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Startup

06/06/2011 08:10 AM <DIR> .
06/06/2011 08:10 AM <DIR> ..
07/14/2010 03:43 PM 1,787 Windows Search.lnk
1 File(s) 1,787 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\Symantec Client Security

06/06/2011 08:10 AM <DIR> .
06/06/2011 08:10 AM <DIR> ..
03/17/2009 11:09 AM 1,689 Symantec AntiVirus.lnk
1 File(s) 1,689 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\1\Programs\YouTube Downloader

06/06/2011 08:10 AM <DIR> .
06/06/2011 08:10 AM <DIR> ..
04/30/2011 05:32 PM 1,657 Uninstall.lnk
04/30/2011 05:32 PM 64 Web site.url
04/30/2011 05:32 PM 72 YouTube Downloader Help.url
04/30/2011 05:32 PM 1,713 YouTube Downloader.lnk
4 File(s) 3,506 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\2

06/06/2011 09:34 AM <DIR> .
06/06/2011 09:34 AM <DIR> ..
06/06/2011 09:02 AM 104 Internet.lnk
02/14/2011 11:52 PM 2,155 iTunes (2).lnk
10/20/2009 10:04 AM 2,149 iTunes (3).lnk
10/20/2009 10:22 PM 2,149 iTunes (4).lnk
10/16/2010 08:21 PM 2,155 iTunes (5).lnk
02/15/2011 02:11 AM 1,542 iTunes (6).lnk
02/16/2009 03:23 AM 2,155 iTunes.lnk
04/09/2010 12:37 AM 815 Launch Internet Explorer Browser.lnk
02/16/2009 04:31 PM 1,620 Mozilla Firefox.lnk
11/30/2010 01:18 PM 1,174 Shortcut to Show Desktop.lnk
08/11/2004 07:20 PM 79 Show Desktop.scf
08/08/2009 11:33 PM 800 Windows Media Player.lnk
12 File(s) 16,897 bytes

Directory of C:\DOCUME~1\Caitlin\LOCALS~1\Temp\smtmp\4

06/06/2011 08:10 AM <DIR> .
06/06/2011 08:10 AM <DIR> ..
05/27/2011 08:52 AM 797 Ad-Aware.lnk
04/08/2011 08:08 PM 1,729 Adobe Reader 9.lnk
02/15/2011 01:27 AM 1,542 iTunes.lnk
12/26/2008 05:30 PM 1,602 Mozilla Firefox.lnk
08/08/2009 11:38 PM 1,820 Roxio DVDMAX Player.lnk
05/19/2011 09:39 AM 1,736 SofTest Bar Edition.lnk
04/30/2011 05:32 PM 797 YouTube Downloader.lnk
03/08/2009 09:33 PM 923 ZoomBrowser EX.lnk
8 File(s) 10,946 bytes

Total Files Listed:
204 File(s) 280,145 bytes
185 Dir(s) 34,688,868,352 bytes free

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:53 PM

Posted 07 June 2011 - 08:25 AM

And unhide didnt restore any of your start menu programs?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users